Dear wiki user, You have subscribed to a wiki page "Couchdb Wiki" for change notification.
The page "How_to_enable_SSL" has been deleted by JoanTouzet: https://wiki.apache.org/couchdb/How_to_enable_SSL?action=diff&rev1=6&rev2=7 Comment: Outdated; see https://docs.couchdb.org/en/stable/config/http.html?highlight=ssl#https-ssl-tls-options - <<Include(EditTheWiki)>> - CouchDB now natively supports SSL from version 1.1.0 and onwards, assuming your underlying Erlang/OTP install supports it. - - To enable it; - - 1) Enable the httpsd daemon by adding the following line to your local.ini or local_dev.ini (newly generated files include this setting but commented out); - - {{{ - [daemons] - httpsd = {couch_httpd, start_link, [https]} - }}} - - 2) tell CouchDB about your SSL server keys (PEM encoded); - - {{{ - [ssl] - cert_file = /full/path/to/server_cert.pem - key_file = /full/path/to/server_key.pem - ;port = 6984 - }}} - - On windows, the path format needs to be one of the following: - - * fully specified windows path with slashes inverted, and spaces escaped: c:/program\ files/couchdb/etc/config/couchdb/<your.pem> - * unix-style path, assuming that the root / will be the root of the drive that couchdb is installed to: /program\ files/couchdb/etc/config/couchdb/<your.pem> - * relative path, to the %COUCH%/bin folder: ../etc/couchdb/<your.pem> - - 3) Restart CouchDB. - - CouchDB should now accept SSL connections on, by default, port 6984. - - == Troubleshooting == - - To ensure that the issue is not with your certificates, use the test ones from [[https://github.com/mochi/mochiweb/tree/master/examples/https|MochiWeb]], and test from the command line using - {{{ - curl -k -v https://127.0.0.1:6984/ - }}} - - You can test your certificates separately using: - {{{ - openssl s_server -key <keyfile> -cert <certfile> -www - curl -k -v https://localhost:4433/ - }}} - - == Notes == - - Current Erlang/OTP releases at R15B02 or earlier have a variety of minor issues cropping up with SSL. If your usage is expected to be heavy, you may wish to consider using an SSL wrapper, e.g. [[https://www.stunnel.org/|stunnel]] or [[http://haproxy.1wt.eu/|haproxy]] or reverse / front-end proxies such as nginx or apache2 in place. -
