CouchDB Admin Local Port over https

Tue, 20 Nov 2018 03:55:15 -0800 

Hello,

currently I am running CouchDB Version 2.2 on the following Ports, 5984,5986, 
6984 (ssl)

But it is also required to start the port 5986 over SSL as safety aspects 
because non ssl is not allowed anymore in my usecase, but this seems not 
possible while looking upon to the Erlang Module couch_httpd.erl... The 
webserver would also start with the existing Port 6984..

local.ini:

[daemons]
httpsd = {chttpd, start_link, [https]}
admin_httpds = {couch_httpd, start_link, [https]}


Here you will find my example to start the non local http port 5986 as ssl 
admin port with 6986:


-module(couch_httpd).

start_link() ->
    start_link(http).
start_link(http) ->
    Port = config:get("httpd", "port", "5984"),
    start_link(?MODULE, [{port, Port}]);
start_link(https) ->
    % Port = config:get("ssl", "port", "6984"),
    Port = config:get("ssl", "adminport", "6986"),
    {ok, Ciphers} = couch_util:parse_term(config:get("ssl", "ciphers", 
undefined)),
    {ok, Versions} = couch_util:parse_term(config:get("ssl", "tls_versions", 
undefined)),
    {ok, SecureRenegotiate} = couch_util:parse_term(config:get("ssl", 
"secure_renegotiate", undefined)),
    ServerOpts0 =
        [{cacertfile, config:get("ssl", "cacert_file", undefined)},
            {keyfile, config:get("ssl", "key_file", undefined)},
            {certfile, config:get("ssl", "cert_file", undefined)},
            {password, config:get("ssl", "password", undefined)},
            {secure_renegotiate, SecureRenegotiate},
            {versions, Versions},
            {ciphers, Ciphers}],

    case (couch_util:get_value(keyfile, ServerOpts0) == undefined orelse
        couch_util:get_value(certfile, ServerOpts0) == undefined) of
        true ->
            couch_log:error("SSL enabled but PEM certificates are missing", []),
            throw({error, missing_certs});
        false ->
            ok
    end,

    ServerOpts = [Opt || {_, V}=Opt <- ServerOpts0, V /= undefined],

    ClientOpts = case config:get("ssl", "verify_ssl_certificates", "false") of
                     "false" ->
                         [];
                     "true" ->
                         FailIfNoPeerCert = case config:get("ssl", 
"fail_if_no_peer_cert", "false") of
                                                "false" -> false;
                                                "true" -> true
                                            end,
                         [{depth, list_to_integer(config:get("ssl",
                             "ssl_certificate_max_depth", "1"))},
                             {fail_if_no_peer_cert, FailIfNoPeerCert},
                             {verify, verify_peer}] ++
                         case config:get("ssl", "verify_fun", undefined) of
                             undefined -> [];
                             SpecStr ->
                                 [{verify_fun, make_arity_3_fun(SpecStr)}]
                         end
                 end,
    SslOpts = ServerOpts ++ ClientOpts,

    Options =
        [{port, Port},
            {ssl, true},
            {ssl_opts, SslOpts}],
    %start_link(https, Options).
    start_link(admin_https, Options).



------------


stop() ->
    mochiweb_http:stop(couch_httpd),
    catch mochiweb_http:stop(https).

to the following code:

stop() ->
mochiweb_http:stop(couch_httpd),
catch mochiweb_http:stop(admin_https).





Best regards,


Michael

Reply via email to