开发者

Starting CouchDB with SSL

问答 作者:

I'm trying to get CouchDB working on our server over SSL.

I've added the following to our default.ini:

[daemons]
...
httpsd = {couch_httpd, start_link, [https]}

[ssl]
cert_file = /the/path/开发者_如何学JAVAto/my/certicifate/here
key_file = /the/path/to/my/key/here

When I restart couchdb I get the following in my couch.log file:

[Fri, 27 May 2011 00:18:38 GMT] [error] [<0.86.0>] {error_report,<0.31.0>,
 {<0.86.0>,supervisor_report,
 [{supervisor,{local,couch_secondary_services}},
  {errorContext,start_error},
  {reason,
      {'EXIT',
          {undef,
              [{couch_httpd,start_link,[https]},
               {supervisor,do_start_child,2},
               {supervisor,start_children,3},
               {supervisor,init_children,2},
               {gen_server,init_it,6},
               {proc_lib,init_p_do_apply,3}]}}},
  {offender,
      [{pid,undefined},
       {name,httpsd},
       {mfargs,{couch_httpd,start_link,[https]}},
       {restart_type,permanent},
       {shutdown,1000},
       {child_type,worker}]}]}}

[Fri, 27 May 2011 00:18:38 GMT] [error] [<0.78.0>] {error_report,<0.31.0>,
{<0.78.0>,supervisor_report,
 [{supervisor,{local,couch_server_sup}},
  {errorContext,start_error},
  {reason,shutdown},
  {offender,
      [{pid,undefined},
       {name,couch_secondary_services},
       {mfargs,{couch_server_sup,start_secondary_services,[]}},
       {restart_type,permanent},
       {shutdown,infinity},
       {child_type,supervisor}]}]}}

Any tips or suggestions?

If anyone is interested how we eventually solved this: (Of course for future versions you should be able to do the thing I asked about in my question.)

We used nginx as a reverse proxy for couch: http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy

The nginx config file:

user www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;

    access_log  /var/log/nginx/access.log;

    sendfile        on;

    keepalive_timeout  65;
    tcp_nodelay        on;

    gzip  on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    server  {
        listen         80;
        server_name  couch.touchmetric.com;
        location / {
            proxy_pass http://localhost:5984;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

    server  {
        listen         443;
        server_name    couch.touchmetric.com;

        ssl on;
        ssl_certificate /path/here;
        ssl_certificate_key /other/path/here;
        ssl_protocols SSLv3;
        ssl_session_cache shared:SSL:1m;

        location / {
            proxy_pass http://localhost:5984;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Ssl on;
        }
    }

}

Native SSL support is present in CouchDB 1.1, while the current CouchDB release is version 1.0.2 iirc. Unless you have a checkout from trunk or something like that, your CouchDB does not support SSL natively.

继续阅读:ssl

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9