Firewalld seems to be blocking connecting to the CouchDB 2.0

I'm trying to set up a CouchDB 2.0 instance up on my CentOS 7 server. I've got it installed and running as a systemd service and it responses with its friendly hello world message when I access it from the server using 127.0.0.1 or 0.0.0.0

$ curl 127.0.0.1:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache 
Software Foundation"}}
$ curl 0.0.0.0:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache 
Software Foundation"}}

in my local.ini file I've configed the bind_address to 0.0.0.0

[httpd]
bind_address = 0.0.0.0

My understanding was that if I had this bind address I could connect to port 5984 from any ip address open in my firewall

I'm using firewalld for my firewall and I've configured it to open port 5984 This config is confirmed by listing the configuration of the public zone:

$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: couchdb2 dhcpv6-client http https ssh
  ports: 443/tcp 5984/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules:

I've also created a service called couchdb2 at /etc/firewalld/services/couchdb2.xml with XML:

<service>
  <short>couchdb2</short>
  <description>CouchDB 2.0 Instance</description>
  <port protocol="tcp" port="5984"/>
</service>

From what I know about firewalld I should be able to receive connection on 5984 now

but when I curl from my laptop my connection is refused:

$ curl my-server:5984 --verbose
* Rebuilt URL to: my-server:5984/
*   Trying <my-ip>...
* connect to <my-ip> port 5984 failed: Connection refused
* Failed to connect to my-server port 5984: Connection refused
* Closing connection 0

When I connect to the couchdb instance locally via either 127.0.0.1 or
0.0.0.0 I can see the 200 response in my couchdb log:

$ sudo journalctl -u couchdb2
...
[notice] 2017-06-06T00:35:01.159244Z couchdb@localhost <0.3328.0> 
222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
[notice] 2017-06-06T00:37:21.819298Z couchdb@localhost <0.5598.0> 
2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1

But when I curled from my laptop nothing shows up in the couchdb log for the Connection Refused error This suggests to me that the problem may be the firewall and not CouchDB but I'm not sure about that. Is Connection Refused always the firewall? Would I be getting some other error if this where the CouchDB instance having a problem?

I tried to answer that question myself by looking at the firewalld logs.
I turned on logging by editing the FIREWALLD_ARGS at /etc/sysconfig/firewalld

FIREWALLD_ARGS=--debug=10

I restart firewalld and confirm its running at debug level 10:

$ sudo systemctl status firewalld
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; 
vendor preset: enabled)
   Active: active (running) since Tue 2017-06-13 16:41:26 EDT; 28min ago
     Docs: man:firewalld(1)
 Main PID: 25209 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─25209 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid --debug=10

Then I curl from my laptop again, get a connection refused error, and look at the logs:

$ tail -n 64 /var/log/firewalld
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('trusted')
2017-06-13 16:41:26 DEBUG1: 
config.zone.8.GetAll('org.fedoraproject.FirewallD1.config.zone')
2017-06-13 16:41:26 DEBUG1: config.ZoneAdded('work')
2017-06-13 16:41:26 
DEBUG1:config.GetAll('org.fedoraproject.FirewallD1.config')

These are config messages from when firewalld restarted. There's nothing logged regarding the connection refused. I'm not sure if firewalld would log a connection that passed through to CouchDB on 5984 or not. Maybe it got through to CouchDB and this is a CouchDB issue?

To the best of my knowledge both CouchDB and firewalld are configured correctly, but its not working like I expected. Any help would be appreciated, whether you know the problem or whether you can just help me discern if the problem is related to CouchDB or firewalld.