我已经使用来自 bitnami 的 CouchDB 创建了一个实例。链接在这里https://bitnami.com/stack/couchdb它在 HTTP 上运行良好。但我想让它在 https 上运行,为此,我使用本指南创建了一个自签名认证:https://docs.bitnami.com/oci/infrastructure/couchdb/administration/create-ssl-certificate-couchdb/以及他们在服务器上启用它的指南:https://docs.bitnami.com/oci/infrastructure/couchdb/administration/enable-ssl/这是我在 /opt/bitnami/couchdb/etc/local.ini 中的 SSL 部分
`[ssl]
port = 6984
enable = true
cert_file = /opt/bitnami/couchdb/etc/server.crt
key_file = /opt/bitnami/couchdb/etc/server.key
;password = somepassword
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
;fail_if_no_peer_cert = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
;ssl_certificate_max_depth = 1`
这是来自 curl -a -k mydomain.com 的日志
`* Expire in 1 ms for 1 (transfer 0x55b57b804f50)
* Trying 3.85.5.117...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55b57b804f50)
* Connected to data.posifier.com (3.85.5.117) port 6984 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to data.posifier.com:6984
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to data.posifier.com:6984`
最佳答案
为了使 SSL 正常工作,您需要(至少)拥有自签名证书。在您的配置文件中,您有 cacert_file =/full/path/to/cacertf 行注释。
我写了一个分步指南来使它工作。
看看here
关于amazon-web-services - 托管在 AWS 实例上的 bitnami CouchDB 的 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63912390/