Skip to content

Commit e14d7eb

Browse files
redgeoffredgeoff
committed
feat(ssl)
1 parent 050b9e3 commit e14d7eb

File tree

3 files changed

+22
-4
lines changed

3 files changed

+22
-4
lines changed

Dockerfile

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,21 @@ FROM debian:jessie
33
# Update distro
44
RUN apt-get update -y && apt-get -y upgrade && apt-get -y dist-upgrade
55

6+
# Install Erlang 18 from source as the default version of Erlang 17 doesn't support CouchDB's SSL
7+
# features
8+
RUN apt-get install -y build-essential autoconf libncurses5-dev \
9+
openssl libssl-dev fop xsltproc unixodbc-dev \
10+
git wget \
11+
&& cd /usr/src \
12+
&& wget http://erlang.org/download/otp_src_18.3.tar.gz \
13+
&& tar zxvf otp_src_18.3.tar.gz \
14+
&& cd otp_src_18.3 \
15+
&& ./configure && make && make install
16+
617
# Install CouchDB from source
718
RUN apt-get --no-install-recommends -y install \
8-
build-essential pkg-config erlang \
19+
# build-essential pkg-config erlang \
20+
build-essential pkg-config \
921
libicu-dev libmozjs185-dev libcurl4-openssl-dev \
1022
wget curl ca-certificates \
1123
&& cd /usr/src \
@@ -55,7 +67,7 @@ RUN npm install -g docker-discover-tasks
5567

5668
WORKDIR /home/couchdb/couchdb
5769

58-
EXPOSE 5984 4369 9100-9200
70+
EXPOSE 5984 6984 4369 9100-9200
5971

6072
VOLUME ["/home/couchdb/couchdb/data"]
6173

couchdb-process.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
#!/bin/bash
22

3-
# /docker-entrypoint.sh /home/couchdb/couchdb/bin/couchdb > /home/couchdb/couchdb/var/log/couch.log
43
/docker-entrypoint.sh /home/couchdb/couchdb/bin/couchdb
4+
# /docker-entrypoint.sh /home/couchdb/couchdb/bin/couchdb > /home/couchdb/couchdb/var/log/couch.log 2>&1

docker-entrypoint.sh

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,14 @@ if [ "$1" = '/home/couchdb/couchdb/bin/couchdb' ]; then
3333

3434
if [ "$COUCHDB_CERT_FILE" ] && [ "$COUCHDB_KEY_FILE" ] && [ "$COUCHDB_CACERT_FILE" ]; then
3535
# Enable SSL
36-
# printf "[daemons]\nhttpsd = {couch_httpd, start_link, [https]}\n\n" >> /home/couchdb/couchdb/etc/local.d/ssl.ini
36+
printf "[daemons]\nhttpsd = {chttpd, start_link, [https]}\n\n" >> /home/couchdb/couchdb/etc/local.d/ssl.ini
3737
printf "[ssl]\ncert_file = %s\nkey_file = %s\ncacert_file = %s\n" "$COUCHDB_CERT_FILE" "$COUCHDB_KEY_FILE" "$COUCHDB_CACERT_FILE" >> /home/couchdb/couchdb/etc/local.d/ssl.ini
38+
39+
# As per https://groups.google.com/forum/#!topic/couchdb-user-archive/cBrZ25DHHVA, due to bug
40+
# https://issues.apache.org/jira/browse/COUCHDB-3162 we need the following lines. TODO: remove
41+
# this in a later version of CouchDB 2.
42+
printf "ciphers = undefined\ntls_versions = undefined\nsecure_renegotiate = undefined\n" >> /home/couchdb/couchdb/etc/local.d/ssl.ini
43+
3844
chown couchdb:couchdb /home/couchdb/couchdb/etc/local.d/ssl.ini
3945
fi
4046

0 commit comments

Comments
 (0)