After a fresh installation of CocuhDB 2.3 and configured as standalone (no cluster).
I can see the following listener ports: 5984, 5986 and a random port (currently 21991)
I understand that the local-node port is 5984 for API requests, and the 5986 port is for administrative tasks, additionally, these ports are listening on localhost, but the random port is listening on all interfaces and I don't find any information about this in the documentation.
Fresh installation of CocuhDB 2.3 and configured as standalone, and execute:
# netstat -putan | grep beam
tcp 0 0 127.0.0.1:5986 0.0.0.0:* LISTEN 7985/beam.smp
tcp 0 0 0.0.0.0:21991 0.0.0.0:* LISTEN 7985/beam.smp
tcp 0 0 127.0.0.1:5984 0.0.0.0:* LISTEN 7985/beam.smp
I expected don't have public ports in a standalone configuration, could I disable this connection listening?
Hi @crissty,
What you're seeing is probably the Erlang VM's distribution port open. That's the connection for other CouchDB (also Erlang VM) nodes to connect together so they can form a cluster.
You can verify this by inspect the output of EPMD. That's Erlang's port mapper daemon, it keeps track of what Erlang nodes are running on each host and allows connecting to nodes on different hosts.
$ epmd -names
epmd: up and running on port 4369 with data:
name node1 at port 65083
In my case the extra open port was 65083 and it showed up as distribution port.
You can control this port number (by default it is a random port number) and the interface it binds to using Erlang VM's kernel options. Erlang VM options usually go into the vm.args file. In the development mode the vm.args file is located in rel/overlay/etc/vm.args
For example by adding this line there:
-kernel inet_dist_use_interface {127,0,0,1}
I got that port to listen the the localhost interface.
lsof -n -p 61704 | grep -i tcp
beam.smp 61704 0t0 TCP 127.0.0.1:65528 (LISTEN)
beam.smp 61704 0t0 TCP 127.0.0.1:65529->127.0.0.1:epmd (ESTABLISHED)
beam.smp 61704 0t0 TCP 127.0.0.1:15986 (LISTEN)
beam.smp 61704 0t0 TCP *:15984 (LISTEN)
Hi @nickva ,
Thanks so much for your quick response, your information has been very useful to me.
Effectively, the asked port is the Erlang VM's distribution port.
But, I don't understand why the Erlang service is enabled in a standalone configuration, I don't use cluster and I am no going to use it in the near future. As a workaround I would be able to change the listener interface to localhost as you indicated me, but I would like not to have unnecessary services running in the machine, is there any way to disable this service?
Many thanks and regards!
Hi @crissty,
In general not setting a node "name" disable the Erlang distribution (the subsystem that runs the inter-node connections). Not sure if you'd have luck commenting out the setting the -name ... in vm.args file... I don't usually run it in standalone mode so don't know if it will actually work.
Also, you'd lose debugging ability and being to connect to the node locally via "remsh" for example.
So I'd recommend to let it it open the port on the localhost only.
Another thing that might help, is you can specify the exact port number via these parameters in the same vm.args:
-kernel inet_dist_use_interface {127,0,0,1}
-kernel inet_dist_listen_min 60001
-kernel inet_dist_listen_max 60001
That just tells it to open port 60001 instead of a random port. So you can monitor it or block via the firewall if localhost access restriction is not enough.
Thank you very much again @nickva , your solution is excellent! when I have commented on the -name line in the vm.args file, then I restarted the couchdb service and the magic was done!
Now, the service is not running in the system, as you say, I have to evaluate if this is the desired behaviour for our application, although I think that we do not need the additional skills.
I think that this issue can be closed, thanks for your time! Have a nice day.
You're welcome, @crissty! Thanks for reaching out
I'll close the issue
It seemed that everything was going well, but unfortunately, when I try to send a request to CouchDB, I get the following error:
{"error":"internal_server_error","reason":"No DB shards could be opened.","ref":2686395495}
Additionally, I can see in the couchdb.log file the below line:
[error] 2019-11-14T12:44:09.632183Z nonode@nohost <0.445.0> 8b83f3af4d req_err(2686395495) internal_server_error : No DB shards could be opened.
So, I will have to keep the Erlang service on the localhost until I can understand the CouchDB needs in relation to Erlang.
Thank you for your help!
if it helps anyone, I found the way to change the epmd service to localhost binding, you can simply add the following systemd drop-in addition to couchdb.service:
In my system, in the file /etc/systemd/system/multi-user.target.wants/couchdb.service, below to the Service section
[Service]
Environment=ERL_EPMD_ADDRESS=127.0.0.1
Great find, @crissty!
Thanks for sharing