I've enabled HTTPS access...
When I log into Fauxton using HTTPS, if I go to "Configuration" it says "Config Disabled" at the top. If I log into with port "5984", I can make changes to the configuration. Is there a way to enable Config on the secured side?
I setup CouchDB as a single node, but in the HTTPS side of Fauxton I am getting a list of about 20 shard databases in the all dbs view that look like this: (I'm not listing all of them)
shards/00000000-1fffffff/_global_changes.1492544140 This database failed to load.
The databases listed in the HTTP fauxton vs the HTTPS fauxton are not the same, if I create a DB in one, it does not show up in the other.
If I go into the var/lib/couchdb directory, databases that I create in the HTTP fauxton show up in its root.
Databases I create on the HTTPS fauxton page show up in one of the directories that are created in var/lib/couchdb/shards
Is this supposed to behave like this, or did I mess something up in my configuration (see below for local.ini file)
; CouchDB Configuration Settings
; Custom settings should be made in this file. They will override settings
; in default.ini, but unlike changes made to default.ini, this file won't be
; overwritten on server upgrade.
[couchdb]
database_dir = /opt/couchdb/var/lib/couchdb
view_index_dir = /opt/couchdb/var/lib/couchdb
plugin_dir = /opt/couchdb/lib/couchdb/plugins
;max_document_size = 4294967296 ; bytes
;os_process_timeout = 5000
uuid = ba502ba2fd67f5984b900dd566faebee
[couch_peruser]
; If enabled, couch_peruser ensures that a private per-user database
; exists for each document in _users. These databases are writable only
; by the corresponding user. Databases are in the following form:
; userdb-{hex encoded username}
enable = true
; If set to true and a user is deleted, the respective database gets
; deleted as well.
;delete_dbs = true
[chttpd]
port = 5984
bind_address = 0.0.0.0
; Options for the MochiWeb HTTP server.
;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
; For more socket options, consult Erlang's module 'inet' man page.
;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
[httpd]
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
; Uncomment next line to trigger basic-auth popup on unauthorized requests.
WWW-Authenticate = Basic realm="Administrator"
; Uncomment next line to set the configuration modification whitelist. Only
; whitelisted values may be changed via the /_config URLs. To allow the admin
; to change this value over HTTP, remember to include {httpd,config_whitelist}
; itself. Excluding it from the list would require editing this file to update
; the whitelist.
;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}]
[query_servers]
javascript = /opt/couchdb/bin/couchjs /opt/couchdb/share/server/main.js
coffeescript = /opt/couchdb/bin/couchjs /opt/couchdb/share/server/main-coffee.js
;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js
[httpd_global_handlers]
favicon.ico = {couch_httpd_misc_handlers, handle_favicon_req, "/opt/couchdb/share/www"}
;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>}
[couch_httpd_auth]
secret = c71db502c031f1b265cf327b1403cfeb
; If you set this to true, you should also uncomment the WWW-Authenticate line
; above. If you don't configure a WWW-Authenticate header, CouchDB will send
; Basic realm="server" in order to prevent you getting logged out.
require_valid_user = true
[os_daemons]
; For any commands listed here, CouchDB will attempt to ensure that
; the process remains alive. Daemons should monitor their environment
; to know when to exit. This can most easily be accomplished by exiting
; when stdin is closed.
;foo = /path/to/command -with args
[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
httpsd = {couch_httpd, start_link, [https]}
[ssl]
port = 6984
cert_file = /opt/couchdb/conf/server.crt
key_file = /opt/couchdb/conf/server.key
;password = somepassword
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
;fail_if_no_peer_cert = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
;ssl_certificate_max_depth = 1
;
; Reject renegotiations that do not live up to RFC 5746.
;secure_renegotiate = true
; The cipher suites that should be supported.
; Can be specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}"
; or in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
;ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
; The SSL/TLS versions to support
;tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2']
; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
; the Virual Host will be redirected to the path. In the example below all requests
; to http://example.com/ are redirected to /database.
; If you run CouchDB on a specific port, include the port number in the vhost:
; example.com:5984 = /database
[vhosts]
;example.com = /database/
[update_notification]
;unique notifier name=/full/path/to/exe -with "cmd line arg"
; To create an admin account uncomment the '[admins]' section below and add a
; line in the format 'username = password'. When you next start CouchDB, it
; will change the password to a hash (so that your passwords don't linger
; around in plain-text files). You can add more admin accounts with more
; 'username = password' lines. Don't forget to restart CouchDB after
; changing this.
[admins]
admin = -pbkdf2-a634f120f3e595f55b1cfb4ffdfa22ad94a19ace,bba3e68b9a6df0c011f6f09b7b4b9268,10
;admin = mysecretpassword