我在AWS Linux实例上安装了CouchDB,可以通过SSH成功访问它,但不能使用实例公开的URL访问它。
在SSH中,我可以运行curl -X GET http://127.0.0.1:5984/_all_dbs,它会给我["_replicator","_users","baseball"],这正是我所期望的。
如果我尝试在Chrome中使用我的AWS实例URL:http://ec2-xx-xxx-xx-xx.eu-central-1.compute.amazonaws.com:5984/_utilsChrome表示网站拒绝连接。
我已经编辑了CouchDB local.ini文件来添加CORS。local.ini现在看起来是这样的:
; CouchDB Configuration Settings
; Custom settings should be made in this file. They will override settings
; in default.ini, but unlike changes made to default.ini, this file won't be
; overwritten on server upgrade.
[couchdb]
;max_document_size = 4294967296 ; bytes
[httpd]
enable_cors = true
bind_address = 0.0.0.0
[cors]
origins = *
;port = 5984
;bind_address = 127.0.0.1
; Options for the MochiWeb HTTP server.
;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
; For more socket options, consult Erlang's module 'inet' man page.
;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
; Uncomment next line to trigger basic-auth popup on unauthorized requests.
;WWW-Authenticate = Basic realm="administrator"
; Uncomment next line to set the configuration modification whitelist. Only
; whitelisted values may be changed via the /_config URLs. To allow the admin
; to change this value over HTTP, remember to include {httpd,config_whitelist}
; itself. Excluding it from the list would require editing this file to update
; the whitelist.
;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}]
[query_servers]
;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js
[httpd_global_handlers]
;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>}
[couch_httpd_auth]
; If you set this to true, you should also uncomment the WWW-Authenticate line
; above. If you don't configure a WWW-Authenticate header, CouchDB will send
; Basic realm="server" in order to prevent you getting logged out.
; require_valid_user = false
[log]
;level = debug
[log_level_by_module]
; In this section you can specify any of the four log levels 'none', 'info',
; 'error' or 'debug' on a per-module basis. See src/*/*.erl for various
; modules.
;couch_httpd = error
[os_daemons]
; For any commands listed here, CouchDB will attempt to ensure that
; the process remains alive. Daemons should monitor their environment
; to know when to exit. This can most easily be accomplished by exiting
; when stdin is closed.
;foo = /path/to/command -with args
[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
; httpsd = {couch_httpd, start_link, [https]}
[ssl]
;cert_file = /full/path/to/server_cert.pem
;key_file = /full/path/to/server_key.pem
;password = somepassword
; set to true to validate peer certificates
verify_ssl_certificates = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
ssl_certificate_max_depth = 1
; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
; the Virual Host will be redirected to the path. In the example below all requests
; to http://example.com/ are redirected to /database.
; If you run CouchDB on a specific port, include the port number in the vhost:
; example.com:5984 = /database
[vhosts]
;example.com = /database/
[update_notification]
;unique notifier name=/full/path/to/exe -with "cmd line arg"
; To create an admin account uncomment the '[admins]' section below and add a
; line in the format 'username = password'. When you next start CouchDB, it
; will change the password to a hash (so that your passwords don't linger
; around in plain-text files). You can add more admin accounts with more
; 'username = password' lines. Don't forget to restart CouchDB after
; changing this.
[admins]
;admin = mysecretpassword:更新:
运行时:
netstat -a -n | grep 5984
我得到:
tcp 0 0 127.0.0.1:5984 0.0.0.0:* LISTEN
127.0.0.1但应该是0.0.0.0,因为我已经将etc/couchdb/local.ini和etc/couchdb/default.ini中的绑定都设置为0.0.0.0。
看起来好像couchdb正在从其他地方获取它的设置?当我运行时:
couchdb -c
我得到:
/usr/local/etc/couchdb/default.ini
/usr/local/etc/couchdb/local.ini
当SSHing进入AWS实例时,根目录包含两个条目:
apache-couchdb-1.6.1 apache-couchdb-1.6.1.tar.gz
Icd到apache-couchdb-1.6.1,并编辑ini文件do:
vim etc/couchdb/local.ini
我想这和/usr/local/etc/couchdb/local.ini是一样的?
我已经停止并重新启动了couchdb,并且重新启动了AWS实例,但couchdb仍然没有从配置文件中获取bind_address。
排序
结果表明,CCD_ 11与CCD_。当我把绑定放在正确的ini中时,一切都正常!
只需要两件事就可以使其在外部可见:您应该绑定到外部ip地址(在EC2实例属性中显示为Public ip)并在防火墙上打开它。所以它一定介于这两者之间。
我看到您将绑定地址更改为0.0.0.0。这应该通过绑定所有接口来解决绑定步骤。
但是您仍然使用ssh使用localhost进行连接。那你就不检查同一件事了。尝试使用curl进行测试时,请尝试使用机器ip地址,而不是127.0.0.1。它应该是在EC2实例属性中显示为公共IP的那个。但如果有疑问,请使用ifconfig -a来计算您的ip地址。您还可以通过运行以下命令netstat -a -n | grep 5984来检查它实际绑定了哪些接口。它必须将0.0.0.0:5984(或*:5984)显示为LISTEN(而不是127.0.0.1:5984)。否则,它没有绑定到正确的端口,您应该检查CouchDb配置文件以了解原因。检查CouchDB是否真的在使用您正在编辑的配置也是值得的。
在防火墙一侧,检查是否已在正确的安全组中打开它。它必须是EC2实例的"安全组"属性中显示的规则,并且您打开的规则必须是入站规则。
有时,实例防火墙会跳进来,也会造成麻烦。但我只在Windows机器上遇到过这个问题。我相信它在AWS Linux机器上被禁用了(至少我从来没有需要在那里调整任何东西——安全组规则总是足够的)。
如果这仍然不起作用。我只能建议尝试用telnet测试它是否连接。因为浏览器有时会误报确切的阶段,以使其对普通用户来说更简单。使用telnet连接是一个较低级别的测试,但请记住,您需要用一个用于telnet的空间而不是冒号来分隔端口,例如telnet 1.2.3.4 5984,其中1.2.3.4是服务器的ip地址。