Https Couchdb ssl未在端口6984上侦听
我一直在按照coach文档的说明设置couchdb以在SSL上运行。这很简单,您对local.ini进行了3次调整:Https Couchdb ssl未在端口6984上侦听,https,couchdb,Https,Couchdb,我一直在按照coach文档的说明设置couchdb以在SSL上运行。这很简单,您对local.ini进行了3次调整: httpsd = {chttpd, start_link, [https]} cert_file = absolute/path/to/cert.pem key_file = absolute/path/to/key.pem 我使用openssl使密钥和证书没有问题,但每当我在本地主机上ping端口6984(默认情况下应该运行的端口)时,我只会得到一个非活动端口: ==>
httpsd = {chttpd, start_link, [https]}
cert_file = absolute/path/to/cert.pem
key_file = absolute/path/to/key.pem
==> curl https://127.0.0.1:6984/
curl: (7) Failed to connect to 127.0.0.1 port 6984: Connection refused
我检查了港口,那里什么也没有。我可以在端口上安装node.js服务器,它也可以正常工作。我在任何地方都找不到类似的情况。我正在运行MacOSXCouchDB应用程序(v2.1.2)。ssl服务器守护进程似乎完全没有运行。沙发里的其他东西都很好用。也许我必须调整local.ini文件来打开守护进程?真的不知道。非常感谢您的建议。不确定这是否会成为一个非常流行的问题,但我想指出,使用couchdb设置SSL的一种非常流行的方法是使用类似haproxy的代理,因为SSL和erlang(couchdb是用它编写的)会带来麻烦 也就是说,我通过在haproxy上设置SSL终端,然后将流量转发到内部端口上的couchdb,解决了我的问题。在MacOSX机器上使用这些步骤非常简单 1) 使用brew安装haproxy
brew安装haproxyglobal
maxconn 512
spread-checks 5
defaults
mode http
log global
monitor-uri /_haproxy_health_check
option log-health-checks
option httplog
balance roundrobin
option forwardfor
option redispatch
retries 4
option http-server-close
timeout client 150000
timeout server 3600000
timeout connect 500
stats enable
stats uri /_haproxy_stats
# stats auth admin:admin # Uncomment for basic auth
frontend http-in
# bind *:$HAPROXY_PORT
bind *:443 ssl crt /absolute/path/to/combined.pem no-tls-tickets ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:!MD5:!aNULL:!DH:!RC4
#Add these lines beneath bind, still within http-in
reqadd X-Forwarded-Proto:\ https
# Distinguish between secure and insecure requests
acl secure dst_port eq 8000
# Mark all cookies as secure if sent over SSL
rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure
# Add the HSTS header with a 1 year max-age
rspadd Strict-Transport-Security:\ max-age=31536000 if secure
# Redirect HTTP to HTTPS
redirect scheme https code 301 if !{ ssl_fc }
default_backend couchdbs
backend couchdbs
option httpchk GET /_up
http-check disable-on-404
server couchdb1 127.0.0.1:5984 check inter 5s
haproxy-f haproxy.cfg这是一个简单的起点。此设置可以处理多个CouchDB的负载平衡,并且在生产中需要来自某个权威机构的有效证书。对于任何对mac OSX开发环境中的ssl和couchdb感兴趣或有困难的人来说,这是一个不错的解决方案,我发现它运行得非常好。作为旁注,由于您的ssl证书是自签名的,您需要使用
curl-kglobal
maxconn 512
spread-checks 5
defaults
mode http
log global
monitor-uri /_haproxy_health_check
option log-health-checks
option httplog
balance roundrobin
option forwardfor
option redispatch
retries 4
option http-server-close
timeout client 150000
timeout server 3600000
timeout connect 500
stats enable
stats uri /_haproxy_stats
# stats auth admin:admin # Uncomment for basic auth
frontend http-in
# bind *:$HAPROXY_PORT
bind *:443 ssl crt /absolute/path/to/combined.pem no-tls-tickets ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:!MD5:!aNULL:!DH:!RC4
#Add these lines beneath bind, still within http-in
reqadd X-Forwarded-Proto:\ https
# Distinguish between secure and insecure requests
acl secure dst_port eq 8000
# Mark all cookies as secure if sent over SSL
rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure
# Add the HSTS header with a 1 year max-age
rspadd Strict-Transport-Security:\ max-age=31536000 if secure
# Redirect HTTP to HTTPS
redirect scheme https code 301 if !{ ssl_fc }
default_backend couchdbs
backend couchdbs
option httpchk GET /_up
http-check disable-on-404
server couchdb1 127.0.0.1:5984 check inter 5s