You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2016/04/30 00:36:04 UTC
couchdb commit: updated refs/heads/encrypted-rpc to e189045
Repository: couchdb
Updated Branches:
refs/heads/encrypted-rpc c08961e35 -> e189045d5
Enable TLS on the clustered HTTP ports
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e189045d
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e189045d
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e189045d
Branch: refs/heads/encrypted-rpc
Commit: e189045d54dfc586969cef9759df79519c5636fc
Parents: c08961e
Author: Robert Newson <rn...@apache.org>
Authored: Fri Apr 29 23:31:03 2016 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Fri Apr 29 23:35:56 2016 +0100
----------------------------------------------------------------------
dev/run | 1 +
rel/overlay/etc/default.ini | 10 +++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/e189045d/dev/run
----------------------------------------------------------------------
diff --git a/dev/run b/dev/run
index d2705f7..c1a5c9e 100755
--- a/dev/run
+++ b/dev/run
@@ -170,6 +170,7 @@ def setup_configs(ctx):
"lib", node, "data"),
"node_name": "-name %s@127.0.0.1" % node,
"cluster_port": cluster_port,
+ "cluster_tls_port": cluster_port + 1,
"backend_port": backend_port,
"fauxton_root": "src/fauxton/dist/release",
"uuid": "fake_uuid_for_dev"
http://git-wip-us.apache.org/repos/asf/couchdb/blob/e189045d/rel/overlay/etc/default.ini
----------------------------------------------------------------------
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 26471df..d59004c 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -75,8 +75,16 @@ enable_cors = false
; CouchDB can optionally enforce a maximum uri length;
; max_uri_length = 8000
+[daemons]
+httpsd = {chttpd, start_link, [https]}
+
[ssl]
-port = 6984
+port = {{cluster_tls_port}}
+cert_file = {{prefix}}/ecc_cert.pem
+key_file = {{prefix}}/ecc_key.pem
+ciphers = [{ecdhe_ecdsa,aes_128_cbc,sha256}]
+tls_versions = ['tlsv1.2']
+secure_renegotiate = true
[couch_httpd_auth]
authentication_db = _users