Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Disabling CouchDB HTTP layer

It is not possible to disable the existing HTTP layer completely in CouchDB 2.3.1, so only allowing HTTPS access - albeit not cleanly, requires a firewall rule.


In some older versions of CouchDB 2.x (that have OTHER security issues, and we do NOT recommend you run these) you can disable port 5984 by amending /usr/local/etc/couchdb/default.ini [daemons ]  section accordingly:

...

Currently it is not possible to disable it in the more common /usr/local/etc/couchdb/local.ini [daemons ]  file.

Please watch this ticket for progress on restoring this functionality: https://github.com/apache/couchdb/issues/2106

Accessing and Verifying SSL

...

The webpage at https://mydomainname.example.com:6984/ might be temporarily down or it may have moved permanently to a new web address.
Error code: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED

This SSL problem does not occur in CouchDB 1.6.1 on Ubuntu 14.10.