Instructions for self-hosting CouchDb

[donalmacanri]

It would be useful to provide instructions and a working docker-compose configuration for self-hosting Nomie and CouchDb together and getting them talking to each other.

[brandoncorbin]

Calling @RdeLange has he has the most experience with getting CouchDB up and running. I haven't really used it since v2 days.

[qcasey]

FWIW this docker-compose.yml has been working well for me:

version: '3.1'
services:
  nomie6:
    image: ghcr.io/qcasey/nomie6-oss:master
    restart: unless-stopped
    ports:
      - 5000:80

  couchdb:
    image: couchdb:3
    restart: unless-stopped
    ports:
      - 5984:5984
    environment:
      - COUCHDB_USER=<USERNAME>
      - COUCHDB_PASSWORD=<PASSWORD>
    volumes:
      - db:/opt/couchdb/data
      - ./couchdb.ini:/opt/couchdb/etc/local.d/docker.ini

volumes:
  db:

with a couchdb.ini of:

[HTTPD]
enable_cors = true

[chttpd]
enable_cors = true

[cors]
origins = *
credentials = true
methods = GET, PUT, POST, HEAD, DELETE
headers = accept, authorization, content-type, origin, referer, x-csrf-token

SSL on both services.

[donalmacanri]

@qcasey What are you doing to enable SSL on both services?

[RdeLange]

Validated the docker-compose.yml which is using the same couchDB config settings as I am using for some years now. I had Nomie5 running as a container. I see comments that you need ssl enabled on both servers. intrestingly enough I have ssl enabled for the Nomie5 container via the native Synology toolset (as I am hosting on my Synology). I have not enabled ssl for the couchDB server. Never gave it much attention as it was working, but will do some additional validation today.

[ZL1LAC]

Can confirm couchDB needs a SSL certificate to run.

[qcasey]

@qcasey What are you doing to enable SSL on both services?

Caddy reverse proxy. I'm not certain that (or my docker config) is the right answer for self hosting docs but I wanted to offer a functional starting point.

nomie.example.com {
	reverse_proxy 192.168.1.44:5000
}
nomie-db.example.com {
	reverse_proxy 192.168.1.44:5984
}

[donalmacanri]

@qcasey nothing wrong with that at all, a reverse proxy seems like a sensible approach. letsencrypt cert?

[qcasey]

letsencrypt cert?

Yep, caddy will use letsencrypt with zerossl as a fallback

[holocronology]

If using Synology, you should be able to reverse proxy and use the cert it provides.

I just found this and will try setting it up shortly.

[holocronology]

Any assistance with this would be appreciated. I'm seeing repeating errors of this nature on the couchdb container log:

[notice] 2023-01-14T16:23:40.012882Z nonode@nohost <0.366.0> -------- chttpd_auth_cache changes listener died because the _users database does not exist. Create the database to silence this notice.

[error] 2023-01-14T16:23:40.013392Z nonode@nohost emulator -------- Error in process <0.367.0> with exit value:

{database_does_not_exist,[{mem3_shards,load_shards_from_db,"_users",[{file,"src/mem3_shards.erl"},{line,430}]},{mem3_shards,load_shards_from_disk,1,[{file,"src/mem3_shards.erl"},{line,405}]},{mem3_shards,load_shards_from_disk,2,[{file,"src/mem3_shards.erl"},{line,434}]},{mem3_shards,for_docid,3,[{file,"src/mem3_shards.erl"},{line,100}]},{fabric_doc_open,go,3,[{file,"src/fabric_doc_open.erl"},{line,39}]},{chttpd_auth_cache,ensure_auth_ddoc_exists,2,[{file,"src/chttpd_auth_cache.erl"},{line,214}]},{chttpd_auth_cache,listen_for_changes,1,[{file,"src/chttpd_auth_cache.erl"},{line,160}]}]}

[holocronology]

I'd like to thank @qcasey for the docker image. Is there any chance we can get an officially hosted version here?

[DeastinY]

@holocronology did you get it fully up and working? Could you share a step by step somewhere?
I tried to get it done, but my docker game is ... lacking 😅

[holocronology]

@holocronology did you get it fully up and working? Could you share a step by step somewhere? I tried to get it done, but my docker game is ... lacking 😅

Do you have docker, docker compose, and preferably Portainer installed and set up?

[DeastinY]

@holocronology did you get it fully up and working? Could you share a step by step somewhere? I tried to get it done, but my docker game is ... lacking 😅

Do you have docker, docker compose, and preferably Portainer installed and set up?

yeah, all up and ready

[holocronology]

yeah, all up and ready

This is the stack I used in Portainer. You'll need to fill in your own values where noted. This is running on a Synology NAS. I used Cloudflare Zero Trust tunnels to HTTPS remote access via custom urls.

services:
  nomie6:
    image: ghcr.io/qcasey/nomie6-oss:master
    restart: unless-stopped
    ports:
      - 5555:80

  couchdb:
    image: couchdb:3
    restart: unless-stopped
    ports:
      - 5984:5984
    environment:
      - NODENAME=<YOURNODENAME>
      - COUCHDB_USER=<YOUR USER NAME>
      - COUCHDB_PASSWORD=<YOUR FANCY PASSWORD>
    volumes:
      - <YOUR PATH>:/opt/couchdb/data
      - <YOUR PATH>/couchdb.ini:/opt/couchdb/etc/local.d/docker.ini 

It's basically the same as what was posted above.

[DeastinY]

I will give it a try, thanks!

[DeastinY]

Is there anything w.r.t. couched that I still need to configure? just passing the login I setup to nome doesn't seem to work?

[holocronology]

Is there anything w.r.t. couched that I still need to configure? just passing the login I setup to nome doesn't seem to work?

Did you generate the couch.ini file? #11 (comment)

[DeastinY]

well I think I messed this up little? its not failing immediately anymore now, but takes a little trying to connect :D Ill see if any logs are useful ...

[DeastinY]

Creating a volume in Portainer, then ssh onto the machine and map as below is correct though, right?

[DeastinY]

Maybe something wasn't updated 🤷‍♀️? Its working now!

[BugwebCz]

What about ARM CPU?

[alexkutsan]

Any way to get rid every secnd error:

nomie-couchdb-1  | [error] 2023-03-06T22:17:45.089203Z couchdb@couchdb emulator -------- Error in process <0.385.0> on node couchdb@couchdb with exit value:
nomie-couchdb-1  | {database_does_not_exist,[{mem3_shards,load_shards_from_db,"_users",[{file,"src/mem3_shards.erl"},{line,430}]},{mem3_shards,load_shards_from_disk,1,[{file,"src/mem3_shards.erl"},{line,405}]},{mem3_shards,load_shards_from_disk,2,[{file,"src/mem3_shards.erl"},{line,434}]},{mem3_shards,for_docid,3,[{file,"src/mem3_shards.erl"},{line,100}]},{fabric_doc_open,go,3,[{file,"src/fabric_doc_open.erl"},{line,39}]},{chttpd_auth_cache,ensure_auth_ddoc_exists,2,[{file,"src/chttpd_auth_cache.erl"},{line,214}]},{chttpd_auth_cache,listen_for_changes,1,[{file,"src/chttpd_auth_cache.erl"},{line,160}]}]}
nomie-couchdb-1  | 

?

[alexkutsan]

This message helps me apache/couchdb#1354 (comment)

[alexkutsan]

The proposed docker composes works great unless I setup DNS for my name and couch db.

If nomie has an HTTPS and I am trying to use couchdb by IP - I get an error : https://developer.mozilla.org/ru/docs/Web/Security/Mixed_content
If I setup DNS and HTTPS for couch db - I get an error CORS.

How to solve it?

[alexkutsan]

Well, I found a dirty IMHO workaround for CORS issue.
I setup in nginx location /nomie_db to IP of couch db

server {
  set $server        "NOMIE_IP";
  set $port           NOMIE_PORT;
  server_name NOMIE_DOMAIN;
  ...
    location /nomie_db {
    proxy_pass       COUCH_DB_IP;
    }
}

This is easy to do un UI using nginx-prixy manager.

Then I setup URL <NOMIE_URL>/nomie_db as couch_db URL in nomie UI.
The only dirty part here is that nomie database must be named nomie_db as soon as nomie_db is part of URL path.
Looks ugly, but works well

[RdeLange]

@alexkutsan, thanks for the documentation of the solution. It will definately help some other users setup their CouchDB database in conjunction with Nomie.

Once time allows, further exploring and documenting the different ways to setup CouchDB is high on my prio list.
If you run into any other issues / find your solutions, please keep them posted here, that is very helpful.

Regards,
Ronald

[holocronology]

Well, latest couchDB update is crashing. Unlcear what to do.

{"Kernel pid terminated",application_controller,"{application_start_failure,kernel,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,auth,{{error,\"Error when reading /root/.erlang.cookie: eacces\"},[{auth,init_no_setcookie,0,[{file,\"auth.erl\"},{line,313}]},{auth,init,1,[{file,\"auth.erl\"},{line,165}]},{gen_server,init_it,2,[{file,\"gen_server.erl\"},{line,423}]},{gen_server,init_it,6,[{file,\"gen_server.erl\"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,226}]}]}}}}},{kernel,start,[normal,[]]}}}"}

Kernel pid terminated (application_controller) ({application_start_failure,kernel,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,auth,{{error,"Error when reading /root/.erlang.cookie: eacces"},[{auth,init_no_setcookie,0,[{file,"auth.erl"},{line,313}]},{auth,init,1,[{file,"auth.erl"},{line,165}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,423}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}}}}},{kernel,start,[normal,[]]}}})

[Robin-Sch]

This message helps me apache/couchdb#1354 (comment)

how did you fix the error?

[yodatak]

I'm interested to i want to make a helm chart for nomie

[RdeLange]

I have some documentation available:
https://www.dailynomie.com/2023/05/18/dailynomie-sync/

I hope this helps..

[lgwapnitsky]

I've build nomie from scratch rather than using the docker, and I have a couchdb set up. I can log in, but I receive the following error:

My couchdb instance is empty. Is there a template or something that I"m missing?

[brandoncorbin]

I've build nomie from scratch rather than using the docker, and I have a couchdb set up. I can log in, but I receive the following error:

My couchdb instance is empty. Is there a template or something that I"m missing?

Whats the error in the console showing? My guess is it could be a CORS setup on the CouchDB

[lgwapnitsky]

Access denied error. I'm away from the system right now, but I can't even use the admin login to access the DB. I'll check the CORS settings later.

Again, this is my first foray into couchdb

[lgwapnitsky]

Access denied error. I'm away from the system right now, but I can't even use the admin login to access the DB. I'll check the CORS settings later.

Again, this is my first foray into couchdb

Forgot I had remote access...

[error] 2024-02-15T20:49:15.322634Z couchdb@127.0.0.1 <0.10466.2> 2
21d0166a9 rexi_server: from: couchdb@127.0.0.1(<0.10305.2>) mfa: fa
bric_rpc:open_shard/2 throw:{unauthorized,<<"You are not authorized
 to access this db.">>} [{couch_db,open,2,[{file,"src/couch_db.erl"
},{line,177}]},{mem3_util,get_or_create_db,2,[{file,"src/mem3_util.
erl"},{line,602}]},{fabric_rpc,open_shard,2,[{file,"src/fabric_rpc.
erl"},{line,332}]},{rexi_server,init_p,3,[{file,"src/rexi_server.er
l"},{line,146}]}]

[RdeLange]

Hi,

it can be very tricky to host your own couchdb instance. I have written a tutorial on how I made it work. This might be of help:
[https://www.dailynomie.com/2023/04/23/how-to-install-couchdb-on-a-synology-nas-with-private-keys/]

[lgwapnitsky]

i'll check it out.

also, getting this error now that i've enabled cors

[notice] 2024-02-15T21:46:04.967882Z couchdb@127.0.0.1 <0.20973.0> 91ecbf7820 10.150.88.37:5984 10.150.33.57 undefined OPTIONS /nomie_lgw/ 204 ok 1

still can't login though.

[lgwapnitsky]

i'll check it out.

also, getting this error now that i've enabled cors

[notice] 2024-02-15T21:46:04.967882Z couchdb@127.0.0.1 <0.20973.0> 91ecbf7820 10.150.88.37:5984 10.150.33.57 undefined OPTIONS /nomie_lgw/ 204 ok 1

still can't login though.

I looked at the docs. Pretty much all the same steps I took

[brandoncorbin]

Are you running on HTTPS and another on HTTP? that might cause an issue since iOS doesn't allow secure pages to call out to insecure pages.

[lgwapnitsky]

Are you running on HTTPS and another on HTTP? that might cause an issue since iOS doesn't allow secure pages to call out to insecure pages.

solved. i have fat fingers. :) Now to figure out why this thing refreshes all the time when i'm in the middle of something, but that's for another thread :)

[lgwapnitsky]

Solved. I kept fat-fingering something

…

On Thu, Feb 15, 2024, 17:54 Brandon ***@***.***> wrote: Are you running on HTTPS and another on HTTP? that might cause an issue since iOS doesn't allow secure pages to call out to insecure pages. — Reply to this email directly, view it on GitHub <#11 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAE6CFAWHD4G57XG365GRKDYT2G3HAVCNFSM6AAAAAATUDPNMWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBXGQ3TCMRYHA> . You are receiving this because you commented.Message ID: ***@***.***>

[krillin666]

cors

@RdeLange is there any way to enable CORS by default for only the dailynomie domain ? I have to always login and add this manually on CouchDB when I restart my server

[RdeLange]

Hi, I have been struggling with this also. Can you advice where you need to adjust the settings? In CouchDB? After you reset (or restart?) your CouchDB server? Sent from Outlook for iOS<https://aka.ms/o0ukef>

…

________________________________ From: krillin666 ***@***.***> Sent: Sunday, May 5, 2024 7:05 PM To: open-nomie/nomie6-oss ***@***.***> Cc: Ronald de Lange ***@***.***>; Mention ***@***.***> Subject: Re: [open-nomie/nomie6-oss] Instructions for self-hosting CouchDb (Issue #11) cors @RdeLange<https://github.com/RdeLange> is there any way to enable CORS by default for only the dailynomie domain ? I have to always login and add this manually on CouchDB when I restart my server — Reply to this email directly, view it on GitHub<#11 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAJIWX253NWBD6EWBNYOY2LZAZREFAVCNFSM6AAAAAATUDPNMWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJUHA3TSNRUG4>. You are receiving this because you were mentioned.Message ID: ***@***.***>