From e189045d54dfc586969cef9759df79519c5636fc Mon Sep 17 00:00:00 2001
From: Robert Newson <rnewson@apache.org>
Date: Fri, 29 Apr 2016 23:31:03 +0100
Subject: Enable TLS on the clustered HTTP ports

---
 dev/run                     |  1 +
 rel/overlay/etc/default.ini | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/dev/run b/dev/run
index d2705f7d7..c1a5c9e27 100755
--- a/dev/run
+++ b/dev/run
@@ -170,6 +170,7 @@ def setup_configs(ctx):
                                                 "lib", node, "data"),
             "node_name": "-name %s@127.0.0.1" % node,
             "cluster_port": cluster_port,
+            "cluster_tls_port": cluster_port + 1,
             "backend_port": backend_port,
             "fauxton_root": "src/fauxton/dist/release",
             "uuid": "fake_uuid_for_dev"
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 26471dfc2..d59004cd0 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -75,8 +75,16 @@ enable_cors = false
 ; CouchDB can optionally enforce a maximum uri length;
 ; max_uri_length = 8000
 
+[daemons]
+httpsd = {chttpd, start_link, [https]}
+
 [ssl]
-port = 6984
+port = {{cluster_tls_port}}
+cert_file = {{prefix}}/ecc_cert.pem
+key_file = {{prefix}}/ecc_key.pem
+ciphers =  [{ecdhe_ecdsa,aes_128_cbc,sha256}]
+tls_versions = ['tlsv1.2']
+secure_renegotiate = true
 
 [couch_httpd_auth]
 authentication_db = _users
-- 
cgit v1.2.1