Enable TLS on the clustered HTTP portsencrypted-rpc

author: Robert Newson <rnewson@apache.org> 2016-04-29 23:31:03 +0100
committer: Robert Newson <rnewson@apache.org> 2016-04-29 23:35:56 +0100
commit: e189045d54dfc586969cef9759df79519c5636fc (patch)
tree: c8cb9eb3d5d578a71db63f0e22c1ff77ddf34308
parent: c08961e3540f3ecf4ec2e6f99089b8d2133114df (diff)
download: couchdb-encrypted-rpc.tar.gz
2 files changed, 10 insertions, 1 deletions
diff --git a/dev/run b/dev/run
index d2705f7d7..c1a5c9e27 100755
--- a/dev/run
+++ b/dev/run
@@ -170,6 +170,7 @@ def setup_configs(ctx):
                                                 "lib", node, "data"),
             "node_name": "-name %s@127.0.0.1" % node,
             "cluster_port": cluster_port,
+            "cluster_tls_port": cluster_port + 1,
             "backend_port": backend_port,
             "fauxton_root": "src/fauxton/dist/release",
             "uuid": "fake_uuid_for_dev"
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 26471dfc2..d59004cd0 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -75,8 +75,16 @@ enable_cors = false
 ; CouchDB can optionally enforce a maximum uri length;
 ; max_uri_length = 8000
 
+[daemons]
+httpsd = {chttpd, start_link, [https]}
+
 [ssl]
-port = 6984
+port = {{cluster_tls_port}}
+cert_file = {{prefix}}/ecc_cert.pem
+key_file = {{prefix}}/ecc_key.pem
+ciphers =  [{ecdhe_ecdsa,aes_128_cbc,sha256}]
+tls_versions = ['tlsv1.2']
+secure_renegotiate = true
 
 [couch_httpd_auth]
 authentication_db = _users
author	Robert Newson <rnewson@apache.org>	2016-04-29 23:31:03 +0100
committer	Robert Newson <rnewson@apache.org>	2016-04-29 23:35:56 +0100
commit	e189045d54dfc586969cef9759df79519c5636fc (patch)
tree	c8cb9eb3d5d578a71db63f0e22c1ff77ddf34308
parent	c08961e3540f3ecf4ec2e6f99089b8d2133114df (diff)
download	couchdb-encrypted-rpc.tar.gz