1. 首页
  2. 问答
  3. 用SSL启动CouchDB

用SSL启动CouchDB

2011-05-27 78 views
3

我想通过SSL让CouchDB在我们的服务器上工作。用SSL启动CouchDB

我已经添加下面我们对Default.ini

[daemons] 
... 
httpsd = {couch_httpd, start_link, [https]} 

[ssl] 
cert_file = /the/path/to/my/certicifate/here 
key_file = /the/path/to/my/key/here

当我重新启动CouchDB的我得到我的couch.log以下文件:

[Fri, 27 May 2011 00:18:38 GMT] [error] [<0.86.0>] {error_report,<0.31.0>, 
{<0.86.0>,supervisor_report, 
[{supervisor,{local,couch_secondary_services}}, 
    {errorContext,start_error}, 
    {reason, 
     {'EXIT', 
      {undef, 
       [{couch_httpd,start_link,[https]}, 
       {supervisor,do_start_child,2}, 
       {supervisor,start_children,3}, 
       {supervisor,init_children,2}, 
       {gen_server,init_it,6}, 
       {proc_lib,init_p_do_apply,3}]}}}, 
    {offender, 
     [{pid,undefined}, 
     {name,httpsd}, 
     {mfargs,{couch_httpd,start_link,[https]}}, 
     {restart_type,permanent}, 
     {shutdown,1000}, 
     {child_type,worker}]}]}} 

[Fri, 27 May 2011 00:18:38 GMT] [error] [<0.78.0>] {error_report,<0.31.0>, 
{<0.78.0>,supervisor_report, 
[{supervisor,{local,couch_server_sup}}, 
    {errorContext,start_error}, 
    {reason,shutdown}, 
    {offender, 
     [{pid,undefined}, 
     {name,couch_secondary_services}, 
     {mfargs,{couch_server_sup,start_secondary_services,[]}}, 
     {restart_type,permanent}, 
     {shutdown,infinity}, 
     {child_type,supervisor}]}]}}

任何提示或建议?

来源

2011-05-27 Joel Jackson

回答

2

本机SSL支持存在于CouchDB 1.1中,而当前的CouchDB版本是版本1.0.2 iirc。除非你从trunk或者类似的东西结帐,否则你的CouchDB本身不支持SSL。

来源

2011-05-27 10:09:27 titanoboa

+0

哦,我很惊讶,我在我的谷歌的旅程,解决问题过程中没跑成。谢谢你的帮助! – 2011-05-27 17:01:18

3

如果有人有兴趣,我们如何最终解决了这个:(当然在将来的版本中,你应该能够做到我在我的问题问的东西。)

我们使用的nginx作为沙发上的反向代理: http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy

nginx的配置文件:

user www-data; 
worker_processes 1; 

error_log /var/log/nginx/error.log; 
pid  /var/run/nginx.pid; 

events { 
    worker_connections 1024; 
} 

http { 
    include  /etc/nginx/mime.types; 

    access_log /var/log/nginx/access.log; 

    sendfile  on; 

    keepalive_timeout 65; 
    tcp_nodelay  on; 

    gzip on; 
    gzip_disable "MSIE [1-6]\.(?!.*SV1)"; 

    include /etc/nginx/conf.d/*.conf; 
    include /etc/nginx/sites-enabled/*; 

    server { 
     listen   80; 
     server_name couch.touchmetric.com; 
     location/{ 
      proxy_pass http://localhost:5984; 
      proxy_redirect off; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     } 
    } 

    server { 
     listen   443; 
     server_name couch.touchmetric.com; 

     ssl on; 
     ssl_certificate /path/here; 
     ssl_certificate_key /other/path/here; 
     ssl_protocols SSLv3; 
     ssl_session_cache shared:SSL:1m; 

     location/{ 
      proxy_pass http://localhost:5984; 
      proxy_redirect off; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Ssl on; 
     } 
    } 

}

来源

2011-05-31 09:49:00

相关问题

 相关问题