couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Disable default unsecure plain HTTP 5984
Date Fri, 21 Oct 2011 15:59:46 GMT

On Oct 21, 2011, at 15:21 , Dave Cottlehuber wrote:

> On 21 October 2011 15:16, Nestor Urquiza <nestor.urquiza@gmail.com> wrote:
>> That was it: I did the change in default,ini and that did the trick.
>> Thanks!
>> -Nestor
>> 
>> On Fri, Oct 21, 2011 at 8:53 AM, Benoit Chesneau <bchesneau@gmail.com> wrote:
>>> On Fri, Oct 21, 2011 at 2:37 PM, Nestor Urquiza
>>> <nestor.urquiza@gmail.com> wrote:
>>>> Thanks for the fast responses.
>>>> 
>>>> Here is what I have in daemons section:
>>>> [daemons]
>>>> ; enable SSL support by uncommenting the following line and supply the
>>>> PEM's below.
>>>> ; the default ssl port CouchDB listens on is 6984
>>>> httpsd = {couch_httpd, start_link, [https]}
>>>> 
>>>> Still I get the below:
>>>> $ ./utils/run
>>>> Apache CouchDB 1.1.1a1186848 (LogLevel=info) is starting.
>>>> [info] [<0.97.0>] Attempting to start replication
>>>> `d30383157f3a29c1356051d04c7a5ed8+continuous+create_target` (document
>>>> `by_clientId`).
>>>> Apache CouchDB has started. Time to relax.
>>>> [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/
>>>> [info] [<0.31.0>] Apache CouchDB has started on https://127.0.0.1:6984/
>>>> 
>>>> Not sure what I am missing.
>>>> Best,
>>>> -Nestor
>>>> 
>>>> 
>>>> On Fri, Oct 21, 2011 at 7:32 AM, Robert Newson <rnewson@apache.org>
wrote:
>>>>> Fairly sure you can do as Benoit suggests. It was certainly my
>>>>> intention to allow one or other or both, and that was the case when I
>>>>> did the original work.
>>>>> 
>>>>> B.
>>>>> 
>>>>> On 21 October 2011 12:24, Benoit Chesneau <bchesneau@gmail.com>
wrote:
>>>>>> On Fri, Oct 21, 2011 at 12:56 PM, Nils Breunese <N.Breunese@vpro.nl>
wrote:
>>>>>>> Nestor Urquiza wrote:
>>>>>>> 
>>>>>>>> Is it possible to leave just SSL (6984) listening? I have
enabled SSL
>>>>>>>> but requests are still accepted via plain HTTP 5984.
>>>>>>> 
>>>>>>> I don't know if CouchDB has a configuration setting that lets
you disable HTTP, but I guess you could use a firewall to block access to the HTTP port?
>>>>>>> 
>>>>>>> Nils.
>>>>>>> ------------------------------------------------------------------------
>>>>>>>  VPRO   www.vpro.nl
>>>>>>> ------------------------------------------------------------------------
>>>>>>> 
>>>>>> You can probably comment the httpd line in [daemons] and only use
the https one.
>>>>>> 
>>>>>> - benoit
>>>>>> 
>>>>> 
>>>> 
>>> 
>>> did you comment the line in default.ini?
>>> 
>>> - benoit
>>> 
>> 
> 
> Is there a sensible way to do this in local.ini to avoid advising
> users to fiddle with default.ini, which gets over-written each
> release?

Good catch, currently not.

Cheers
Jan
-- 


Mime
View raw message