Created
August 3, 2016 14:51
-
-
Save CodyKochmann/8a367ee70278b80f99f771f6f082f602 to your computer and use it in GitHub Desktop.
This script will set up ssl for couchdb on a raspberry pi, debian or ubuntu system. I added a password generator plugged into openssl so you can just copy and paste that into the server key password prompt unless you either dont trust openssl (which would defeat the purpose of using SSL) or can come up with a better password than a SHA-512 bit h…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# this creates a self signed certificate for couchdb | |
function SetUpCouchDBSSL | |
{ | |
mkdir -p /etc/couchdb/ssl \ | |
&& cd /etc/couchdb/ssl \ | |
&& suggestion=`openssl rand -base64 4096 | openssl dgst -sha512 | sed "s/(stdin)= //g"` \ | |
&& echo "Here is a secure password you can use - ${suggestion}" \ | |
&& suggestion="" \ | |
&& openssl genrsa -des3 -out server.key 2048 \ | |
&& openssl rsa -in server.key -out server.key \ | |
&& openssl req -new -key server.key -out server.csr \ | |
&& openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt \ | |
&& echo ' | |
----------------------------------------------------------- | |
Copy this snippet to add it to /etc/couchdb/default.ini | |
this will tell couchdb where to look in order to use ssl | |
----------------------------------------------------------- | |
[ssl] | |
cert_file = /etc/couchdb/ssl/server.crt | |
key_file = /etc/couchdb/ssl/server.key | |
port = 6984 | |
----------------------------------------------------------- | |
Press [enter] once you have it coppied. | |
' \ | |
&& read enterkey \ | |
&& nano +$(cat -n /etc/couchdb/default.ini | grep -e "\[ssl\]" | sed -e 's/\s\+/\n/g' | grep . | grep -v ssl) /etc/couchdb/default.ini \ | |
&& echo 'The system will need to reboot in order to finish.' | |
} | |
if [[ $EUID -ne 0 ]] | |
then | |
echo "This script must be run as root" 1>&2 | |
exit 1 | |
else | |
SetUpCouchDBSSL && echo 'done' | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment