diff options
author | Robert Newson <rnewson@apache.org> | 2016-04-29 23:31:03 +0100 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2016-04-29 23:35:56 +0100 |
commit | e189045d54dfc586969cef9759df79519c5636fc (patch) | |
tree | c8cb9eb3d5d578a71db63f0e22c1ff77ddf34308 | |
parent | c08961e3540f3ecf4ec2e6f99089b8d2133114df (diff) | |
download | couchdb-encrypted-rpc.tar.gz |
Enable TLS on the clustered HTTP portsencrypted-rpc
-rwxr-xr-x | dev/run | 1 | ||||
-rw-r--r-- | rel/overlay/etc/default.ini | 10 |
2 files changed, 10 insertions, 1 deletions
@@ -170,6 +170,7 @@ def setup_configs(ctx): "lib", node, "data"), "node_name": "-name %s@127.0.0.1" % node, "cluster_port": cluster_port, + "cluster_tls_port": cluster_port + 1, "backend_port": backend_port, "fauxton_root": "src/fauxton/dist/release", "uuid": "fake_uuid_for_dev" diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 26471dfc2..d59004cd0 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -75,8 +75,16 @@ enable_cors = false ; CouchDB can optionally enforce a maximum uri length; ; max_uri_length = 8000 +[daemons] +httpsd = {chttpd, start_link, [https]} + [ssl] -port = 6984 +port = {{cluster_tls_port}} +cert_file = {{prefix}}/ecc_cert.pem +key_file = {{prefix}}/ecc_key.pem +ciphers = [{ecdhe_ecdsa,aes_128_cbc,sha256}] +tls_versions = ['tlsv1.2'] +secure_renegotiate = true [couch_httpd_auth] authentication_db = _users |