I'm trying to set up a CouchDB 2.0 instance up on my CentOS 7 server. I've
got it installed and running as a systemd service and it responses with its
friendly hello world message when I access it from the server using
127.0.0.1 or 0.0.0.0
$ curl 127.0.0.1:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
$ curl 0.0.0.0:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache
Software Foundation"}}
in my local.ini file I've configed the bind_address to 0.0.0.0
[httpd]
bind_address = 0.0.0.0
My understanding was that if I had this bind address I could connect to
port 5984 from any ip address open in my firewall
I'm using firewalld for my firewall and I've configured it to open port
5984 This config is confirmed by listing the configuration of the public
zone:
$ sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: couchdb2 dhcpv6-client http https ssh
ports: 443/tcp 5984/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
I've also created a service called couchdb2 at
/etc/firewalld/services/couchdb2.xml with XML:
<service>
<short>couchdb2</short>
<description>CouchDB 2.0 Instance</description>
<port protocol="tcp" port="5984"/>
</service>
>From what I know about firewalld I should be able to receive connection on
5984 now
but when I curl from my laptop my connection is refused:
$ curl my-server:5984 --verbose
* Rebuilt URL to: my-server:5984/
* Trying <my-ip>...
* connect to <my-ip> port 5984 failed: Connection refused
* Failed to connect to my-server port 5984: Connection refused
* Closing connection 0
When I connect to the couchdb instance locally via either 127.0.0.1 or
0.0.0.0 I can see the 200 response in my couchdb log:
$ sudo journalctl -u couchdb2
...
[notice] 2017-06-06T00:35:01.159244Z couchdb@localhost <0.3328.0>
222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
[notice] 2017-06-06T00:37:21.819298Z couchdb@localhost <0.5598.0>
2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1
But when I curled from my laptop nothing shows up in the couchdb log for
the Connection Refused error.
I tried to figure out if firewalld was blocking the connection to CouchDB
by looking in the logs.I turned on logging by editing the FIREWALLD_ARGS at
/etc/sysconfig/firewalld
FIREWALLD_ARGS=--debug=10
I restart firewalld and confirm its running at debug level 10:
$ sudo systemctl status firewalld
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
vendor preset: enabled)
Active: active (running) since Tue 2017-06-13 16:41:26 EDT; 28min ago
Docs: man:firewalld(1)
Main PID: 25209 (firewalld)
CGroup: /system.slice/firewalld.service
└─25209 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid --debug=10
Then I curl from my laptop again, get a connection refused error, and look
at the logs:
$ tail -n 64 /var/log/firewalld
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('trusted')
2017-06-13 16:41:26 DEBUG1:
config.zone.8.GetAll('org.fedoraproject.FirewallD1.config.zone')
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('work')
2017-06-13 16:41:26
DEBUG1:config.GetAll('org.fedoraproject.FirewallD1.config')
These are config messages from when firewalld restarted. There's nothing
logged regarding the connection refused. I'm not sure if firewalld would
log a connection that passed through to CouchDB on 5984 or not. Maybe it
got through to CouchDB and this is a CouchDB issue?
To the best of my knowledge both CouchDB and firewalld are configured
correctly, but its not working like I expected. Any help would be
appreciated, whether you know the problem or whether you can just help me
discern if the problem is related to CouchDB or firewalld.
