Difference between revisions of "CouchDB"

From ArchWiki
Jump to navigation Jump to search
(→‎Installation: Setup from CLI.)
(Huge refactoring)
Line 5: Line 5:
 
== Installation ==
 
== Installation ==
  
Install the {{Pkg|couchdb}} package and [[Systemd#Using units|Start/Enable]] the {{ic|couchdb.service}} daemon.
+
Install the {{Pkg|couchdb}} package.
  
Then either visit [http://127.0.0.1:5984/_utils/#setup http://127.0.0.1:5984/_utils/#setup] to setup the database and admin user account or do this from the command line:
+
== Usage ==
  
* Cluster setup (you still have to setup nodes afterwards):
+
[[Systemd#Using units|Start/Enable]] the {{ic|couchdb.service}} daemon.
  
    curl -X POST -H "Content-Type: application/json" http://127.0.0.1:5984/_cluster_setup -d '{"action": "enable_cluster", "bind_address":"0.0.0.0", "username": "admin", "password": "<password>"}'
+
Test to see if the service is running by running {{ic|curl <nowiki>http://127.0.0.1:5984/</nowiki>}}.
 +
Ping will not work (it’s not supposed to unlike on other systems where it does).
 +
Note that in order to access this instance of CouchDB from another system you’ll need to configure it (see below).
  
* Single node setup:
+
=== Using Fauxton admin interface ===
  
    curl -X POST -H "Content-Type: application/json" http://127.0.0.1:5984/_cluster_setup -d '{"action": "enable_single_node", "bind_address":"127.0.0.1", "username": "admin", "password": "<password>"}'
+
You can now access the Fauxton admin interface by going to [http://localhost:5984/_utils http://localhost:5984/_utils].
  
If you select single node setup you might need to create few databases manually via http api:
+
== Configuration ==
  
    curl -X PUT http://admin:<password>@127.0.0.1:5984/_users
+
You can do this through Fauxton or using command line.
    curl -X PUT http://admin:<password>@127.0.0.1:5984/_replicator
 
  
Also, you might want to take a look at [[#Single node setup & Security]].
+
To setup the database and create an admin account through Fauxton, visit [http://127.0.0.1:5984/_utils/#setup http://127.0.0.1:5984/_utils/#setup].
  
== Usage ==
+
To setup a single node from the command line (where {ic|<adminuser>} and {ic|<password>} are to be replaced).
  
[[Systemd#Using units|Start/Enable]] the {{ic|couchdb.service}} daemon.
+
    curl -X POST -H "Content-Type: application/json" http://127.0.0.1:5984/_cluster_setup -d '{"action": "enable_single_node", "bind_address":"127.0.0.1", "username": "<adminuser>", "password": "<password>"}'
 +
    curl -X PUT http://<adminuser>:<password>@127.0.0.1:5984/_users
 +
    curl -X PUT http://<adminuser>:<password>@127.0.0.1:5984/_replicator
  
Test to see if the service is running by running {{ic|curl <nowiki>http://127.0.0.1:5984/</nowiki>}}.  Ping will not work (it's not supposed to unlike on other systems where it does).  Note that in order to access this instance of CouchDB from another system you'll need to configure it (see below).
+
Also, you might want to take a look at [[#Single node setup & Security]].
  
=== Using Futon admin interface ===
+
{{Tip|If you are doing a cluster setup, you might want to set {{ic|bind_address}} to {{ic|0.0.0.0}} to access CouchDB from other nodes.}}
  
You can now access the Futon admin interface by going to [http://localhost:5984/_utils http://localhost:5984/_utils].
+
Note that you can also do all this as well as changing the default port, bind address, log-level and other useful nuggets in {{ic|/etc/couchdb/local.ini}}.
  
== Configuration ==
+
{{Note|Do not modify {{ic|/etc/couchdb/default.ini}} as it gets overwritten whenever couchdb is updated, copy any values you would like to change and put them in {{ic|/etc/couchdb/local.ini}}. Also be sure to restart {{ic|couchdb.service}} after changes to this file.}}
 
 
Change the default port, bind address, log-level and other useful nuggets in {{ic|/etc/couchdb/local.ini}}.
 
 
 
{{Tip|Set {{ic|bind_address}} to {{ic|0.0.0.0}} to access CouchDB from any computer other than local.}}
 
  
If you want to run CouchDB on port 80 you will have to run the daemon as root or use an iptables rule such as:
+
If you want to run CouchDB on port 80 you will have to run the daemon as root, use a reverse proxy or set an iptables rule such as:
  
 
  $ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5984
 
  $ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5984
 
{{Note|Do not modify {{ic|/etc/couchdb/default.ini}} as it gets overwritten whenever couchdb is updated, copy any values you would like to change and put them in {{ic|/etc/couchdb/local.ini}}. Also be sure to restart {{ic|couchdb.service}} after changes to this file.}}
 
  
 
=== Creating a self-signed certificate ===
 
=== Creating a self-signed certificate ===
Line 64: Line 61:
 
}}
 
}}
  
Futon can be accessed over SSL on port 6984 via [https://localhost:6984/_utils/ https://localhost:6984/_utils/].
+
Fauxton can then be accessed over SSL on port 6984 via [https://localhost:6984/_utils/ https://localhost:6984/_utils/].
 
 
=== Creating administrator users ===
 
 
 
Before a server admin is configured, all clients have admin privileges.  To create an admin user, click on "Fix this" link at bottom right of Futon interface.
 
 
 
See [http://lizconlan.github.com/sandbox/securing-couchdb.html create a read-only database] for locking down databases and further security.
 
  
 
== Single node setup & Security ==
 
== Single node setup & Security ==

Revision as of 15:31, 18 April 2018

"Apache CouchDB is a document-oriented database that can be queried and indexed in a MapReduce fashion using JavaScript." - CouchDB homepage

Installation

Install the couchdb package.

Usage

Start/Enable the couchdb.service daemon.

Test to see if the service is running by running curl http://127.0.0.1:5984/. Ping will not work (it’s not supposed to unlike on other systems where it does). Note that in order to access this instance of CouchDB from another system you’ll need to configure it (see below).

Using Fauxton admin interface

You can now access the Fauxton admin interface by going to http://localhost:5984/_utils.

Configuration

You can do this through Fauxton or using command line.

To setup the database and create an admin account through Fauxton, visit http://127.0.0.1:5984/_utils/#setup.

To setup a single node from the command line (where {ic|<adminuser>} and {ic|<password>} are to be replaced).

   curl -X POST -H "Content-Type: application/json" http://127.0.0.1:5984/_cluster_setup -d '{"action": "enable_single_node", "bind_address":"127.0.0.1", "username": "<adminuser>", "password": "<password>"}'
   curl -X PUT http://<adminuser>:<password>@127.0.0.1:5984/_users
   curl -X PUT http://<adminuser>:<password>@127.0.0.1:5984/_replicator

Also, you might want to take a look at #Single node setup & Security.

Tip: If you are doing a cluster setup, you might want to set bind_address to 0.0.0.0 to access CouchDB from other nodes.

Note that you can also do all this as well as changing the default port, bind address, log-level and other useful nuggets in /etc/couchdb/local.ini.

Note: Do not modify /etc/couchdb/default.ini as it gets overwritten whenever couchdb is updated, copy any values you would like to change and put them in /etc/couchdb/local.ini. Also be sure to restart couchdb.service after changes to this file.

If you want to run CouchDB on port 80 you will have to run the daemon as root, use a reverse proxy or set an iptables rule such as:

$ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5984

Creating a self-signed certificate

If you would like to use ssl with a self-signed certificate you can create one like this:

# cd /etc/couchdb
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt

Then uncomment httpsd and update the paths in [daemons] and [ssl] sections:

/etc/couchdb/local.ini
[daemons]
httpsd = {couch_httpd, start_link, [https]}

[ssl]
cert_file = /etc/couchdb/server.crt
key_file = /etc/couchdb/server.key

Fauxton can then be accessed over SSL on port 6984 via https://localhost:6984/_utils/.

Single node setup & Security

If you run CouchDB in a single node setup, you might want to increase security by not binding unnecessarily on public network interfaces. Two process are actually doing so: epmd and beam.smp. The first one is quite easy to work around, you can simply add the following systemd drop-in addition to couchdb.service:

/etc/systemd/system/couchdb.service.d/10-bind-locally.conf
[Service]
Environment=ERL_EPMD_ADDRESS=127.0.0.1

The second one needs an edit in vm.args

/etc/couchdb/vm.args
-kernel inet_dist_use_interface {127,0,0,1}

See also