我用bitnami的CouchDB创建了一个实例。链接在这里
https://bitnami.com/stack/couchdb
在HTTP上运行正常。但是我想使其在https上工作,为此,我使用了本指南来创建自签名证书:
https://docs.bitnami.com/oci/infrastructure/couchdb/administration/create-ssl-certificate-couchdb/
及其在服务器上启用它的指南:
https://docs.bitnami.com/oci/infrastructure/couchdb/administration/enable-ssl/
这是我在/opt/bitnami/couchdb/etc/local.ini中使用SSL的部分
`[ssl]
port = 6984
enable = true
cert_file = /opt/bitnami/couchdb/etc/server.crt
key_file = /opt/bitnami/couchdb/etc/server.key
;password = somepassword
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
;fail_if_no_peer_cert = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
;ssl_certificate_max_depth = 1`
请让我知道我还应该提供什么其他信息。在此先感谢您,我已经为此忙了一个星期!
这是curl -a -k mydomain.com的日志
`* Expire in 1 ms for 1 (transfer 0x55b57b804f50)
* Trying 3.85.5.117...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55b57b804f50)
* Connected to data.posifier.com (3.85.5.117) port 6984 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to data.posifier.com:6984
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to data.posifier.com:6984`
答案 0 :(得分:0)
为了使 SSL 正常工作,您需要(至少)拥有自签名证书。在您的配置文件中,您对 cacert_file = /full/path/to/cacertf 行进行了注释。
我写了一个分步指南来让它工作。
看看here