Merge pull request #137 from FieldDB/couchdb_https

Couchdb https

Author: cesine

Dockerfile-couchdb

@@ -3,12 +3,11 @@ FROM couchdb:3.5.1
 WORKDIR /
 
 COPY etc/* /opt/couchdb/etc/
+COPY config/fielddb_debug.* /opt/couchdb/etc/
 
 RUN set +x; \
-  curl -X PUT http://admin:none@127.0.0.1:5984/_users; \
-  curl -X PUT http://admin:none@127.0.0.1:5984/_replicator; \
+  curl -Xk PUT https://admin:none@127.0.0.1:6984/_users; \
+  curl -Xk PUT https://admin:none@127.0.0.1:6984/_replicator; \
   ls -alt /opt/couchdb/etc; \
   cat /opt/couchdb/etc/local.ini; \
   ls /opt/couchdb/etc/local.d;
-
-# COPY fielddb_debug.* /usr/local/etc/couchdb

config/ssl_debug.crt

@@ -13,6 +13,7 @@ services:
       dockerfile: ./Dockerfile-couchdb
     ports:
       - 5984:5984
+      - 6984:6984
     environment:
       - COUCHDB_USER=admin
       - COUCHDB_PASSWORD=none

config/ssl_debug.key

@@ -14,3 +14,18 @@ admin = -pbkdf2-3f04b4318f9a5b3c20ff99fa9194744d0cffa603,e5fbfb69d2a5db31325d234
 
 [replicator]
 auth_plugins = couch_replicator_auth_noop
+
+[daemons]
+; enable SSL support by uncommenting the following line and supply the PEM's below.
+; the default ssl port CouchDB listens on is 6984
+httpsd = {couch_httpd, start_link, [https]}
+
+[ssl]
+enable = true
+; secure_renegotiate = undefined
+cert_file = /opt/couchdb/etc/fielddb_debug.crt
+key_file = /opt/couchdb/etc/fielddb_debug.key
+; set to true to validate peer certificates
+verify_ssl_certificates = false
+; maximum peer certificate depth
+ssl_certificate_max_depth = 1

docker-compose.yml

@@ -64,14 +64,14 @@
     "docker:build": "docker build -t fielddb-auth .",
     "docker:test": "echo 'module.exports = { usersDbConnection: { url: \"http://localhost:5984\" } };' > config/local.js && docker compose up -d && sleep 3 && docker compose logs && npm run setup && npm run test:deprecated",
     "docker:test:no-cache": "echo 'module.exports = { usersDbConnection: { url: \"http://localhost:5984\" } };' > config/local.js && docker compose build --no-cache && docker compose up -d && sleep 15 && docker compose logs && npm run setup && npm run test:deprecated",
-    "coverage": "NODE_ENV=test BUNYAN_LOG_LEVEL=FATAL NODE_TLS_REJECT_UNAUTHORIZED=0 nyc npm test",
+    "coverage": "NODE_ENV=test BUNYAN_LOG_LEVEL=FATAL nyc npm test",
     "lint": "eslint ",
     "lint:ci": "eslint .",
-    "setup": "REPLAY=bloody SOURCE_URL=${SOURCE_URL:-https://public:none@corpusdev.example.org} mocha --timeout 20000 test/integration/install.js",
+    "setup": "REPLAY=bloody NODE_TLS_REJECT_UNAUTHORIZED=0 SOURCE_URL=${SOURCE_URL:-https://public:none@corpusdev.example.org} mocha --timeout 20000 test/integration/install.js",
     "start": "node ./bin/www.js",
     "test": "SOURCE_URL=${SOURCE_URL:-https://public:none@corpusdev.example.org} NODE_ENV=test NODE_TLS_REJECT_UNAUTHORIZED=0 mocha --timeout 100000 --recursive test",
     "test:debug": "node-debug _mocha test/integration/oauth.js",
-    "test:deprecated": "DEBUG=${DEBUG:-lib:user} REPLAY=bloody nyc mocha --timeout 25000 test/routes/deprecated-spec.js",
+    "test:deprecated": "DEBUG=${DEBUG:-lib:user} REPLAY=bloody NODE_TLS_REJECT_UNAUTHORIZED=0 nyc mocha --timeout 25000 test/routes/deprecated-spec.js",
     "test:fielddb": "NODE_ENV=localhost jasmine-node node_modules/fielddb/tests",
     "test:production": "ls config/production.js",
     "watch": "nodemon ./bin/www.js"

etc/local.ini

@@ -10,6 +10,13 @@ const originalLocalhosts = replay._localhosts;
 // eslint-disable-next-line no-underscore-dangle
 debug('replay localhosts', replay._localhosts);
 
+// FIXME: unable to use replication on https
+/*
+ application: mochiweb, "Accept failed error", "{error,
+     {tls_alert,
+         {certificate_unknown,
+             \"TLS server: In state wait_finished received CLIENT ALERT: Fatal - Certificate Unknown\\n\"}}}"
+ */
 let destination = 'http://admin:none@localhost:5984';
 if (!destination) {
   destination = url.parse(config.usersDbConnection.url);