我正在尝试将我的电脑中的相同环境(ubuntu 12.10)复制到aws ec2(ubuntu 12.04)。
所以我执行了以下命令:
# openssl genrsa -out localhost.key 2048
# openssl req -new -x509 -key localhost.key -out localhost.crt -days 3650 -subj /CN=localhost
之后,我将local.ini配置如下:(确保从couchdb用户可以访问这些证书文件):
[daemons]
httpsd = {couch_httpd, start_link, [https]}
[ssl]
cert_file = /opt/couchdb/etc/cert/localhost.crt
key_file = /opt/couchdb/etc/cert/localhost.key
当我在我的电脑上运行此命令时,这很好用,
curl -v -k https://localhost:6984/
但是在aws ec2我得到了以下错误:
* About to connect() to localhost port 6984 (#0)
* Trying 127.0.0.1... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:6984
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:6984
沙发日志:
Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.3024.1>] {error_report,<0.61.0>,
{<0.3024.1>,std_error,
[83,83,76,58,32,"1095",58,32,"error",58,
[123,
["try_clause",44,
[123,["error",44,"eacces"],125]],
125],
32,
"/usr/local/etc/couchdb/cert/localhost.crt",
"\n",32,32,
[91,
[[123,
["ssl_manager",44,"cache_pem_file",44,
"2"],
125],
44,10," ",
[123,
["ssl_certificate",44,
"file_to_certificats",44,"2"],
125],
44,10," ",
[123,
["ssl_connection",44,
"init_certificates",44,"6"],
125],
44,10," ",
[123,
["ssl_connection",44,"ssl_init",44,
"2"],
125],
44,10," ",
[123,
["ssl_connection",44,"init",44,"1"],
125],
44,10," ",
[123,
["gen_fsm",44,"init_it",44,"6"],
125],
44,10," ",
[123,
["proc_lib",44,"init_p_do_apply",44,
"3"],
125]],
93],
"\n"]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.3024.1>] {error_report,<0.61.0>,
{<0.3024.1>,crash_report,
[[{initial_call,
{ssl_connection,init,['Argument__1']}},
{pid,<0.3024.1>},
{registered_name,[]},
{error_info,
{exit,ecertfile,
[{gen_fsm,init_it,6},
{proc_lib,init_p_do_apply,3}]}},
{ancestors,[ssl_connection_sup,ssl_sup,<0.62.0>]},
{messages,[]},
{links,[<0.66.0>]},
{dictionary,[]},
{trap_exit,false},
{status,running},
{heap_size,2584},
{stack_size,24},
{reductions,1532}],
[]]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.66.0>] {error_report,<0.61.0>,
{<0.66.0>,supervisor_report,
[{supervisor,{local,ssl_connection_sup}},
{errorContext,child_terminated},
{reason,ecertfile},
{offender,
[{pid,<0.3024.1>},
{name,undefined},
{mfargs,{ssl_connection,start_link,undefined}},
{restart_type,temporary},
{shutdown,4000},
{child_type,worker}]}]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.349.1>] {error_report,<0.31.0>,
{<0.349.1>,std_error,
[{application,mochiweb},
"Accept failed error",
"{error,ecertfile}"]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.349.1>] {error_report,<0.31.0>,
{<0.349.1>,crash_report,
[[{initial_call,
{mochiweb_acceptor,init,
['Argument__1','Argument__2',
'Argument__3']}},
{pid,<0.349.1>},
{registered_name,[]},
{error_info,
{exit,
{error,accept_failed},
[{mochiweb_acceptor,init,3},
{proc_lib,init_p_do_apply,3}]}},
{ancestors,
[https,couch_secondary_services,
couch_server_sup,<0.32.0>]},
{messages,[]},
{links,[<0.2106.0>,#Port<0.3554>]},
{dictionary,[]},
{trap_exit,false},
{status,running},
{heap_size,987},
{stack_size,24},
{reductions,225918}],
[]]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.2106.0>] {error_report,<0.31.0>,
{<0.2106.0>,std_error,
{mochiweb_socket_server,310,
{acceptor_error,{error,accept_failed}}}}}
那么,请问如何解决这个问题?
更新:重要的是要说 mochiweb无权访问我的证书的原因是我运行了couchdb root
用户不是来自 couchdb
用户。
所以,每次都要确保您使用COUCHDB用户运行您的程序
sudo -i -u couchdb couchdb
答案 0 :(得分:3)
随着更新的问题。 CouchDB无法访问证书。要么是因为文件丢失,要么CouchDB没有文件权限。
答案 1 :(得分:2)
另请注意,在版本R15B02之前使用带有Erlang的sha256或更高版本的证书存在问题。在该版本发布之前,仅支持sha1或md5。