couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Scharrer <michael_...@hotmail.de>
Subject CouchDB Admin Local Port over https
Date Tue, 20 Nov 2018 11:54:57 GMT
Hello,

currently I am running CouchDB Version 2.2 on the following Ports, 5984,5986, 6984 (ssl)

But it is also required to start the port 5986 over SSL as safety aspects because non ssl
is not allowed anymore in my usecase, but this seems not possible while looking upon to the
Erlang Module couch_httpd.erl... The webserver would also start with the existing Port 6984..

local.ini:

[daemons]
httpsd = {chttpd, start_link, [https]}
admin_httpds = {couch_httpd, start_link, [https]}


Here you will find my example to start the non local http port 5986 as ssl admin port with
6986:


-module(couch_httpd).

start_link() ->
    start_link(http).
start_link(http) ->
    Port = config:get("httpd", "port", "5984"),
    start_link(?MODULE, [{port, Port}]);
start_link(https) ->
    % Port = config:get("ssl", "port", "6984"),
    Port = config:get("ssl", "adminport", "6986"),
    {ok, Ciphers} = couch_util:parse_term(config:get("ssl", "ciphers", undefined)),
    {ok, Versions} = couch_util:parse_term(config:get("ssl", "tls_versions", undefined)),
    {ok, SecureRenegotiate} = couch_util:parse_term(config:get("ssl", "secure_renegotiate",
undefined)),
    ServerOpts0 =
        [{cacertfile, config:get("ssl", "cacert_file", undefined)},
            {keyfile, config:get("ssl", "key_file", undefined)},
            {certfile, config:get("ssl", "cert_file", undefined)},
            {password, config:get("ssl", "password", undefined)},
            {secure_renegotiate, SecureRenegotiate},
            {versions, Versions},
            {ciphers, Ciphers}],

    case (couch_util:get_value(keyfile, ServerOpts0) == undefined orelse
        couch_util:get_value(certfile, ServerOpts0) == undefined) of
        true ->
            couch_log:error("SSL enabled but PEM certificates are missing", []),
            throw({error, missing_certs});
        false ->
            ok
    end,

    ServerOpts = [Opt || {_, V}=Opt <- ServerOpts0, V /= undefined],

    ClientOpts = case config:get("ssl", "verify_ssl_certificates", "false") of
                     "false" ->
                         [];
                     "true" ->
                         FailIfNoPeerCert = case config:get("ssl", "fail_if_no_peer_cert",
"false") of
                                                "false" -> false;
                                                "true" -> true
                                            end,
                         [{depth, list_to_integer(config:get("ssl",
                             "ssl_certificate_max_depth", "1"))},
                             {fail_if_no_peer_cert, FailIfNoPeerCert},
                             {verify, verify_peer}] ++
                         case config:get("ssl", "verify_fun", undefined) of
                             undefined -> [];
                             SpecStr ->
                                 [{verify_fun, make_arity_3_fun(SpecStr)}]
                         end
                 end,
    SslOpts = ServerOpts ++ ClientOpts,

    Options =
        [{port, Port},
            {ssl, true},
            {ssl_opts, SslOpts}],
    %start_link(https, Options).
    start_link(admin_https, Options).



------------


stop() ->
    mochiweb_http:stop(couch_httpd),
    catch mochiweb_http:stop(https).

to the following code:

stop() ->
mochiweb_http:stop(couch_httpd),
catch mochiweb_http:stop(admin_https).





Best regards,


Michael
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message