Repository: couchdb Updated Branches: refs/heads/encrypted-rpc [created] c08961e35
Configure CouchDB for encrypted traffic all over Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/c08961e3 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/c08961e3 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/c08961e3 Branch: refs/heads/encrypted-rpc Commit: c08961e3540f3ecf4ec2e6f99089b8d2133114df Parents: 9f4103f Author: Robert Newson <[email protected]> Authored: Fri Apr 29 22:57:01 2016 +0100 Committer: Robert Newson <[email protected]> Committed: Fri Apr 29 23:12:07 2016 +0100 ---------------------------------------------------------------------- .gitignore | 2 ++ Makefile | 14 +++++++++++++- rel/overlay/etc/vm.args | 6 ++++++ 3 files changed, 21 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/c08961e3/.gitignore ---------------------------------------------------------------------- diff --git a/.gitignore b/.gitignore index 77ae520..0c901ef 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,5 @@ src/couch/priv/couchspawnkillable .rebar bin/ apache-couchdb-*/ + +*.pem http://git-wip-us.apache.org/repos/asf/couchdb/blob/c08961e3/Makefile ---------------------------------------------------------------------- diff --git a/Makefile b/Makefile index cefc5da..40399ae 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ help: .PHONY: couch # target: couch - Build CouchDB core -couch: config.erl +couch: certs config.erl @COUCHDB_VERSION=$(COUCHDB_VERSION) $(REBAR) compile @cp src/couch/priv/couchjs bin/ @@ -299,6 +299,7 @@ clean: @rm -f src/couch/priv/couchspawnkillable @rm -f src/couch/priv/couch_js/config.h @rm -f dev/boot_node.beam dev/pbkdf2.pyc log/crash.log + @rm -r *.pem .PHONY: distclean @@ -362,3 +363,14 @@ ifeq ($(with_fauxton), 1) @echo "Building Fauxton" @cd src/fauxton && npm install --production && ./node_modules/grunt-cli/bin/grunt couchdb endif + +certs: ecc_cert.pem + +%_cert.pem: %_key.pem %_csr.pem + @openssl req -x509 -days 99999 -key $*_key.pem -in $*_csr.pem -out $@ + +%_csr.pem: %_key.pem + @openssl req -new -key $< -out $@ -subj "/O=Apache Software Foundation/OU=Apache CouchDB" + +ecc_key.pem: + @openssl ecparam -genkey -name prime256v1 -out ecc_key.pem http://git-wip-us.apache.org/repos/asf/couchdb/blob/c08961e3/rel/overlay/etc/vm.args ---------------------------------------------------------------------- diff --git a/rel/overlay/etc/vm.args b/rel/overlay/etc/vm.args index b69ad82..462195e 100644 --- a/rel/overlay/etc/vm.args +++ b/rel/overlay/etc/vm.args @@ -31,5 +31,11 @@ # Start a pool of asynchronous IO threads +A 16 +# Encrypt the RPC traffic +-proto_dist inet_tls +-ssl_dist_opt server_certfile "ecc_cert.pem" +-ssl_dist_opt server_keyfile "ecc_key.pem" +-ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true + # Comment this line out to enable the interactive Erlang shell on startup +Bd -noinput
