無法使用URL訪問AWS實例上的CouchDB

Question

我已經在AWS Linux實例上安裝了CouchDB，並且可以通過SSH成功​​訪問它，但無法使用實例公共URL訪問它。

在SSH中，我可以運行curl -X GET http://127.0.0.1:5984/_all_dbs，它給了我["_replicator","_users","baseball"]這是我所期待的。

如果我嘗試在Chrome中使用我的AWS實例URL：http://ec2-xx-xxx-xx-xx.eu-central-1.compute.amazonaws.com:5984/_utils Chrome說網站拒絕連接。

我編輯了CouchDB local.ini文件來添加CORS。該local.ini現在看起來是這樣的：

; CouchDB Configuration Settings 
 

 
; Custom settings should be made in this file. They will override settings 
 
; in default.ini, but unlike changes made to default.ini, this file won't be 
 
; overwritten on server upgrade. 
 

 
[couchdb] 
 
;max_document_size = 4294967296 ; bytes 
 

 
[httpd] 
 
enable_cors = true 
 
bind_address = 0.0.0.0 
 

 
[cors] 
 
origins = * 
 

 
;port = 5984 
 
;bind_address = 127.0.0.1 
 
; Options for the MochiWeb HTTP server. 
 
;server_options = [{backlog, 128}, {acceptor_pool_size, 16}] 
 
; For more socket options, consult Erlang's module 'inet' man page. 
 
;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}] 
 

 
; Uncomment next line to trigger basic-auth popup on unauthorized requests. 
 
;WWW-Authenticate = Basic realm="administrator" 
 

 
; Uncomment next line to set the configuration modification whitelist. Only 
 
; whitelisted values may be changed via the /_config URLs. To allow the admin 
 
; to change this value over HTTP, remember to include {httpd,config_whitelist} 
 
; itself. Excluding it from the list would require editing this file to update 
 
; the whitelist. 
 
;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}] 
 

 
[query_servers] 
 
;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js 
 

 

 
[httpd_global_handlers] 
 
;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>} 
 

 
[couch_httpd_auth] 
 
; If you set this to true, you should also uncomment the WWW-Authenticate line 
 
; above. If you don't configure a WWW-Authenticate header, CouchDB will send 
 
; Basic realm="server" in order to prevent you getting logged out. 
 
; require_valid_user = false 
 

 
[log] 
 
;level = debug 
 

 
[log_level_by_module] 
 
; In this section you can specify any of the four log levels 'none', 'info', 
 
; 'error' or 'debug' on a per-module basis. See src/*/*.erl for various 
 
; modules. 
 
;couch_httpd = error 
 

 

 
[os_daemons] 
 
; For any commands listed here, CouchDB will attempt to ensure that 
 
; the process remains alive. Daemons should monitor their environment 
 
; to know when to exit. This can most easily be accomplished by exiting 
 
; when stdin is closed. 
 
;foo = /path/to/command -with args 
 

 
[daemons] 
 
; enable SSL support by uncommenting the following line and supply the PEM's below. 
 
; the default ssl port CouchDB listens on is 6984 
 
; httpsd = {couch_httpd, start_link, [https]} 
 

 
[ssl] 
 
;cert_file = /full/path/to/server_cert.pem 
 
;key_file = /full/path/to/server_key.pem 
 
;password = somepassword 
 
; set to true to validate peer certificates 
 
verify_ssl_certificates = false 
 
; Path to file containing PEM encoded CA certificates (trusted 
 
; certificates used for verifying a peer certificate). May be omitted if 
 
; you do not want to verify the peer. 
 
;cacert_file = /full/path/to/cacertf 
 
; The verification fun (optional) if not specified, the default 
 
; verification fun will be used. 
 
;verify_fun = {Module, VerifyFun} 
 
; maximum peer certificate depth 
 
ssl_certificate_max_depth = 1 
 

 
; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to 
 
; the Virual Host will be redirected to the path. In the example below all requests 
 
; to http://example.com/ are redirected to /database. 
 
; If you run CouchDB on a specific port, include the port number in the vhost: 
 
; example.com:5984 = /database 
 
[vhosts] 
 
;example.com = /database/ 
 

 
[update_notification] 
 
;unique notifier name=/full/path/to/exe -with "cmd line arg" 
 

 
; To create an admin account uncomment the '[admins]' section below and add a 
 
; line in the format 'username = password'. When you next start CouchDB, it 
 
; will change the password to a hash (so that your passwords don't linger 
 
; around in plain-text files). You can add more admin accounts with more 
 
; 'username = password' lines. Don't forget to restart CouchDB after 
 
; changing this. 
 
[admins] 
 
;admin = mysecretpassword

：UPDATE：

當運行：

netstat -a -n | grep 5984 

我得到：

tcp  0  0 127.0.0.1:5984    0.0.0.0:*     LISTEN 

127.0.0.1但應該是0.0.0.0，因爲我已將etc/couchdb/local.ini和etc/couchdb/default.ini中的綁定設置爲0.0.0.0。

它看起來好像couchdb從其他地方撿起它的設置？當我運行：

couchdb -c 

我得到：

/usr/local/etc/couchdb/default.ini 
/usr/local/etc/couchdb/local.ini 

當ssh方式連接到AWS實例的根目錄包含兩個項目：

apache-couchdb-1.6.1 apache-couchdb-1.6.1.tar.gz 

我cd到apache-couchdb-1.6.1和編輯INI文件做：

vim etc/couchdb/local.ini 

我想這跟/usr/local/etc/couchdb/local.ini一樣？

我已經停止並重新啓動了couchdb並重新啓動了AWS實例，但仍然couchdb沒有從配置文件中獲取bind_address。

排序的時候

事實證明，/usr/local/etc/couchdb/local.ini是不一樣的etc/couchdb/local.ini。當我將綁定放入正確的ini時，它一切正常！

Answer 1

只有兩件事需要讓它在外面可見：你應該綁定外部IP地址（在EC2實例屬性中顯示爲Public IP）並在防火牆上打開它。所以它只是在這兩者之間。

我看到您將綁定地址更改爲0.0.0.0。這應該通過綁定所有接口來解決綁定步驟。

但是你仍然使用ssh使用本地主機連接。那麼你沒有檢查同樣的事情。嘗試使用curl進行測試時，嘗試使用機器IP地址而不是127.0.0.1。它應該是在EC2實例屬性中顯示爲公共IP的那個。但如果有疑問，請使用ifconfig -a來確定你有哪些IP地址。您還可以通過運行以下命令netstat -a -n | grep 5984來檢查它實際綁定的接口。它必須顯示0.0.0.0:5984（或*：5984）LISTEN（不是127.0.0.1:5984）。否則，它不會綁定在正確的端口上，您應該檢查CouchDb配置文件以查看原因。檢查CouchDB是否真正使用您正在編輯的配置也是值得的。

在防火牆方面 - 檢查您是否在正確的安全組上打開了它。它必須是EC2實例的「安全組」屬性中顯示的一個，並且您打開的規則必須是入站的。

有時候實例防火牆也會跳入並造成麻煩。但我在Windows機器上只有這個問題。我相信它在AWS Linux機器上被禁用（至少我從來不需要調整任何東西 - 安全組規則總是足夠的）。

如果這仍然不起作用。我只能建議用telnet來測試它是否連接。由於瀏覽器有時錯誤地報告確切的階段，使普通用戶更簡單。用telnet連接是一個更低級別的測試，但請記住，您需要將端口與一個用於telnet而不是冒號的空間隔開，例如， telnet 1.2.3.4 5984其中1.2.3.4是服務器的IP地址。