Hello everyone,
Prompted by the repeated security issues we've seen over the past
year, a patch has just landed on master that reworks how query servers
and SSL support are configured in CouchDB. This rework will prevent
any future security problems by removing runtime configurability of
query servers and HTTP global handlers. It also removes some deprecated
functionality.
These changes WILL be in 2.3.0 - be aware, you may need to change
your configuration if you use anything other than the defaults.
Details are below. The actual PR in which the code landed is here:
https://github.com/apache/couchdb/pull/1602
-Joan
# Query servers
Query servers are NO LONGER DEFINED in the .ini files, and can
no longer be altered at run-time.
The javascript and coffeescript query servers continue to be enabled
by default. Setup differences have been moved from default.ini to
the couchdb and couchdb.cmd start scripts respectively.
Additional query servers can now be configured using environment
variables:
```
export COUCHDB_QUERY_SERVER_PYTHON="/path/to/python/query/server.py with args"
couchdb
```
where the last segment in the environment variable (_PYTHON) matches
the usual lowercase(!) query language in the design doc
`language` field (here, `python`.)
Multiple query servers can be configured by using more environment
variables.
You can also override the default servers if you need to set command-
line options (such as `couchjs` stack size):
```
export COUCHDB_QUERY_SERVER_JAVASCRIPT="/path/to/couchjs /path/to/main.js -S
<STACKSIZE>"
couchdb
```
# Native Query Servers
The mango query server continues to be enabled by default. The erlang
query server continues to be disabled by default. This change adds
a `[native_query_servers] enable_erlang_query_server = BOOL` setting
(defaults to `"false"`) to enable the erlang query server.
If the legacy configuration for enabling the query server is detected,
that is counted as a `true` setting as well, so existing configurations
continue to work just fine.
# SSL Support
Enabling SSL support in the ini file is now easier:
```
[ssl]
enable = true
```
If the legacy httpsd configuration is found in your ini file, this will
still enable SSL support, so existing configurations do not need to be
changed.
# HTTP global handlers
These are no longer defined in the default.ini file, but have been
moved to the couch.app context. If you need to customize your handlers,
you can modify the app context using a couchdb.config file as usual.
# Removed: OS Daemons & Couch HTTP proxy
OS Daemons were already deprecated in a previous release of CouchDB.
Due to this rework, and again citing security reasons, we've had to
remove them prior to the planned 3.0 release.
We recommend the use of OS-level daemons such as runit, sysvinit,
systemd, upstart, etc. to launch and maintain your various OS daemons.
Also removed in this cleanup was the deprecated couch_httpd_proxy code,
which was introduced in 1.1 as ancillary support for Couch-proxied
OS daemons. This does NOT affect the standard deployment approach of
placing CouchDB behind a reverse proxy - only the deprecated approach
of using CouchDB itself as a reverse proxy for other processes.
