couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nestor Urquiza <nestor.urqu...@gmail.com>
Subject Re: Disable default unsecure plain HTTP 5984
Date Tue, 11 Dec 2012 20:02:25 GMT
This is an old thread but the issue is back in version 1.2.0

Commenting out the suggested line from default.ini ...
[daemons]
#httpd={couch_httpd, start_link, []}

... does not stop couchdb from listening in the unsecure plain HTTP 5984:
dev@udesktop2:~$ sudo /etc/init.d/couchdb restart
 * Restarting database server couchdb



                                                                   [
OK ]
dev@udesktop2:~$ curl -X GET http://localhost:5984
{"couchdb":"Welcome","version":"1.2.0"}
dev@udesktop2:~$ curl -k -X GET https://localhost:6984
{"couchdb":"Welcome","version":"1.2.0"}
dev@udesktop2:~$

Any ideas other than using iptables?

On Fri, Oct 21, 2011 at 11:59 AM, Jan Lehnardt <jan@apache.org> wrote:
>
> On Oct 21, 2011, at 15:21 , Dave Cottlehuber wrote:
>
>> On 21 October 2011 15:16, Nestor Urquiza <nestor.urquiza@gmail.com> wrote:
>>> That was it: I did the change in default,ini and that did the trick.
>>> Thanks!
>>> -Nestor
>>>
>>> On Fri, Oct 21, 2011 at 8:53 AM, Benoit Chesneau <bchesneau@gmail.com>
wrote:
>>>> On Fri, Oct 21, 2011 at 2:37 PM, Nestor Urquiza
>>>> <nestor.urquiza@gmail.com> wrote:
>>>>> Thanks for the fast responses.
>>>>>
>>>>> Here is what I have in daemons section:
>>>>> [daemons]
>>>>> ; enable SSL support by uncommenting the following line and supply the
>>>>> PEM's below.
>>>>> ; the default ssl port CouchDB listens on is 6984
>>>>> httpsd = {couch_httpd, start_link, [https]}
>>>>>
>>>>> Still I get the below:
>>>>> $ ./utils/run
>>>>> Apache CouchDB 1.1.1a1186848 (LogLevel=info) is starting.
>>>>> [info] [<0.97.0>] Attempting to start replication
>>>>> `d30383157f3a29c1356051d04c7a5ed8+continuous+create_target` (document
>>>>> `by_clientId`).
>>>>> Apache CouchDB has started. Time to relax.
>>>>> [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/
>>>>> [info] [<0.31.0>] Apache CouchDB has started on https://127.0.0.1:6984/
>>>>>
>>>>> Not sure what I am missing.
>>>>> Best,
>>>>> -Nestor
>>>>>
>>>>>
>>>>> On Fri, Oct 21, 2011 at 7:32 AM, Robert Newson <rnewson@apache.org>
wrote:
>>>>>> Fairly sure you can do as Benoit suggests. It was certainly my
>>>>>> intention to allow one or other or both, and that was the case when
I
>>>>>> did the original work.
>>>>>>
>>>>>> B.
>>>>>>
>>>>>> On 21 October 2011 12:24, Benoit Chesneau <bchesneau@gmail.com>
wrote:
>>>>>>> On Fri, Oct 21, 2011 at 12:56 PM, Nils Breunese <N.Breunese@vpro.nl>
wrote:
>>>>>>>> Nestor Urquiza wrote:
>>>>>>>>
>>>>>>>>> Is it possible to leave just SSL (6984) listening? I
have enabled SSL
>>>>>>>>> but requests are still accepted via plain HTTP 5984.
>>>>>>>>
>>>>>>>> I don't know if CouchDB has a configuration setting that
lets you disable HTTP, but I guess you could use a firewall to block access to the HTTP port?
>>>>>>>>
>>>>>>>> Nils.
>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>  VPRO   www.vpro.nl
>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>
>>>>>>> You can probably comment the httpd line in [daemons] and only
use the https one.
>>>>>>>
>>>>>>> - benoit
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> did you comment the line in default.ini?
>>>>
>>>> - benoit
>>>>
>>>
>>
>> Is there a sensible way to do this in local.ini to avoid advising
>> users to fiddle with default.ini, which gets over-written each
>> release?
>
> Good catch, currently not.
>
> Cheers
> Jan
> --
>

Mime
View raw message