Geek asks and answers

Running CouchDB with SSL

I am trying to get CouchDB to work on our server through SSL.

I added the following to our default.ini:

[daemons]
...
httpsd = {couch_httpd, start_link, [https]}

[ssl]
cert_file = /the/path/to/my/certicifate/here
key_file = /the/path/to/my/key/here

When I restart couchdb, I get the following in my couch.log file:

[Fri, 27 May 2011 00:18:38 GMT] [error] [<0.86.0>] {error_report,<0.31.0>,
 {<0.86.0>,supervisor_report,
 [{supervisor,{local,couch_secondary_services}},
  {errorContext,start_error},
  {reason,
      {'EXIT',
          {undef,
              [{couch_httpd,start_link,[https]},
               {supervisor,do_start_child,2},
               {supervisor,start_children,3},
               {supervisor,init_children,2},
               {gen_server,init_it,6},
               {proc_lib,init_p_do_apply,3}]}}},
  {offender,
      [{pid,undefined},
       {name,httpsd},
       {mfargs,{couch_httpd,start_link,[https]}},
       {restart_type,permanent},
       {shutdown,1000},
       {child_type,worker}]}]}}

[Fri, 27 May 2011 00:18:38 GMT] [error] [<0.78.0>] {error_report,<0.31.0>,
{<0.78.0>,supervisor_report,
 [{supervisor,{local,couch_server_sup}},
  {errorContext,start_error},
  {reason,shutdown},
  {offender,
      [{pid,undefined},
       {name,couch_secondary_services},
       {mfargs,{couch_server_sup,start_secondary_services,[]}},
       {restart_type,permanent},
       {shutdown,infinity},
       {child_type,supervisor}]}]}}

Any tips or suggestions?

+3
source share
2 answers

Native SSL support is present in CouchDB 1.1, and the current version of CouchDB is version 1.0.2 of iirc. If you don’t have a baggage check or something like that, your CouchDB does not support SSL natively.

+2
source

If anyone is interested in how we ultimately decided this: (Of course, for future versions you should be able to do what I asked in my question.)

We used nginx as the reverse proxy for the couch: http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy

Nginx configuration file:

user www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;

    access_log  /var/log/nginx/access.log;

    sendfile        on;

    keepalive_timeout  65;
    tcp_nodelay        on;

    gzip  on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    server  {
        listen         80;
        server_name  couch.touchmetric.com;
        location / {
            proxy_pass http://localhost:5984;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

    server  {
        listen         443;
        server_name    couch.touchmetric.com;

        ssl on;
        ssl_certificate /path/here;
        ssl_certificate_key /other/path/here;
        ssl_protocols SSLv3;
        ssl_session_cache shared:SSL:1m;

        location / {
            proxy_pass http://localhost:5984;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Ssl on;
        }
    }

}
+3
source

More articles:


All Articles