私のPC(ubuntu 12.10)で同じ環境をaws ec2(ubuntu 12.04)に複製しようとしています。
そこで、次のコマンドを実行しました。
# openssl genrsa -out localhost.key 2048
# openssl req -new -x509 -key localhost.key -out localhost.crt -days 3650 -subj /CN=localhost
その後、次のように local.ini を構成します (これらの証明書ファイルが couchdb ユーザーからアクセス可能であることを確認します)。
[daemons]
httpsd = {couch_httpd, start_link, [https]}
[ssl]
cert_file = /opt/couchdb/etc/cert/localhost.crt
key_file = /opt/couchdb/etc/cert/localhost.key
私のPCでこのコマンドを実行すると、これは正常に機能します。
curl -v -k https://localhost:6984/
しかし、aws ec2 では、次のエラーが発生します。
* About to connect() to localhost port 6984 (#0)
* Trying 127.0.0.1... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:6984
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:6984
ソファのログ:
Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.3024.1>] {error_report,<0.61.0>,
{<0.3024.1>,std_error,
[83,83,76,58,32,"1095",58,32,"error",58,
[123,
["try_clause",44,
[123,["error",44,"eacces"],125]],
125],
32,
"/usr/local/etc/couchdb/cert/localhost.crt",
"\n",32,32,
[91,
[[123,
["ssl_manager",44,"cache_pem_file",44,
"2"],
125],
44,10," ",
[123,
["ssl_certificate",44,
"file_to_certificats",44,"2"],
125],
44,10," ",
[123,
["ssl_connection",44,
"init_certificates",44,"6"],
125],
44,10," ",
[123,
["ssl_connection",44,"ssl_init",44,
"2"],
125],
44,10," ",
[123,
["ssl_connection",44,"init",44,"1"],
125],
44,10," ",
[123,
["gen_fsm",44,"init_it",44,"6"],
125],
44,10," ",
[123,
["proc_lib",44,"init_p_do_apply",44,
"3"],
125]],
93],
"\n"]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.3024.1>] {error_report,<0.61.0>,
{<0.3024.1>,crash_report,
[[{initial_call,
{ssl_connection,init,['Argument__1']}},
{pid,<0.3024.1>},
{registered_name,[]},
{error_info,
{exit,ecertfile,
[{gen_fsm,init_it,6},
{proc_lib,init_p_do_apply,3}]}},
{ancestors,[ssl_connection_sup,ssl_sup,<0.62.0>]},
{messages,[]},
{links,[<0.66.0>]},
{dictionary,[]},
{trap_exit,false},
{status,running},
{heap_size,2584},
{stack_size,24},
{reductions,1532}],
[]]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.66.0>] {error_report,<0.61.0>,
{<0.66.0>,supervisor_report,
[{supervisor,{local,ssl_connection_sup}},
{errorContext,child_terminated},
{reason,ecertfile},
{offender,
[{pid,<0.3024.1>},
{name,undefined},
{mfargs,{ssl_connection,start_link,undefined}},
{restart_type,temporary},
{shutdown,4000},
{child_type,worker}]}]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.349.1>] {error_report,<0.31.0>,
{<0.349.1>,std_error,
[{application,mochiweb},
"Accept failed error",
"{error,ecertfile}"]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.349.1>] {error_report,<0.31.0>,
{<0.349.1>,crash_report,
[[{initial_call,
{mochiweb_acceptor,init,
['Argument__1','Argument__2',
'Argument__3']}},
{pid,<0.349.1>},
{registered_name,[]},
{error_info,
{exit,
{error,accept_failed},
[{mochiweb_acceptor,init,3},
{proc_lib,init_p_do_apply,3}]}},
{ancestors,
[https,couch_secondary_services,
couch_server_sup,<0.32.0>]},
{messages,[]},
{links,[<0.2106.0>,#Port<0.3554>]},
{dictionary,[]},
{trap_exit,false},
{status,running},
{heap_size,987},
{stack_size,24},
{reductions,225918}],
[]]}}
[Mon, 30 Sep 2013 00:27:57 GMT] [error] [<0.2106.0>] {error_report,<0.31.0>,
{<0.2106.0>,std_error,
{mochiweb_socket_server,310,
{acceptor_error,{error,accept_failed}}}}}
この問題を解決するにはどうすればよいですか?
更新: mochiweb が私の証明書にアクセスできない理由は、 userではなくuserからcouchdbを実行したためであると言うことが重要です。root couchdb
そのため、常に COUCHDB ユーザーでプログラムを実行していることを確認してください。
sudo -i -u couchdb couchdb