Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@couchdb.apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Apple Message framework v1251.1)
Subject: Re: Disable default unsecure plain HTTP 5984
From: Jan Lehnardt <jan@apache.org>
In-Reply-To: 
 <CAHZBNKYTiBGSUL3vOjdoaewtQDZ6QZpmVNxh7RdUynjKVzk9Gw@mail.gmail.com>
Date: Fri, 21 Oct 2011 17:59:46 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <0DA78DE9-4C66-4364-92C6-1A80FD38F50E@apache.org>
References: 
 <CAGkcVShNmsui=i-0DJrcumubOdrkWKge3PLJN5wpVwx3zfrS9w@mail.gmail.com>
 <CAGkcVSgfYcmVpV_cnMWwXBQxR2b_vy+OSyCQ7xk9L-ovpPXzvw@mail.gmail.com>
 <9F256A04-37E0-46F8-A015-B4EC489D5993@vpro.nl>
 <CAJNb-9rHt-tK=WdrKNk2YWtqR63Vc3gi3yS8bU4+qSH0T2FWLg@mail.gmail.com>
 <CABvT1DF-Q0wkHrrGGi1tuy5vQfcqAGEXzxc4vwn+oVH5qj0PLQ@mail.gmail.com>
 <CAGkcVShdn_rT8gSjb-qEs6134QtsH_OVH7CB+r8epryv5bwAnw@mail.gmail.com>
 <CAJNb-9q4GeDX3JGuNi5QfYAySe4N2mVYWXVAgKpOaDqZR0JXiw@mail.gmail.com>
 <CAGkcVSjQJ5TBQoAASZGeU4ifASh8GhgS3U4NcBWt66pip7f2fg@mail.gmail.com>
 <CAHZBNKYTiBGSUL3vOjdoaewtQDZ6QZpmVNxh7RdUynjKVzk9Gw@mail.gmail.com>
To: user@couchdb.apache.org


On Oct 21, 2011, at 15:21 , Dave Cottlehuber wrote:

> On 21 October 2011 15:16, Nestor Urquiza <nestor.urquiza@gmail.com> =
wrote:
>> That was it: I did the change in default,ini and that did the trick.
>> Thanks!
>> -Nestor
>>=20
>> On Fri, Oct 21, 2011 at 8:53 AM, Benoit Chesneau =
<bchesneau@gmail.com> wrote:
>>> On Fri, Oct 21, 2011 at 2:37 PM, Nestor Urquiza
>>> <nestor.urquiza@gmail.com> wrote:
>>>> Thanks for the fast responses.
>>>>=20
>>>> Here is what I have in daemons section:
>>>> [daemons]
>>>> ; enable SSL support by uncommenting the following line and supply =
the
>>>> PEM's below.
>>>> ; the default ssl port CouchDB listens on is 6984
>>>> httpsd =3D {couch_httpd, start_link, [https]}
>>>>=20
>>>> Still I get the below:
>>>> $ ./utils/run
>>>> Apache CouchDB 1.1.1a1186848 (LogLevel=3Dinfo) is starting.
>>>> [info] [<0.97.0>] Attempting to start replication
>>>> `d30383157f3a29c1356051d04c7a5ed8+continuous+create_target` =
(document
>>>> `by_clientId`).
>>>> Apache CouchDB has started. Time to relax.
>>>> [info] [<0.31.0>] Apache CouchDB has started on =
http://127.0.0.1:5984/
>>>> [info] [<0.31.0>] Apache CouchDB has started on =
https://127.0.0.1:6984/
>>>>=20
>>>> Not sure what I am missing.
>>>> Best,
>>>> -Nestor
>>>>=20
>>>>=20
>>>> On Fri, Oct 21, 2011 at 7:32 AM, Robert Newson <rnewson@apache.org> =
wrote:
>>>>> Fairly sure you can do as Benoit suggests. It was certainly my
>>>>> intention to allow one or other or both, and that was the case =
when I
>>>>> did the original work.
>>>>>=20
>>>>> B.
>>>>>=20
>>>>> On 21 October 2011 12:24, Benoit Chesneau <bchesneau@gmail.com> =
wrote:
>>>>>> On Fri, Oct 21, 2011 at 12:56 PM, Nils Breunese =
<N.Breunese@vpro.nl> wrote:
>>>>>>> Nestor Urquiza wrote:
>>>>>>>=20
>>>>>>>> Is it possible to leave just SSL (6984) listening? I have =
enabled SSL
>>>>>>>> but requests are still accepted via plain HTTP 5984.
>>>>>>>=20
>>>>>>> I don't know if CouchDB has a configuration setting that lets =
you disable HTTP, but I guess you could use a firewall to block access =
to the HTTP port?
>>>>>>>=20
>>>>>>> Nils.
>>>>>>> =
------------------------------------------------------------------------
>>>>>>>  VPRO   www.vpro.nl
>>>>>>> =
------------------------------------------------------------------------
>>>>>>>=20
>>>>>> You can probably comment the httpd line in [daemons] and only use =
the https one.
>>>>>>=20
>>>>>> - benoit
>>>>>>=20
>>>>>=20
>>>>=20
>>>=20
>>> did you comment the line in default.ini?
>>>=20
>>> - benoit
>>>=20
>>=20
>=20
> Is there a sensible way to do this in local.ini to avoid advising
> users to fiddle with default.ini, which gets over-written each
> release?

Good catch, currently not.

Cheers
Jan
--=20