Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3FCE29CF5 for ; Fri, 21 Oct 2011 12:38:13 +0000 (UTC) Received: (qmail 54566 invoked by uid 500); 21 Oct 2011 12:38:11 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 54535 invoked by uid 500); 21 Oct 2011 12:38:11 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 54527 invoked by uid 99); 21 Oct 2011 12:38:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Oct 2011 12:38:11 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of nestor.urquiza@gmail.com designates 209.85.212.52 as permitted sender) Received: from [209.85.212.52] (HELO mail-vw0-f52.google.com) (209.85.212.52) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Oct 2011 12:38:06 +0000 Received: by vws10 with SMTP id 10so4171924vws.11 for ; Fri, 21 Oct 2011 05:37:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=+lh/18XIGyQOrnWkNe+RQOKmh2PKDMH2hg0EcQ3Lx8k=; b=IA6rxXPVXQFuCVd9nDAhfiWhG2XRu/90AaPOSMF2fxdKWY5n4+qR/25eJkjsbISs3H ai6YHTBhky0AcP4M+sUDSCBUm130M0JBVTjcO2EL+TD/vZjHHTk3KpvubSlH6mAfVWXN RCuNLScExb/2/OagUMTtxxQCDqkI5dfJNSxYM= MIME-Version: 1.0 Received: by 10.182.41.4 with SMTP id b4mr1027135obl.76.1319200665820; Fri, 21 Oct 2011 05:37:45 -0700 (PDT) Received: by 10.182.15.101 with HTTP; Fri, 21 Oct 2011 05:37:45 -0700 (PDT) In-Reply-To: References: <9F256A04-37E0-46F8-A015-B4EC489D5993@vpro.nl> Date: Fri, 21 Oct 2011 08:37:45 -0400 Message-ID: Subject: Re: Disable default unsecure plain HTTP 5984 From: Nestor Urquiza To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Thanks for the fast responses. Here is what I have in daemons section: [daemons] ; enable SSL support by uncommenting the following line and supply the PEM's below. ; the default ssl port CouchDB listens on is 6984 httpsd =3D {couch_httpd, start_link, [https]} Still I get the below: $ ./utils/run Apache CouchDB 1.1.1a1186848 (LogLevel=3Dinfo) is starting. [info] [<0.97.0>] Attempting to start replication `d30383157f3a29c1356051d04c7a5ed8+continuous+create_target` (document `by_clientId`). Apache CouchDB has started. Time to relax. [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/ [info] [<0.31.0>] Apache CouchDB has started on https://127.0.0.1:6984/ Not sure what I am missing. Best, -Nestor On Fri, Oct 21, 2011 at 7:32 AM, Robert Newson wrote: > Fairly sure you can do as Benoit suggests. It was certainly my > intention to allow one or other or both, and that was the case when I > did the original work. > > B. > > On 21 October 2011 12:24, Benoit Chesneau wrote: >> On Fri, Oct 21, 2011 at 12:56 PM, Nils Breunese wro= te: >>> Nestor Urquiza wrote: >>> >>>> Is it possible to leave just SSL (6984) listening? I have enabled SSL >>>> but requests are still accepted via plain HTTP 5984. >>> >>> I don't know if CouchDB has a configuration setting that lets you disab= le HTTP, but I guess you could use a firewall to block access to the HTTP p= ort? >>> >>> Nils. >>> -----------------------------------------------------------------------= - >>> =A0VPRO =A0 www.vpro.nl >>> -----------------------------------------------------------------------= - >>> >> You can probably comment the httpd line in [daemons] and only use the ht= tps one. >> >> - benoit >> >