我目前正在尝试使用 SSL 证书启动并运行 CouchDb 安装。我的配置如下:
[ssl]
port = 6984
enable = true
cert_file = /ssl/bws2020.crt
key_file = /ssl/bws2020.key
;password = N3sHfhgV4
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
;fail_if_no_peer_cert = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
;ssl_certificate_max_depth = 1
重新启动 CouchDb 实例后,我仍然可以通过常规 HTTP 访问该服务,但当我尝试使用 HTTPS 时,它会永远加载。如果我打开日志文件,我会找到以下条目:
2020-04-22T09:02:52Z couchdb.server[55847]: [error] 2020-04-22T09:02:52.403204Z [email protected] <0.29802.2065> -------- application: mochiweb, "Accept failed error", "{error,{options,{certfile,\"/ssl/bws2020.crt\",{error,enoent}}}}"
2020-04-22T09:02:52Z couchdb.server[55847]: [error] 2020-04-22T09:02:52.404265Z [email protected] <0.29802.2065> -------- CRASH REPORT Process (<0.29802.2065>) with 0 neighbors exited with reason: {error,accept_failed} at mochiweb_acceptor:init/4(line:75) <= proc_lib:init_p_do_apply/3(line:247); initial_call: {mochiweb_acceptor,init,['Argument__1','Argument__2',...]}, ancestors: [https,couch_secondary_services,couch_sup,<0.212.0>], messages: [], links: [<0.261.0>], dictionary: [], trap_exit: false, status: running, heap_size: 1598, stack_size: 27, reductions: 1041
2020-04-22T09:02:52Z couchdb.server[55847]: [error] 2020-04-22T09:02:52.414818Z [email protected] <0.30525.2065> -------- application: mochiweb, "Accept failed error", "{error,{options,{certfile,\"/ssl/bws2020.crt\",{error,enoent}}}}"
2020-04-22T09:02:52Z couchdb.server[55847]: [error] 2020-04-22T09:02:52.415121Z [email protected] <0.30525.2065> -------- CRASH REPORT Process (<0.30525.2065>) with 0 neighbors exited with reason: {error,accept_failed} at mochiweb_acceptor:init/4(line:75) <= proc_lib:init_p_do_apply/3(line:247); initial_call: {mochiweb_acceptor,init,['Argument__1','Argument__2',...]}, ancestors: [https,couch_secondary_services,couch_sup,<0.212.0>], messages: [], links: [<0.261.0>], dictionary: [], trap_exit: false, status: running, heap_size: 1598, stack_size: 27, reductions: 1041
如果我正确理解了日志,这意味着它找不到证书文件。但是我多次验证了路径,甚至将证书和密钥文件 chmod 为 777,但问题仍然存在。
我们在 Ubuntu Server 18.04 上使用 CouchDb 2.3.1。
有人能帮助我了解导致此错误的原因吗?
/ssl 文件夹如下所示:
root@couchdb-s1:~# ls -la /ssl
total 28
drwxrwxrwx 2 root root 4096 Apr 23 09:13 .
drwxr-xr-x 24 root root 4096 Apr 29 06:09 ..
-rwxrwxrwx 1 root root 2618 Mar 10 12:12 bws2020.crt
-rwxrwxrwx 1 root root 2108 Mar 10 12:12 bws2020.key
-rwxrwxrwx 1 root root 1310 Apr 23 09:13 self.crt
-rw-r--r-- 1 root root 1050 Apr 23 09:13 self.csr
-rwxrwxrwx 1 root root 1675 Apr 23 09:09 self.key