couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject [7/8] git commit: updated refs/heads/1.3.x to 13ae34d
Date Mon, 20 May 2013 06:56:36 GMT
docs: move section on SSL support into configuration chapter


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/cacc3c27
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/cacc3c27
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/cacc3c27

Branch: refs/heads/1.3.x
Commit: cacc3c272ec660b70844095dc36fb92d805ac2ec
Parents: 150a32a
Author: Dirkjan Ochtman <djc@apache.org>
Authored: Mon May 20 08:53:25 2013 +0200
Committer: Dirkjan Ochtman <djc@apache.org>
Committed: Mon May 20 08:55:47 2013 +0200

----------------------------------------------------------------------
 share/doc/src/configuring.rst |   98 ++++++++++++++++++++++++++++++++
 share/doc/src/index.rst       |    1 -
 share/doc/src/ssl.rst         |  109 ------------------------------------
 3 files changed, 98 insertions(+), 110 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/cacc3c27/share/doc/src/configuring.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/configuring.rst b/share/doc/src/configuring.rst
index 168a51f..c364417 100644
--- a/share/doc/src/configuring.rst
+++ b/share/doc/src/configuring.rst
@@ -185,3 +185,101 @@ see :ref:`http-proxying`. For further background on the OS Daemon service,
see
 `CouchDB Externals API`_.
 
 .. _CouchDB Externals API: http://davispj.com/2010/09/26/new-couchdb-externals-api.html
+
+Native SSL Support
+==================
+
+CouchDB |version| supports SSL natively. All your secure connection needs can
+now be served without needing to setup and maintain a separate proxy server
+that handles SSL.
+
+SSL setup can be tricky, but the configuration in CouchDB was designed
+to be as easy as possible. All you need is two files; a certificate and
+a private key. If you bought an official SSL certificate from a
+certificate authority, both should be in your possession already.
+
+If you just want to try this out and don't want to pay anything upfront,
+you can create a self-signed certificate. Everything will work the same,
+but clients will get a warning about an insecure certificate.
+
+You will need the OpenSSL command line tool installed. It probably
+already is.
+
+::
+
+    shell> mkdir cert && cd cert
+    shell> openssl genrsa > privkey.pem
+    shell> openssl req -new -x509 -key privkey.pem -out mycert.pem -days 1095
+    shell> ls
+    mycert.pem privkey.pem
+
+Now, you need to edit CouchDB's configuration, either by editing your
+``local.ini`` file or using the ``/_config`` API calls or the
+configuration screen in Futon. Here is what you need to do in
+``local.ini``, you can infer what needs doing in the other places.
+
+Be sure to make these edits. Under ``[daemons]`` you should see:
+
+::
+
+    ; enable SSL support by uncommenting the following line and supply the PEM's below.
+    ; the default ssl port CouchDB listens on is 6984
+    ;httpsd = {couch_httpd, start_link, [https]}
+
+Here uncomment the last line:
+
+::
+
+    httpsd = {couch_httpd, start_link, [https]}
+
+Next, under ``[ssl]`` you will see:
+
+::
+
+    ;cert_file = /full/path/to/server_cert.pem
+    ;key_file = /full/path/to/server_key.pem
+
+Uncomment and adjust the paths so it matches your system's paths:
+
+::
+
+    cert_file = /home/jan/cert/mycert.pem
+    key_file = /home/jan/cert/privkey.pem
+
+For more information please read
+`http://www.openssl.org/docs/HOWTO/certificates.txt`_.
+
+Now start (or restart) CouchDB. You should be able to connect to it
+using HTTPS on port 6984:
+
+::
+
+    shell> curl https://127.0.0.1:6984/
+    curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
+    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
+    More details here: http://curl.haxx.se/docs/sslcerts.html
+
+    curl performs SSL certificate verification by default, using a "bundle"
+    of Certificate Authority (CA) public keys (CA certs). If the default
+    bundle file isn't adequate, you can specify an alternate file
+    using the --cacert option.
+    If this HTTPS server uses a certificate signed by a CA represented in
+    the bundle, the certificate verification probably failed due to a
+    problem with the certificate (it might be expired, or the name might
+    not match the domain name in the URL).
+    If you'd like to turn off curl's verification of the certificate, use
+    the -k (or --insecure) option.
+
+Oh no what happened?! — Remember, clients will notify their users that
+your certificate is self signed. ``curl`` is the client in this case and
+it notifies you. Luckily you trust yourself (don't you?) and you can
+specify the ``-k`` option as the message reads:
+
+::
+
+    shell> curl -k https://127.0.0.1:6984/
+    {"couchdb":"Welcome","version":"|version|"}
+
+All done.
+
+.. _`http://www.openssl.org/docs/HOWTO/certificates.txt`: http://www.openssl.org/docs/HOWTO/certificates.txt

http://git-wip-us.apache.org/repos/asf/couchdb/blob/cacc3c27/share/doc/src/index.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/index.rst b/share/doc/src/index.rst
index be6a170..b17d6ba 100644
--- a/share/doc/src/index.rst
+++ b/share/doc/src/index.rst
@@ -31,7 +31,6 @@ Contents
     api-basics
     pretty_urls
     configuring
-    ssl
     http-proxying
     config_reference
     replication

http://git-wip-us.apache.org/repos/asf/couchdb/blob/cacc3c27/share/doc/src/ssl.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/ssl.rst b/share/doc/src/ssl.rst
deleted file mode 100644
index 3a546d8..0000000
--- a/share/doc/src/ssl.rst
+++ /dev/null
@@ -1,109 +0,0 @@
-.. Licensed under the Apache License, Version 2.0 (the "License"); you may not
-.. use this file except in compliance with the License. You may obtain a copy of
-.. the License at
-..
-..   http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-.. License for the specific language governing permissions and limitations under
-.. the License.
-
-Native SSL Support
-==================
-
-CouchDB |version| supports SSL natively. All your secure connection needs can
-now be served without needing to setup and maintain a separate proxy server
-that handles SSL.
-
-SSL setup can be tricky, but the configuration in CouchDB was designed
-to be as easy as possible. All you need is two files; a certificate and
-a private key. If you bought an official SSL certificate from a
-certificate authority, both should be in your possession already.
-
-If you just want to try this out and don't want to pay anything upfront,
-you can create a self-signed certificate. Everything will work the same,
-but clients will get a warning about an insecure certificate.
-
-You will need the OpenSSL command line tool installed. It probably
-already is.
-
-::
-
-    shell> mkdir cert && cd cert
-    shell> openssl genrsa > privkey.pem
-    shell> openssl req -new -x509 -key privkey.pem -out mycert.pem -days 1095
-    shell> ls
-    mycert.pem privkey.pem
-
-Now, you need to edit CouchDB's configuration, either by editing your
-``local.ini`` file or using the ``/_config`` API calls or the
-configuration screen in Futon. Here is what you need to do in
-``local.ini``, you can infer what needs doing in the other places.
-
-Be sure to make these edits. Under ``[daemons]`` you should see:
-
-::
-
-    ; enable SSL support by uncommenting the following line and supply the PEM's below.
-    ; the default ssl port CouchDB listens on is 6984
-    ;httpsd = {couch_httpd, start_link, [https]}
-
-Here uncomment the last line:
-
-::
-
-    httpsd = {couch_httpd, start_link, [https]}
-
-Next, under ``[ssl]`` you will see:
-
-::
-
-    ;cert_file = /full/path/to/server_cert.pem
-    ;key_file = /full/path/to/server_key.pem
-
-Uncomment and adjust the paths so it matches your system's paths:
-
-::
-
-    cert_file = /home/jan/cert/mycert.pem
-    key_file = /home/jan/cert/privkey.pem
-
-For more information please read
-`http://www.openssl.org/docs/HOWTO/certificates.txt`_.
-
-Now start (or restart) CouchDB. You should be able to connect to it
-using HTTPS on port 6984:
-
-::
-
-    shell> curl https://127.0.0.1:6984/
-    curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
-    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
-    More details here: http://curl.haxx.se/docs/sslcerts.html
-
-    curl performs SSL certificate verification by default, using a "bundle"
-    of Certificate Authority (CA) public keys (CA certs). If the default
-    bundle file isn't adequate, you can specify an alternate file
-    using the --cacert option.
-    If this HTTPS server uses a certificate signed by a CA represented in
-    the bundle, the certificate verification probably failed due to a
-    problem with the certificate (it might be expired, or the name might
-    not match the domain name in the URL).
-    If you'd like to turn off curl's verification of the certificate, use
-    the -k (or --insecure) option.
-
-Oh no what happened?! — Remember, clients will notify their users that
-your certificate is self signed. ``curl`` is the client in this case and
-it notifies you. Luckily you trust yourself (don't you?) and you can
-specify the ``-k`` option as the message reads:
-
-::
-
-    shell> curl -k https://127.0.0.1:6984/
-    {"couchdb":"Welcome","version":"|version|"}
-
-All done.
-
-.. _`http://www.openssl.org/docs/HOWTO/certificates.txt`: http://www.openssl.org/docs/HOWTO/certificates.txt


Mime
View raw message