Return-Path: 
 <user-return-23075-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 979A8D14E
	for <apmail-couchdb-user-archive@www.apache.org>;
 Wed, 12 Dec 2012 01:03:10 +0000 (UTC)
Received: (qmail 56170 invoked by uid 500); 12 Dec 2012 01:03:09 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 56137 invoked by uid 500); 12 Dec 2012 01:03:09 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 56129 invoked by uid 99); 12 Dec 2012 01:03:08 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Dec 2012 01:03:08 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of nestor.urquiza@gmail.com
 designates 209.85.220.52 as permitted sender)
Received: from [209.85.220.52] (HELO mail-pa0-f52.google.com) (209.85.220.52)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Dec 2012 01:03:03 +0000
Received: by mail-pa0-f52.google.com with SMTP id fb1so88267pad.11
        for <user@couchdb.apache.org>; Tue, 11 Dec 2012 17:02:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=Ks6qbz7AkHbjVKDROW/7WofAQts2t8Mudh0xz4zUQbI=;
        b=ZHCDqbWEOJ3UvfdF35j3hmrTEsf/04pBGQQcCLHjkj3EP/qXa95Ti8TkpBD7Hj0All
         C6x6fOd3mn8Tn3KH38SKucyeudPWmhT4XEjJ31xinmeG4xm79qRTj+54SIO5jkcxpXT4
         Vtxhpvm4S4imWxpVEKXtur7AJi2c6JutUVhEk+D0edwEFH9kOtsn9u3uX0mW3xNOl+ka
         0x5DTWL6YJ6qaI9h1Tbjyo3g27pWhL6OTVR/qjZfPnkglFbzd3Fvcz8/W6MyiIQACrYU
         LZHPsmmYuP7zfoNFmhYlFbI+tB0cGtyEh6u/e/Luzfog9CDYoWxdhOdZeCxdm2ChaM9v
         zYiA==
MIME-Version: 1.0
Received: by 10.68.241.103 with SMTP id wh7mr38003170pbc.153.1355274163310;
 Tue, 11 Dec 2012 17:02:43 -0800 (PST)
Received: by 10.66.191.41 with HTTP; Tue, 11 Dec 2012 17:02:43 -0800 (PST)
In-Reply-To: <F431F806-E2F6-43B6-8460-429E1F54C485@apache.org>
References: 
 <CAGkcVShNmsui=i-0DJrcumubOdrkWKge3PLJN5wpVwx3zfrS9w@mail.gmail.com>
	<CAGkcVSgfYcmVpV_cnMWwXBQxR2b_vy+OSyCQ7xk9L-ovpPXzvw@mail.gmail.com>
	<9F256A04-37E0-46F8-A015-B4EC489D5993@vpro.nl>
	<CAJNb-9rHt-tK=WdrKNk2YWtqR63Vc3gi3yS8bU4+qSH0T2FWLg@mail.gmail.com>
	<CABvT1DF-Q0wkHrrGGi1tuy5vQfcqAGEXzxc4vwn+oVH5qj0PLQ@mail.gmail.com>
	<CAGkcVShdn_rT8gSjb-qEs6134QtsH_OVH7CB+r8epryv5bwAnw@mail.gmail.com>
	<CAJNb-9q4GeDX3JGuNi5QfYAySe4N2mVYWXVAgKpOaDqZR0JXiw@mail.gmail.com>
	<CAGkcVSjQJ5TBQoAASZGeU4ifASh8GhgS3U4NcBWt66pip7f2fg@mail.gmail.com>
	<CAHZBNKYTiBGSUL3vOjdoaewtQDZ6QZpmVNxh7RdUynjKVzk9Gw@mail.gmail.com>
	<0DA78DE9-4C66-4364-92C6-1A80FD38F50E@apache.org>
	<CAGkcVSixt5NKVJweuzaepLGTOP2hqG7V2sPqPe5Sz3uzpR5=EA@mail.gmail.com>
	<F431F806-E2F6-43B6-8460-429E1F54C485@apache.org>
Date: Tue, 11 Dec 2012 20:02:43 -0500
Message-ID: 
 <CAGkcVSizN9KQkNAC-BPZHiKqYL2q8hVjjeejo4D255nwv+Z6Ag@mail.gmail.com>
Subject: Re: Disable default unsecure plain HTTP 5984
From: Nestor Urquiza <nestor.urquiza@gmail.com>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

Adam,

Thank you very much. Too much bash recently so I completely miss the
fact I was using the wrong comment syntax.

Cheers,
-Nestor

On Tue, Dec 11, 2012 at 3:04 PM, Adam Kocoloski <kocolosk@apache.org> wrote:
> I think that may be the wrong syntax for .ini file comments.  Can you try a leading ";" instead?
>
> Adam
>
> On Dec 11, 2012, at 3:02 PM, Nestor Urquiza <nestor.urquiza@gmail.com> wrote:
>
>> This is an old thread but the issue is back in version 1.2.0
>>
>> Commenting out the suggested line from default.ini ...
>> [daemons]
>> #httpd={couch_httpd, start_link, []}
>>
>> ... does not stop couchdb from listening in the unsecure plain HTTP 5984:
>> dev@udesktop2:~$ sudo /etc/init.d/couchdb restart
>> * Restarting database server couchdb
>>
>>
>>
>>                                                                   [
>> OK ]
>> dev@udesktop2:~$ curl -X GET http://localhost:5984
>> {"couchdb":"Welcome","version":"1.2.0"}
>> dev@udesktop2:~$ curl -k -X GET https://localhost:6984
>> {"couchdb":"Welcome","version":"1.2.0"}
>> dev@udesktop2:~$
>>
>> Any ideas other than using iptables?
>>
>> On Fri, Oct 21, 2011 at 11:59 AM, Jan Lehnardt <jan@apache.org> wrote:
>>>
>>> On Oct 21, 2011, at 15:21 , Dave Cottlehuber wrote:
>>>
>>>> On 21 October 2011 15:16, Nestor Urquiza <nestor.urquiza@gmail.com> wrote:
>>>>> That was it: I did the change in default,ini and that did the trick.
>>>>> Thanks!
>>>>> -Nestor
>>>>>
>>>>> On Fri, Oct 21, 2011 at 8:53 AM, Benoit Chesneau <bchesneau@gmail.com> wrote:
>>>>>> On Fri, Oct 21, 2011 at 2:37 PM, Nestor Urquiza
>>>>>> <nestor.urquiza@gmail.com> wrote:
>>>>>>> Thanks for the fast responses.
>>>>>>>
>>>>>>> Here is what I have in daemons section:
>>>>>>> [daemons]
>>>>>>> ; enable SSL support by uncommenting the following line and supply the
>>>>>>> PEM's below.
>>>>>>> ; the default ssl port CouchDB listens on is 6984
>>>>>>> httpsd = {couch_httpd, start_link, [https]}
>>>>>>>
>>>>>>> Still I get the below:
>>>>>>> $ ./utils/run
>>>>>>> Apache CouchDB 1.1.1a1186848 (LogLevel=info) is starting.
>>>>>>> [info] [<0.97.0>] Attempting to start replication
>>>>>>> `d30383157f3a29c1356051d04c7a5ed8+continuous+create_target` (document
>>>>>>> `by_clientId`).
>>>>>>> Apache CouchDB has started. Time to relax.
>>>>>>> [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/
>>>>>>> [info] [<0.31.0>] Apache CouchDB has started on https://127.0.0.1:6984/
>>>>>>>
>>>>>>> Not sure what I am missing.
>>>>>>> Best,
>>>>>>> -Nestor
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Oct 21, 2011 at 7:32 AM, Robert Newson <rnewson@apache.org> wrote:
>>>>>>>> Fairly sure you can do as Benoit suggests. It was certainly my
>>>>>>>> intention to allow one or other or both, and that was the case when I
>>>>>>>> did the original work.
>>>>>>>>
>>>>>>>> B.
>>>>>>>>
>>>>>>>> On 21 October 2011 12:24, Benoit Chesneau <bchesneau@gmail.com> wrote:
>>>>>>>>> On Fri, Oct 21, 2011 at 12:56 PM, Nils Breunese <N.Breunese@vpro.nl> wrote:
>>>>>>>>>> Nestor Urquiza wrote:
>>>>>>>>>>
>>>>>>>>>>> Is it possible to leave just SSL (6984) listening? I have enabled SSL
>>>>>>>>>>> but requests are still accepted via plain HTTP 5984.
>>>>>>>>>>
>>>>>>>>>> I don't know if CouchDB has a configuration setting that lets you disable HTTP, but I guess you could use a firewall to block access to the HTTP port?
>>>>>>>>>>
>>>>>>>>>> Nils.
>>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>> VPRO   www.vpro.nl
>>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>> You can probably comment the httpd line in [daemons] and only use the https one.
>>>>>>>>>
>>>>>>>>> - benoit
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> did you comment the line in default.ini?
>>>>>>
>>>>>> - benoit
>>>>>>
>>>>>
>>>>
>>>> Is there a sensible way to do this in local.ini to avoid advising
>>>> users to fiddle with default.ini, which gets over-written each
>>>> release?
>>>
>>> Good catch, currently not.
>>>
>>> Cheers
>>> Jan
>>> --
>>>
>