HTTP and HTTPS you don’t need to forward those ports. If you notice you can browse the internet etc both on http and https just fine with out forwarding.
I have a few questions Is this a machine running on the home network correct? Also is this a VM in a machine that is running on your home network. Also what distribution is it and have you check if the firewall is enabled and maybe blocking the 5984 port? Regards, Jonathan -----Original Message----- From: Rene Veerman <seductivea...@gmail.com> Sent: Tuesday, 13 August 2019 06:45 To: user@couchdb.apache.org Subject: Re: running couchdb on a .app domain (https enforced) oh, just for the record : the only ports forwarded at my ADSL modem to the machine on the LAN that serves nicer.app, are regular HTTP (80), HTTPS (443 if i'm not mistaken) and 5984 for couchdb. On Tue, Aug 13, 2019 at 6:40 AM Joan Touzet <woh...@apache.org> wrote: > What output do you get for: > > curl --verbose http://localhost:5984/ > > curl --verbose https://localhost:5984/ > > Let's get that working first before we try and sort out whatever the > heck is going on with .app domains. > > -Joan > > On 2019-08-13 12:38 a.m., Rene Veerman wrote: > > and the log : > > > > root@albatross:/opt/couchdb/etc# rm /var/log/couchdb/couchdb.log > > root@albatross:/opt/couchdb/etc# service couchdb restart > > root@albatross:/opt/couchdb/etc# cat /var/log/couchdb/couchdb.log > > [info] 2019-08-13T04:30:19.782183Z couchdb@127.0.0.1 <0.9.0> > > -------- Application couch_log started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.784813Z couchdb@127.0.0.1 <0.9.0> > > -------- Application folsom started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.809271Z couchdb@127.0.0.1 <0.9.0> > > -------- Application couch_stats started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.809378Z couchdb@127.0.0.1 <0.9.0> > > -------- Application khash started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.813194Z couchdb@127.0.0.1 <0.9.0> > > -------- Application couch_event started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.813291Z couchdb@127.0.0.1 <0.9.0> > > -------- Application hyper started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.816832Z couchdb@127.0.0.1 <0.9.0> > > -------- Application ibrowse started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.819801Z couchdb@127.0.0.1 <0.9.0> > > -------- Application ioq started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.819931Z couchdb@127.0.0.1 <0.9.0> > > -------- Application mochiweb started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.824769Z couchdb@127.0.0.1 <0.212.0> > > -------- Apache CouchDB 2.3.1 is starting. > > > > [info] 2019-08-13T04:30:19.824829Z couchdb@127.0.0.1 <0.213.0> > > -------- Starting couch_sup [notice] 2019-08-13T04:30:19.830479Z > > couchdb@127.0.0.1 <0.96.0> -------- > > config: [features] pluggable-storage-engines set to true for reason > > nil [info] 2019-08-13T04:30:19.889337Z couchdb@127.0.0.1 <0.212.0> > > -------- Apache CouchDB has started. Time to relax. > > > > [info] 2019-08-13T04:30:19.889419Z couchdb@127.0.0.1 <0.212.0> > > -------- Apache CouchDB has started on http://127.0.0.1:5986/ [info] > > 2019-08-13T04:30:19.889518Z couchdb@127.0.0.1 <0.9.0> -------- > > Application couch started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.889624Z couchdb@127.0.0.1 <0.9.0> > > -------- Application ets_lru started on node 'couchdb@127.0.0.1' > > [notice] 2019-08-13T04:30:19.909310Z couchdb@127.0.0.1 <0.276.0> > -------- > > rexi_server : started servers > > [notice] 2019-08-13T04:30:19.911977Z couchdb@127.0.0.1 <0.280.0> > -------- > > rexi_buffer : started servers > > [info] 2019-08-13T04:30:19.912108Z couchdb@127.0.0.1 <0.9.0> > > -------- Application rexi started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.933416Z couchdb@127.0.0.1 <0.9.0> > > -------- Application mem3 started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.933443Z couchdb@127.0.0.1 <0.9.0> > > -------- Application fabric started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.943825Z couchdb@127.0.0.1 <0.9.0> > > -------- Application chttpd started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.950696Z couchdb@127.0.0.1 <0.9.0> > > -------- Application couch_index started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.950722Z couchdb@127.0.0.1 <0.9.0> > > -------- Application couch_mrview started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.950809Z couchdb@127.0.0.1 <0.9.0> > > -------- Application couch_plugins started on node 'couchdb@127.0.0.1' > > [notice] 2019-08-13T04:30:19.980249Z couchdb@127.0.0.1 <0.96.0> > > -------- > > config: [features] scheduler set to true for reason nil [info] > > 2019-08-13T04:30:19.990117Z couchdb@127.0.0.1 <0.9.0> -------- > > Application couch_replicator started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:19.994567Z couchdb@127.0.0.1 <0.9.0> > > -------- Application couch_peruser started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:20.001778Z couchdb@127.0.0.1 <0.9.0> > > -------- Application ddoc_cache started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:20.010320Z couchdb@127.0.0.1 <0.9.0> > > -------- Application global_changes started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:20.010341Z couchdb@127.0.0.1 <0.9.0> > > -------- Application jiffy started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:20.013833Z couchdb@127.0.0.1 <0.9.0> > > -------- Application mango started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:20.017261Z couchdb@127.0.0.1 <0.9.0> > > -------- Application setup started on node 'couchdb@127.0.0.1' > > [info] 2019-08-13T04:30:20.017321Z couchdb@127.0.0.1 <0.9.0> > > -------- Application snappy started on node 'couchdb@127.0.0.1' > > root@albatross:/opt/couchdb/etc# > > > > > > > > On Tue, Aug 13, 2019 at 6:38 AM Rene Veerman > > <seductivea...@gmail.com> > > wrote: > > > >> included below here is the log of restarting couchdb, it looks > completely > >> normal to me. > >> i've included it so others won't have to guess what's in it. > >> > >> and yeah, when i bought the .app domain, they didn't mention > >> enforced https. > >> but hey, lets just update the docs and make this simple, shall we? > >> coz it seems according to the article posted by Jonathan just now, > >> that this is an encroaching "problem". > >> > >> and probably a non-problem for someone skilled at crypto setups on > ubuntu. > >> > >> ehm, i'm hesitant to try out the lets encrypt service ( > >> https://letsencrypt.org/getting-started/ ), because i fear Google > >> would enforce somehow, with another cryptic > browser > >> error, > >> that i use the same certificate as for regular https traffic to > >> apache > on > >> the same machine. > >> > >> and since my primary use for couchdb is AJAX access from the > >> browser > with > >> a javascript plugin, > >> this could be a real stubborn problem if i try letsencrypt. > >> > >> i may try it out later, ok... > >> i wanna get some coding work done too today. > >> > >> On Tue, Aug 13, 2019 at 6:25 AM Jonathan Aquilina < > jaquil...@eagleeyet.net> > >> wrote: > >> > >>> Also have you tried to use a lets encrypt free SSL certificate? > >>> > >>> > >>> -----Original Message----- > >>> From: Rene Veerman <seductivea...@gmail.com> > >>> Sent: Tuesday, 13 August 2019 06:13 > >>> To: user@couchdb.apache.org > >>> Subject: Re: running couchdb on a .app domain (https enforced) > >>> > >>> ok, i followed your instructions to the letter, Joan. > >>> > >>> and with a self-signed key, i'm now stuck at > >>> ERR_CONNECTION_REFUSED > when > >>> connecting to the domain name. > >>> and i'm getting the same error when trying to connect to > localhost:5984, > >>> and even to 127.0.0.1, same error. > >>> > >>> could it be that Google (who run the .app TLD) enforces a real > >>> certificate? > >>> like the one i used on regular apache on the same machine? > >>> > >>> problem is, i can't find any step by step guide to get me to that > >>> key_file, cert_file, cacert_file setup... :( > >>> > >>> and anyone who's not an expert at this sorta thing is probably > >>> going to run into the same problems. > >>> > >>> a couchdb installer that fails to ask for the simple files > >>> provided by domain registrars (where you buy the certificate for a > >>> .app domain) > that > >>> are also fed to the regular apache daemon to make regular https to > >>> the webserver work. > >>> > >>> normally you'd google yourself through that, like i did with > >>> apache itself, but here the online documentation is also quite lacking. > >>> > >>> i don't want to look a gift horse in the mouth of course, i'm a > >>> programmer myself, and i hate documentation work like the next > >>> guy, > but in > >>> this case, couchdb programmers, we could use at least a simple > >>> setup article (mentioned in the documentation, website, and > >>> installer for > couch), > >>> and then later or even straight away, that input request in the > >>> couchdb installer. > >>> > >>> it sucks to have to remember the ins and outs of a OS sub system > >>> just > to > >>> get it to work, and then go through the same difficult process of > finding > >>> the right settings, > >>> > >>> when you need to re-install a machine a few months or years later. > >>> > >>> anyways, > >>> thanks for the help so far, people. > >>> > >>> but i'm still stuck, and would love some more good simple pointers. > >>> > >>> > >>> On Mon, Aug 12, 2019 at 7:48 PM Joan Touzet <woh...@apache.org> wrote: > >>> > >>>> CouchDB with SSL has 2 ports for general access: 5984, and 6984. > >>>> > >>>> 5984 is the insecure http version of the port. You can't turn it > >>>> off easily in CouchDB 2.3.1, but you can change what port it > >>>> appears at. I recommend firewalling access to this port immediately. > >>>> > >>>> If you enable SSL, that'll be on port 6984 by default. You may > >>>> have changed it to port 7984. That's the one you want the world > >>>> to see. It shares the same address binding as the insecure 5984 > >>>> port, so you must bind both to 0.0.0.0 to see this externally. > >>>> > >>>> Do *not* change the settings for the administrative port (5986). > >>>> Leave this bound only to 127.0.0.1. > >>>> > >>>> Since you're having so much trouble, I'll write up the settings > >>>> you need. The following has: > >>>> > >>>> * Standard (http) port bound to 0.0.0.0:1234 (*firewall this*!!) > >>>> * SSL (https) port bound to 0.0.0.0:5984 (this is the one you > >>>> want) > >>>> * Administrative port bound only to 127.0.0.1:5986 > >>>> * **BE SURE TO RESTORE THE ORIGINAL DEFAULT.INI FILE WE SHIP > >>>> FIRST.** > >>>> > >>>> After changing this file, kill all running CouchDB processes, > >>>> then restart CouchDB. > >>>> > >>>> ``` > >>>> [chttpd] > >>>> port = 1234 > >>>> bind_address = 0.0.0.0 > >>>> > >>>> [httpd] > >>>> port = 5986 > >>>> bind_address = 127.0.0.1 > >>>> > >>>> [ssl] > >>>> port = 5984 > >>>> key_file = YOUR PATH HERE > >>>> cert_file = YOUR CERT HERE > >>>> cacert_file = YOUR CACERT HERE > >>>> ``` > >>>> > >>>> > >>>> > >>>> On 2019-08-12 8:18, Adam Kocoloski wrote: > >>>>> This means something else is already listening on one of the > >>>>> ports that > >>>> CouchDB is trying to use. > >>>>> > >>>>> Adam > >>>>> > >>>>>> On Aug 12, 2019, at 3:24 AM, Rene Veerman > >>>>>> <seductivea...@gmail.com> > >>>> wrote: > >>>>>> > >>>>>> eaddrinuse > >>>>> > >>>> > >>>> > >>> > >> > > >
