You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2016/04/30 00:36:04 UTC

couchdb commit: updated refs/heads/encrypted-rpc to e189045

Repository: couchdb
Updated Branches:
  refs/heads/encrypted-rpc c08961e35 -> e189045d5


Enable TLS on the clustered HTTP ports


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e189045d
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e189045d
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e189045d

Branch: refs/heads/encrypted-rpc
Commit: e189045d54dfc586969cef9759df79519c5636fc
Parents: c08961e
Author: Robert Newson <rn...@apache.org>
Authored: Fri Apr 29 23:31:03 2016 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Fri Apr 29 23:35:56 2016 +0100

----------------------------------------------------------------------
 dev/run                     |  1 +
 rel/overlay/etc/default.ini | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/e189045d/dev/run
----------------------------------------------------------------------
diff --git a/dev/run b/dev/run
index d2705f7..c1a5c9e 100755
--- a/dev/run
+++ b/dev/run
@@ -170,6 +170,7 @@ def setup_configs(ctx):
                                                 "lib", node, "data"),
             "node_name": "-name %s@127.0.0.1" % node,
             "cluster_port": cluster_port,
+            "cluster_tls_port": cluster_port + 1,
             "backend_port": backend_port,
             "fauxton_root": "src/fauxton/dist/release",
             "uuid": "fake_uuid_for_dev"

http://git-wip-us.apache.org/repos/asf/couchdb/blob/e189045d/rel/overlay/etc/default.ini
----------------------------------------------------------------------
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 26471df..d59004c 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -75,8 +75,16 @@ enable_cors = false
 ; CouchDB can optionally enforce a maximum uri length;
 ; max_uri_length = 8000
 
+[daemons]
+httpsd = {chttpd, start_link, [https]}
+
 [ssl]
-port = 6984
+port = {{cluster_tls_port}}
+cert_file = {{prefix}}/ecc_cert.pem
+key_file = {{prefix}}/ecc_key.pem
+ciphers =  [{ecdhe_ecdsa,aes_128_cbc,sha256}]
+tls_versions = ['tlsv1.2']
+secure_renegotiate = true
 
 [couch_httpd_auth]
 authentication_db = _users