I have an install of couchDB, and somewhere along the line, a malformed request via CURL has my admin accound with a password that I don't know. Short of setting up another Couch server, then replicating to it and vice versa after a reinstall, is there anything I can do? I have edited local.ini, I deleted it. I replaced it with the one from the source folder. I restart not only couch but the entire server after every change because nothing seems to work. Anyone else run into this?
CouchDB administrator password reset
couchdbdatabase-administrationpermissions
Related Solutions
So, here are the answers in case anyone comes across this in their own journey:
When you're setting SSL up in node, especially with SPDY, it asks for:
var options = {
key: fs.readFileSync(__dirname + '/keys/spdy-key.pem'),
cert: fs.readFileSync(__dirname + '/keys/spdy-cert.pem'),
ca: fs.readFileSync(__dirname + '/keys/spdy-ca.pem'),
};
It seems that you can use the csr (certificate signing request) as the ca in the SSL setup for self-signed certificates. However, doing that on a production server, means that the certificate chain has problems (the certificate you bought, like RapidSSL, is chained to a lower-level certificate, like GeoTrust. The chain needs to go all the way back since GeoTrust is the one trusted by the browser.) If you don't do the ca file (intermediate certificate file) it's ok in most cases - it'll say that the chain is broken in https://www.ssllabs.com/ssltest but the browsers didn't seem to care. But the correct way is to put the intermediate certificate in the ca spot.
As for node and couch, the problem definitely was permissions. I added couchdb user to the deploy usergroup but since the permissions on the key files are 600, the group still doesn't have access. In my case, I just created a self-signed certificate specially for couchDB.
That means that I have to tell node to trust it by using this config flag:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
So now couch and node talk and use SSL.
As for some of the other questions:
Basic openssl usage seems to work fine with couchdb, so no issues with certain certificate types or anything like that I've come across
I cannot seem to turn on certificate verification for couch in this setup. I just get
SSL: hello: tls_handshake.erl:285:Fatal error: internal error
So leaving that set to false works
It seems that you can safely remove the http server from couchdb's couch.uri file (found at /var/run/couchdb/couch.uri) and just have the https one.
Hope this helps someone out,
Paul
The answer lies in the init script that comes along with the default ubuntu package.
/etc/init.d/couchdb starting in Line 83
start_couchdb () {
# Start Apache CouchDB as a background process.
mkdir -p "$RUN_DIR"
if test -n "$COUCHDB_USER"; then
chown $COUCHDB_USER "$RUN_DIR"
fi
command="$COUCHDB -b"
if test -n "$COUCHDB_STDOUT_FILE"; then
command="$command -o $COUCHDB_STDOUT_FILE"
fi
if test -n "$COUCHDB_STDERR_FILE"; then
command="$command -e $COUCHDB_STDERR_FILE"
fi
if test -n "$COUCHDB_RESPAWN_TIMEOUT"; then
command="$command -r $COUCHDB_RESPAWN_TIMEOUT"
fi
run_command "$command" > /dev/null
}
I got myself the official ubuntu 15.10 vagrant box and installed the couchdb package, then edited /etc/couchdb/local.ini to bind the httpd to a different IP Adress and restarted the couchdb service via /etc/init.d/couchdb restart
Everything worked fine for me.
TL;DR use the init script /etc/init.d/couchdb to start/stop and restart couchdb
Best Answer
Ignore this question. For some reason, on the eight-thousandth iteration of doing the same thing, it randomly worked.