Installation Couchdb Configuration - kwantu/platformconfiguration GitHub Wiki
back to installations page ...
migrated to the new wiki
Add this line to chttpd in local.ini
[chttpd]
authentication_handlers = {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, jwt_authentication_handler}, {chttpd_auth, default_authentication_handler}
[jwt_keys]
hmac:_default=<get key from lastpass>
cd /usr/local
sudo mkdir /usr/local/data
sudo mkdir /usr/local/data/couchdb
sudo chown couchdb:couchdb /usr/local/data/couchdb
Some assistance can be found in the following pages:
- https://stackoverflow.com/questions/41103624/emfile-error-running-couchdb-on-ubuntu-16
-
https://stackoverflow.com/questions/39506149/ubuntu-16-04-systemd-redis-issues-with-ulimit/39506150#39506150
If the system is set up to use the Pluggable Authentication Modules (PAM) system (as is the case with nearly all modern Linuxes), creating a file named /etc/security/limits.d/100-couchdb.conf with the following contents will ensure that CouchDB can open up to 10000 file descriptors at once:
vim /etc/security/limits.d/100-couchdb.conf#<domain> <type> <item> <value>
couchdb hard nofile 264000
couchdb soft nofile 264000
couchdb soft nproc 264000
couchdb hard nproc 264000These changes are in the /etc/sv/couchdb/run script
vim /etc/sv/couchdb/runMake sure that that following line entries are placed. They do the following:
- Increase the ulimits
- Increase number of Erlang connections allowed. Even if you’ve increased the maximum connections CouchDB will allow, the Erlang runtime system will not allow more than 1024 connections by default.
ERL_MAX_PORTSdirective increases that
#!/bin/sh
ulimit -n 64000
export ERL_MAX_PORTS=64000
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
export HOME=/opt/couchdb
exec 2>&1
exec chpst -u couchdb ${HOME}/bin/couchdb- Reduce the default TIME_WAIT value.
See a description here http://www.linuxbrigade.com/reduce-time_wait-socket-connections. This is done for the current session in the run script. But can also be set to load for the system wide settings. On different distributions this will be in different places.
Centos: Add below in /etc/sysctl.conf
vim /etc/sysctl.confRedHat: Create a file in /usr/lib/sysctl.d called kwantu.conf with the following content:
vim /usr/lib/sysctl.d/kwantu.confThis is the content to insert
# Decrease TIME_WAIT seconds
net.ipv4.tcp_fin_timeout = 30
# Recycle and Reuse TIME_WAIT sockets faster
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
To secure that site we have currently blocked outside contact to the server on port 5984 via localhost only. If the solution uses iptables as a firewall, edit the following file
vim /etc/sysconfig/iptablesand set: (replace 10.131.229.189 with the ipaddress of the appserver)
# allow Appserver to couchdb
-A INPUT -p tcp -s 10.131.229.189 -m tcp --dport 8003 -m state --state NEW -j ACCEPT -m comment --comment "couchdb appserver"
# allow Appserver to couchdb-lucene
-A INPUT -p tcp -s 10.131.229.189 -m tcp --dport 5985 -m state --state NEW -j ACCEPT -m comment --comment "couchdb appserver"Remember to restart the iptables for the updates to take place.
service iptables restart(If the db server is not open to the world, then we do not need to hassle with ssl on the db server)
firewall-cmd --zone=public --add-port=8003/tcp --permanent
firewall-cmd --zone=public --add-port=5985/tcp --permanent
firewall-cmd --reload
# To start firewalld
systemctl enable firewalld
systemctl start firewalld
# To get its status
systemctl status firewalld
#And check whether the port was added to ipatables rules:
iptables-save | grep 8003
#should return
#-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPTThe couchdb configuration files are held in the {COUCHDB_HOME}\etc\defaults\local.ini. See the example configuration file below.
. The local.ini contains server specific settings that can be overwritten.
vim /opt/couchdb/etc/local.ini- In the [couchdb] section add the following
[couchdb]
os_process_timeout = 1200000
uuid = 9ef95bc799d2fb2784193426fa25fd7b
database_dir = /usr/local/data/couchdb/data
view_index_dir = /usr/local/data/couchdb/index
max_dbs_open = 5000
file_compression = snappy- In the [couch_peruser] section add the following
[couch_peruser]
enable = false- In the [chttpd] section add the following
[chttpd]
bind_address = 197.242.156.57
port = 8003- In the [couch_httpd_auth] section add the following
[couch_httpd_auth]
timeout = 30000- Insert the lucene user in the [admins] section
[admins]
Administrator = -pbkdf2-36931c4fb8a71a596dc27a1955d58b0b820bb846,81e54ecb603a32447fbcb94fd13977d0,10
lucene = -pbkdf2-30b3df1f1974daf0ae559e8a70d56df7054c302c,2c5878bba5d7924ac7efbe365da4f601,10- Insert the following sections at the bottom
[cors]
origins = *
methods = GET, PUT, POST, HEAD, DELETE
headers = accept, authorization, content-type, origin, referer, x-csrf-token
credentials = true
[replicator]
connection_timeout = 60000
max_jobs = 1000
max_churn = 200
[log]
level = debug- Deal with the ssl stuff once the certificates are available
[ssl]
cert_file = /etc/nginx/ssl/kwantu.support.crt
key_file = /etc/nginx/ssl/kwantu.support.key
cacert_file = /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem
tls_versions = ['tlsv1.2']Remember to set the nginx redirect where nnn.nnn.nnn.nnn is the server Ip address that couchdb runs on and binds to
upstream couchdb {
server nnn.nnn.nnn.nnn:5985;
}
...
location /kwantu_ {
proxy_set_header ns_server-ui yes;
proxy_pass http://couchdb8003;
include /etc/nginx/proxy_default.conf;
}
location /_utils {
proxy_set_header ns_server-ui yes;
proxy_pass http://couchdb8003;
include /etc/nginx/proxy_default.conf;
}
location /_session{
proxy_set_header ns_server-ui yes;
proxy_pass http://couchdb8003;
include /etc/nginx/proxy_default.conf;
}
location /_all_dbs{
proxy_set_header ns_server-ui yes;
proxy_pass http://couchdb8003;
include /etc/nginx/proxy_default.conf;
}
location /_find{
proxy_set_header ns_server-ui yes;
proxy_pass http://couchdb8003;
include /etc/nginx/proxy_default.conf;
}- Log in to the fauxton interface with {serverURL}:8003/_utils
- Go to the
Setup Apache CouchDBlink and complete the details for the single server setup. Make sure to set the administrator name and passwords correct, and bind it to the host ip address, not 0.0.0.0 that will allow connections from anywhere.
chmod 0644 /opt/couchdb/etc/*#through fauxton
_users
_replicator
_global_changes
#or using curl replacing the 127.0.0.1 with the actual ip address of the couchdb server you need.
curl -X PUT http://127.0.0.1:5984/_users
curl -X PUT http://127.0.0.1:5984/_replicator
curl -X PUT http://127.0.0.1:5984/_global_changes
emfile in the log means you've run out of file descriptors.
https://github.com/apache/couchdb/issues/859 https://github.com/apache/couchdb/issues/1267
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
Increase the responsiveness of your CouchDB server when disk performance is a bottleneck. From the Erlang documentation for the file module:
On operating systems with thread support, it is possible to let file operations be performed in threads of their own, allowing other Erlang processes to continue executing in parallel with the file operations. See the command line flag +A in erl(1).
Setting this argument to a number greater than zero can keep your CouchDB installation responsive even during periods of heavy disk utilization. The easiest way to set this option is through the ERL_FLAGS environment variable. For example, to give Erlang four threads with which to perform I/O operations add the following to (prefix)(or equivalent):
vim /etc/defaults/couchdb
export ERL_FLAGS="+A 4"
https://dev.to/yenyih/how-to-setup-clouseau-for-couchdb-search-on-unix-like-systems-14gj