diff --git a/src/api/server/configuration.rst b/src/api/server/configuration.rst index ce527a61..b13322c9 100644 --- a/src/api/server/configuration.rst +++ b/src/api/server/configuration.rst @@ -87,53 +87,14 @@ interact with the local node's configuration. "socket_options": "[{sndbuf, 262144}, {nodelay, true}]", "server_options": "[{recbuf, undefined}]" }, - "daemons": { - "auth_cache": "{couch_auth_cache, start_link, []}", - "db_update_notifier": "{couch_db_update_notifier_sup, start_link, []}", - "external_manager": "{couch_external_manager, start_link, []}", - "httpd": "{couch_httpd, start_link, []}", - "query_servers": "{couch_query_servers, start_link, []}", - "stats_aggregator": "{couch_stats_aggregator, start, []}", - "stats_collector": "{couch_stats_collector, start, []}", - "uuids": "{couch_uuids, start, []}", - "view_manager": "{couch_view, start_link, []}" - }, "httpd": { "allow_jsonp": "false", "authentication_handlers": "{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}", "bind_address": "192.168.0.2", - "default_handler": "{couch_httpd_db, handle_request}", "max_connections": "2048", "port": "5984", - "secure_rewrites": "true", - "vhost_global_handlers": "_utils, _uuids, _session, _users" - }, - "httpd_db_handlers": { - "_changes": "{couch_httpd_db, handle_changes_req}", - "_compact": "{couch_httpd_db, handle_compact_req}", - "_design": "{couch_httpd_db, handle_design_req}", - "_temp_view": "{couch_httpd_view, handle_temp_view_req}", - "_view_cleanup": "{couch_httpd_db, handle_view_cleanup_req}" - }, - "httpd_design_handlers": { - "_info": "{couch_httpd_db, handle_design_info_req}", - "_list": "{couch_httpd_show, handle_view_list_req}", - "_rewrite": "{couch_httpd_rewrite, handle_rewrite_req}", - "_show": "{couch_httpd_show, handle_doc_show_req}", - "_update": "{couch_httpd_show, handle_doc_update_req}", - "_view": "{couch_httpd_view, handle_view_req}" - }, - "httpd_global_handlers": { - "/": "{couch_httpd_misc_handlers, handle_welcome_req, <<\"Welcome\">>}", - "_active_tasks": "{couch_httpd_misc_handlers, handle_task_status_req}", - "_all_dbs": "{couch_httpd_misc_handlers, handle_all_dbs_req}", - "_config": "{couch_httpd_misc_handlers, handle_config_req}", - "_replicate": "{couch_httpd_misc_handlers, handle_replicate_req}", - "_session": "{couch_httpd_auth, handle_session_req}", - "_stats": "{couch_httpd_stats_handlers, handle_stats_req}", - "_utils": "{couch_httpd_misc_handlers, handle_utils_dir_req, \"/usr/share/couchdb/www\"}", - "_uuids": "{couch_httpd_misc_handlers, handle_uuids_req}", - "favicon.ico": "{couch_httpd_misc_handlers, handle_favicon_req, \"/usr/share/couchdb/www\"}" + "secure_rewrites": "true" + } }, "log": { "writer": "file", @@ -144,9 +105,6 @@ interact with the local node's configuration. "query_server_config": { "reduce_limit": "true" }, - "query_servers": { - "javascript": "/usr/bin/couchjs /usr/share/couchdb/server/main.js" - }, "replicator": { "max_http_pipeline_size": "10", "max_http_sessions": "10" diff --git a/src/config/http-handlers.rst b/src/config/http-handlers.rst deleted file mode 100644 index df06fe56..00000000 --- a/src/config/http-handlers.rst +++ /dev/null @@ -1,232 +0,0 @@ -.. Licensed under the Apache License, Version 2.0 (the "License"); you may not -.. use this file except in compliance with the License. You may obtain a copy of -.. the License at -.. -.. http://www.apache.org/licenses/LICENSE-2.0 -.. -.. Unless required by applicable law or agreed to in writing, software -.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -.. License for the specific language governing permissions and limitations under -.. the License. - -.. highlight:: ini - -====================== -HTTP Resource Handlers -====================== - -.. _config/httpd_global_handlers: - -Global HTTP Handlers -==================== - -.. config:section:: httpd_global_handlers :: Global HTTP Handlers - - These HTTP resources are provided for CouchDB server root level. - - .. config:option:: / - - :: - - [httpd_global_handlers] - / = {couch_httpd_misc_handlers, handle_welcome_req, <<"Welcome">>} - - .. config:option:: favicon.ico - - The favicon handler looks for `favicon.ico` file within specified - directory:: - - [httpd_global_handlers] - favicon.ico = {couch_httpd_misc_handlers, handle_favicon_req, "/usr/share/couchdb/www"} - - .. config:option:: _active_tasks - - :: - - [httpd_global_handlers] - _active_tasks = {couch_httpd_misc_handlers, handle_task_status_req} - - .. config:option:: _all_dbs - - Provides a list of all server's databases:: - - [httpd_global_handlers] - _all_dbs = {couch_httpd_misc_handlers, handle_all_dbs_req} - - .. note:: - Sometimes you don't want to disclose database names for everyone, - but you also don't like/want/able to set up any proxies in front of - CouchDB. Removing this handler disables ``_all_dbs`` resource and - there will be no way to get list of available databases. - - The same also is true for other resource handlers. - - .. config:option:: _config - - Provides resource to work with CouchDB config - :ref:`remotely `. Any config changes that was made via HTTP - API are applied automatically on fly and doesn't requires server - instance to be restarted:: - - [httpd_global_handlers] - _config = {couch_httpd_misc_handlers, handle_config_req} - - .. config:option:: _replicate - - Provides an API to run - :ref:`temporary replications `:: - - [httpd_global_handlers] - _replicate = {couch_replicator_httpd, handle_req} - - .. config:option:: _session - - Provides a resource with information about the current user's session:: - - [httpd_global_handlers] - _session = {couch_httpd_auth, handle_session_req} - - .. config:option:: _stats - - :: - - [httpd_global_handlers] - _stats = {couch_httpd_stats_handlers, handle_stats_req} - - .. config:option:: _utils - - The :ref:`_utils ` handler serves `Fauxton`'s web - administration page:: - - [httpd_global_handlers] - _utils = {couch_httpd_misc_handlers, handle_utils_dir_req, "/usr/share/couchdb/www"} - - In similar way, you may set up custom handler to let CouchDB serve any - static files. - - .. config:option:: _uuids - - Provides a resource to get UUIDs generated by CouchDB:: - - [httpd_global_handlers] - _uuids = {couch_httpd_misc_handlers, handle_uuids_req} - - This is useful when your client environment isn't capable of providing - truly random IDs (web browsers e.g.). - -.. _config/httpd_db_handlers: - -Database HTTP Handlers -====================== - -.. config:section:: httpd_db_handlers :: Database HTTP Handlers - - These HTTP resources are available on every CouchDB database. - - .. config:option:: _all_docs - - :: - - [httpd_db_handlers] - _all_docs = {couch_mrview_http, handle_all_docs_req} - - .. config:option:: _local_docs - - :: - - [httpd_db_handlers] - _local_docs = {couch_mrview_http, handle_local_docs_req} - - .. config:option:: _design_docs - - :: - - [httpd_db_handlers] - _design_docs = {couch_mrview_http, handle_design_docs_req} - - .. config:option:: _changes - - :: - - [httpd_db_handlers] - _changes = {couch_httpd_db, handle_changes_req} - - .. config:option:: _compact - - :: - - [httpd_db_handlers] - _compact = {couch_httpd_db, handle_compact_req} - - .. config:option:: _design - - :: - - [httpd_db_handlers] - _design = {couch_httpd_db, handle_design_req} - - .. config:option:: _view_cleanup - - :: - - [httpd_db_handlers] - _view_cleanup = {couch_mrview_http, handle_cleanup_req} - -.. _config/httpd_design_handlers: - -Design Documents HTTP Handlers -============================== - -.. config:section:: httpd_design_handlers :: Design Documents HTTP Handlers - -These HTTP resources are provided for design documents. - - .. config:option:: _compact - - :: - - [httpd_design_handlers] - _compact = {couch_mrview_http, handle_compact_req} - - .. config:option:: _info - - :: - - [httpd_design_handlers] - _info = {couch_mrview_http, handle_info_req} - - .. config:option:: _list - - :: - - [httpd_design_handlers] - _list = {couch_mrview_show, handle_view_list_req} - - .. config:option:: _rewrite - - :: - - [httpd_design_handlers] - _rewrite = {couch_httpd_rewrite, handle_rewrite_req} - - .. config:option:: _show - - :: - - [httpd_design_handlers] - _show = {couch_mrview_show, handle_doc_show_req} - - .. config:option:: _update - - :: - - [httpd_design_handlers] - _update = {couch_mrview_show, handle_doc_update_req} - - .. config:option:: _view - - :: - - [httpd_design_handlers] - _view = {couch_mrview_http, handle_view_req} diff --git a/src/config/http.rst b/src/config/http.rst index 843c8744..87f30a8c 100644 --- a/src/config/http.rst +++ b/src/config/http.rst @@ -307,23 +307,22 @@ HTTP Server Options .. _config/ssl: -Secure Socket Level Options -=========================== +HTTPS (SSL/TLS) Options +======================= -.. config:section:: ssl :: Secure Socket Level Options +.. config:section:: ssl :: HTTPS (SSL/TLS) Options - CouchDB supports SSL natively. All your secure connection needs can now be - served without needing to set up and maintain a separate proxy server that - handles SSL. + CouchDB supports TLS/SSL natively, without the use of a proxy server. - SSL setup can be tricky, but the configuration in CouchDB was designed to + HTTPS setup can be tricky, but the configuration in CouchDB was designed to be as easy as possible. All you need is two files; a certificate and a - private key. If you bought an official SSL certificate from a certificate + private key. If you have an official certificate from a certificate authority, both should be in your possession already. - If you just want to try this out and don't want to pay anything upfront, - you can create a self-signed certificate. Everything will work the same, - but clients will get a warning about an insecure certificate. + If you just want to try this out and don't want to go through the hassle of + obtaining an official certificate, you can create a self-signed certificate. + Everything will work the same, but clients will get a warning about an insecure + certificate. You will need the `OpenSSL`_ command line tool installed. It probably already is. @@ -340,14 +339,11 @@ Secure Socket Level Options Now, you need to edit CouchDB's configuration, by editing your ``local.ini`` file. Here is what you need to do. - At first, :option:`enable the HTTPS daemon `:: - - [daemons] - httpsd = {chttpd, start_link, [https]} - - Next, under the ``[ssl]`` section set up the newly generated certificates:: + Under the ``[ssl]`` section, enable HTTPS and set up the newly generated + certificates:: [ssl] + enable = true cert_file = /etc/couchdb/cert/couchdb.pem key_file = /etc/couchdb/cert/privkey.pem @@ -386,6 +382,11 @@ Secure Socket Level Options All done. + For performance reasons, and for ease of setup, you may still wish to + terminate HTTPS connections at your load balancer / reverse proxy, then use + unencrypted HTTP between it and your CouchDB cluster. This is a recommended + approach. + .. _`certificates HOWTO`: http://www.openssl.org/docs/HOWTO/certificates.txt .. _OpenSSL: http://www.openssl.org/ diff --git a/src/config/index.rst b/src/config/index.rst index 1fec7a76..64b03bf6 100644 --- a/src/config/index.rst +++ b/src/config/index.rst @@ -29,6 +29,5 @@ Configuring CouchDB logging replicator query-servers - http-handlers services misc diff --git a/src/config/intro.rst b/src/config/intro.rst index 59184b34..35d5d886 100644 --- a/src/config/intro.rst +++ b/src/config/intro.rst @@ -117,11 +117,11 @@ improve configuration readability. without modifying that file, you may override in `local.ini`, but without any value:: - [httpd_global_handlers] - _all_dbs = + [compactions] + _default = - This could be read as: "remove the `_all_dbs` parameter from the - `httpd_global_handlers` section if it was ever set before". + This could be read as: "remove the `_default` parameter from the + `compactions` section if it was ever set before". The semicolon (``;``) signals the start of a comment. Everything after this character is ignored by CouchDB. diff --git a/src/config/query-servers.rst b/src/config/query-servers.rst index b3cc7ae2..8032820e 100644 --- a/src/config/query-servers.rst +++ b/src/config/query-servers.rst @@ -23,28 +23,28 @@ Query Servers Definition .. config:section:: query_servers :: Query Servers Definition - .. versionchanged:: 1.2: Added CoffeeScript query server + .. versionchanged:: 2.3 Changed configuration method for Query Servers + and Native Query Servers. CouchDB delegates computation of :ref:`design documents ` functions to external query servers. The external query server is a special OS process which communicates with CouchDB over standard input/output using a very simple line-based protocol with JSON messages. - The external query server may be defined in configuration file following - next pattern:: + An external query server may be defined with environment variables following + this pattern:: - [query_servers] - LANGUAGE = PATH ARGS + COUCHDB_QUERY_SERVER_LANGUAGE="PATH ARGS" Where: - ``LANGUAGE``: is a programming language which code this query server may - execute. For instance, there are `python`, `ruby`, `clojure` and other - query servers in wild. This value is also used for `ddoc` field - ``language`` to determine which query server processes the functions. + execute. For instance, there are `PYTHON`, `RUBY`, `CLOJURE` and other + query servers in the wild. This value in *lowercase* is also used for `ddoc` + field ``language`` to determine which query server processes the functions. Note, that you may set up multiple query servers for the same programming - language, but you have to name them different (like `python-dev` etc.). + language, but you have to name them differently (like `PYTHONDEV` etc.). - ``PATH``: is a system path to the executable binary program that runs the query server. @@ -53,26 +53,29 @@ Query Servers Definition for the executable ``PATH``. The default query server is written in :ref:`JavaScript `, - running via `Mozilla SpiderMonkey`_:: + running via `Mozilla SpiderMonkey`_. It requires no special environment + settings to enable, but is the equivalent of these two variables:: - [query_servers] - javascript = /usr/bin/couchjs /usr/share/couchdb/server/main.js - coffeescript = /usr/bin/couchjs /usr/share/couchdb/server/main-coffee.js + COUCHDB_QUERY_SERVER_JAVASCRIPT="/opt/couchdb/bin/couchjs /opt/couchdb/share/server/main.js" + COUCHDB_QUERY_SERVER_COFFEESCRIPT="/opt/couchdb/bin/couchjs /opt/couchdb/share/server/main-coffee.js" By default, ``couchjs`` limits the max runtime allocation to 64MiB. If you run into out of memory issue in your ddoc functions, - you can adjust the memory limitation:: + you can adjust the memory limitation (here, increasing to 512 MiB):: - [query_servers] - javascript = /usr/bin/couchjs -S 536870912 /usr/share/couchdb/server/main.js ; 512 MiB + COUCHDB_QUERY_SERVER_JAVASCRIPT="/usr/bin/couchjs -S 536870912 /usr/share/server/main.js" For more info about the available options, please consult ``couchjs -h``. .. _Mozilla SpiderMonkey: https://developer.mozilla.org/en/docs/SpiderMonkey .. seealso:: - :ref:`Native Erlang Query Server ` that - allows to process Erlang `ddocs` and runs within CouchDB bypassing + The :ref:`Mango Query Server ` is a declarative language + that requires *no programming*, allowing for easier indexing and finding + of data in documents. + + The :ref:`Native Erlang Query Server ` + allows running `ddocs` written in Erlang natively, bypassing stdio communication and JSON serialization/deserialization round trip overhead. @@ -160,7 +163,7 @@ Native Erlang Query Server ``[native_query_servers]`` section:: [native_query_servers] - erlang = {couch_native_process, start_link, []} + enable_erlang_query_server = true To see these changes you will also need to restart the server. diff --git a/src/config/services.rst b/src/config/services.rst index 5556e872..403134f7 100644 --- a/src/config/services.rst +++ b/src/config/services.rst @@ -53,14 +53,6 @@ CouchDB Daemonized Mini Apps [daemons] httpd={couch_httpd, start_link, []} - .. config:option:: httpsd - - Provides :ref:`SSL support `. The default SSL port CouchDB - listens on is `6984`:: - - [daemons] - httpsd = {chttpd, start_link, [https]} - .. config:option:: index_server The `couch_index` application is responsible for managing all of the diff --git a/src/cve/2012-5641.rst b/src/cve/2012-5641.rst index 40be7dd5..db06b909 100644 --- a/src/cve/2012-5641.rst +++ b/src/cve/2012-5641.rst @@ -55,9 +55,8 @@ Work-Around Users may simply exclude any file-based web serving components directly within their configuration file, typically in `local.ini`. On a default CouchDB installation, this requires amending the -:config:option:`httpd_global_handlers/favicon.ico` and -:config:option:`httpd_global_handlers/_utils` lines within -:config:section:`httpd_global_handlers`:: +`httpd_global_handlers/favicon.ico` and `httpd_global_handlers/_utils` +lines within `httpd_global_handlers`:: [httpd_global_handlers] favicon.ico = {couch_httpd_misc_handlers, handle_welcome_req, <<"Forbidden">>} diff --git a/src/setup/single-node.rst b/src/setup/single-node.rst index 169f2762..5a42ab30 100644 --- a/src/setup/single-node.rst +++ b/src/setup/single-node.rst @@ -12,6 +12,7 @@ .. _setup/single-node: +================= Single Node Setup ================= diff --git a/src/whatsnew/2.3.rst b/src/whatsnew/2.3.rst index c762b7bc..fca30d1e 100644 --- a/src/whatsnew/2.3.rst +++ b/src/whatsnew/2.3.rst @@ -93,7 +93,7 @@ Upgrade Notes you can modify the app context using a couchdb.config file as usual. * :ghissue:`1602`: Also to improve security, the deprecated ``os_daemons`` and - ``couch_http_proxy`` functionality has been completely removed ahead of the planned + ``couch_httpd_proxy`` functionality has been completely removed ahead of the planned CouchDB 3.0 release. We recommend the use of OS-level daemons such as runit, sysvinit, systemd, upstart, etc. to launch and maintain OS daemons instead, and the use of a reverse proxy server in front of CouchDB (such as haproxy) to proxy access to other