incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <kocol...@apache.org>
Subject Re: Disable default unsecure plain HTTP 5984
Date Tue, 11 Dec 2012 20:04:33 GMT
I think that may be the wrong syntax for .ini file comments.  Can you try a leading ";" instead?

Adam

On Dec 11, 2012, at 3:02 PM, Nestor Urquiza <nestor.urquiza@gmail.com> wrote:

> This is an old thread but the issue is back in version 1.2.0
> 
> Commenting out the suggested line from default.ini ...
> [daemons]
> #httpd={couch_httpd, start_link, []}
> 
> ... does not stop couchdb from listening in the unsecure plain HTTP 5984:
> dev@udesktop2:~$ sudo /etc/init.d/couchdb restart
> * Restarting database server couchdb
> 
> 
> 
>                                                                   [
> OK ]
> dev@udesktop2:~$ curl -X GET http://localhost:5984
> {"couchdb":"Welcome","version":"1.2.0"}
> dev@udesktop2:~$ curl -k -X GET https://localhost:6984
> {"couchdb":"Welcome","version":"1.2.0"}
> dev@udesktop2:~$
> 
> Any ideas other than using iptables?
> 
> On Fri, Oct 21, 2011 at 11:59 AM, Jan Lehnardt <jan@apache.org> wrote:
>> 
>> On Oct 21, 2011, at 15:21 , Dave Cottlehuber wrote:
>> 
>>> On 21 October 2011 15:16, Nestor Urquiza <nestor.urquiza@gmail.com> wrote:
>>>> That was it: I did the change in default,ini and that did the trick.
>>>> Thanks!
>>>> -Nestor
>>>> 
>>>> On Fri, Oct 21, 2011 at 8:53 AM, Benoit Chesneau <bchesneau@gmail.com>
wrote:
>>>>> On Fri, Oct 21, 2011 at 2:37 PM, Nestor Urquiza
>>>>> <nestor.urquiza@gmail.com> wrote:
>>>>>> Thanks for the fast responses.
>>>>>> 
>>>>>> Here is what I have in daemons section:
>>>>>> [daemons]
>>>>>> ; enable SSL support by uncommenting the following line and supply
the
>>>>>> PEM's below.
>>>>>> ; the default ssl port CouchDB listens on is 6984
>>>>>> httpsd = {couch_httpd, start_link, [https]}
>>>>>> 
>>>>>> Still I get the below:
>>>>>> $ ./utils/run
>>>>>> Apache CouchDB 1.1.1a1186848 (LogLevel=info) is starting.
>>>>>> [info] [<0.97.0>] Attempting to start replication
>>>>>> `d30383157f3a29c1356051d04c7a5ed8+continuous+create_target` (document
>>>>>> `by_clientId`).
>>>>>> Apache CouchDB has started. Time to relax.
>>>>>> [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/
>>>>>> [info] [<0.31.0>] Apache CouchDB has started on https://127.0.0.1:6984/
>>>>>> 
>>>>>> Not sure what I am missing.
>>>>>> Best,
>>>>>> -Nestor
>>>>>> 
>>>>>> 
>>>>>> On Fri, Oct 21, 2011 at 7:32 AM, Robert Newson <rnewson@apache.org>
wrote:
>>>>>>> Fairly sure you can do as Benoit suggests. It was certainly my
>>>>>>> intention to allow one or other or both, and that was the case
when I
>>>>>>> did the original work.
>>>>>>> 
>>>>>>> B.
>>>>>>> 
>>>>>>> On 21 October 2011 12:24, Benoit Chesneau <bchesneau@gmail.com>
wrote:
>>>>>>>> On Fri, Oct 21, 2011 at 12:56 PM, Nils Breunese <N.Breunese@vpro.nl>
wrote:
>>>>>>>>> Nestor Urquiza wrote:
>>>>>>>>> 
>>>>>>>>>> Is it possible to leave just SSL (6984) listening?
I have enabled SSL
>>>>>>>>>> but requests are still accepted via plain HTTP 5984.
>>>>>>>>> 
>>>>>>>>> I don't know if CouchDB has a configuration setting that
lets you disable HTTP, but I guess you could use a firewall to block access to the HTTP port?
>>>>>>>>> 
>>>>>>>>> Nils.
>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>> VPRO   www.vpro.nl
>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>> 
>>>>>>>> You can probably comment the httpd line in [daemons] and
only use the https one.
>>>>>>>> 
>>>>>>>> - benoit
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>> 
>>>>> did you comment the line in default.ini?
>>>>> 
>>>>> - benoit
>>>>> 
>>>> 
>>> 
>>> Is there a sensible way to do this in local.ini to avoid advising
>>> users to fiddle with default.ini, which gets over-written each
>>> release?
>> 
>> Good catch, currently not.
>> 
>> Cheers
>> Jan
>> --
>> 


Mime
View raw message