awscouchdb

Enable SSL on CouchDB

You can enable SSL on CouchDB using these steps:

  • Stop CouchDB.

      $ sudo /opt/bitnami/ctlscript.sh stop couchdb
    
  • Edit the /opt/bitnami/couchdb/etc/local.ini file and make sure the [ssl] section includes at least the following lines uncommented:

      [ssl]
      port = 6984
      enable = true
      cert_file = /opt/bitnami/couchdb/etc/server.crt
      key_file = /opt/bitnami/couchdb/etc/server.key
    

    The certificates Bitnami includes are self-signed so you might get a warning when trying to access your site. To avoid this warning, you should get new certificates signed by a Certificate Authority, and uncomment the following line:

      ;cacert_file = /full/path/to/cacertf
    
  • Finally, start your CouchDB server again and you will be able to access CouchDB over SSL at the selected port eg. at https://SERVER-IP:6984/.

      $ sudo /opt/bitnami/ctlscript.sh restart couchdb
    
  • (Optional) Open the CouchDB HTTPS port in the server firewall for remote access. For more information, refer to the FAQ.

    NOTE: Remember to change the bind_address from 127.0.0.1 to 0.0.0.0 if you want to connect to CouchDB from a different machine. Refer to these instructions for more information.

Last modification April 8, 2020