incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Disable default unsecure plain HTTP 5984
Date Fri, 21 Oct 2011 12:53:09 GMT
On Fri, Oct 21, 2011 at 2:37 PM, Nestor Urquiza
<nestor.urquiza@gmail.com> wrote:
> Thanks for the fast responses.
>
> Here is what I have in daemons section:
> [daemons]
> ; enable SSL support by uncommenting the following line and supply the
> PEM's below.
> ; the default ssl port CouchDB listens on is 6984
> httpsd = {couch_httpd, start_link, [https]}
>
> Still I get the below:
> $ ./utils/run
> Apache CouchDB 1.1.1a1186848 (LogLevel=info) is starting.
> [info] [<0.97.0>] Attempting to start replication
> `d30383157f3a29c1356051d04c7a5ed8+continuous+create_target` (document
> `by_clientId`).
> Apache CouchDB has started. Time to relax.
> [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/
> [info] [<0.31.0>] Apache CouchDB has started on https://127.0.0.1:6984/
>
> Not sure what I am missing.
> Best,
> -Nestor
>
>
> On Fri, Oct 21, 2011 at 7:32 AM, Robert Newson <rnewson@apache.org> wrote:
>> Fairly sure you can do as Benoit suggests. It was certainly my
>> intention to allow one or other or both, and that was the case when I
>> did the original work.
>>
>> B.
>>
>> On 21 October 2011 12:24, Benoit Chesneau <bchesneau@gmail.com> wrote:
>>> On Fri, Oct 21, 2011 at 12:56 PM, Nils Breunese <N.Breunese@vpro.nl> wrote:
>>>> Nestor Urquiza wrote:
>>>>
>>>>> Is it possible to leave just SSL (6984) listening? I have enabled SSL
>>>>> but requests are still accepted via plain HTTP 5984.
>>>>
>>>> I don't know if CouchDB has a configuration setting that lets you disable
HTTP, but I guess you could use a firewall to block access to the HTTP port?
>>>>
>>>> Nils.
>>>> ------------------------------------------------------------------------
>>>>  VPRO   www.vpro.nl
>>>> ------------------------------------------------------------------------
>>>>
>>> You can probably comment the httpd line in [daemons] and only use the https one.
>>>
>>> - benoit
>>>
>>
>

did you comment the line in default.ini?

- benoit

Mime
View raw message