Difference between revisions of "CouchDB"

From ArchWiki
Jump to: navigation, search
(Running)
m (Configuration)
 
(29 intermediate revisions by 14 users not shown)
Line 1: Line 1:
 
[[Category:Database management systems]]
 
[[Category:Database management systems]]
 +
[[ja:CouchDB]]
 
''"Apache CouchDB is a document-oriented database that can be queried and indexed in a MapReduce fashion using JavaScript."'' - [http://couchdb.apache.org/ CouchDB homepage]
 
''"Apache CouchDB is a document-oriented database that can be queried and indexed in a MapReduce fashion using JavaScript."'' - [http://couchdb.apache.org/ CouchDB homepage]
  
 
== Installation ==
 
== Installation ==
  
Install the {{Pkg|couchdb}} package:
+
Install the {{Pkg|couchdb}} package.
# pacman -S couchdb
 
  
== Running ==
+
== Usage ==
  
Start Couch
+
[[Systemd#Using units|Start/Enable]] the {{ic|couchdb.service}} daemon.
# systemctl start couchdb
 
  
To launch on startup, enable it:
+
Test to see if the service is running by running {{ic|curl <nowiki>http://127.0.0.1:5984/</nowiki>}}.
 +
Note that in order to access this instance of CouchDB from another system you’ll need to configure it (see below).
  
# systemctl enable couchdb
+
=== Using Fauxton admin interface ===
  
== Using Futon ==
+
You can now access the Fauxton admin interface by going to [http://localhost:5984/_utils http://localhost:5984/_utils].
  
You can now access the Futon admin interface by going to [http://localhost:5984/_utils http://localhost:5984/_utils]
+
== Configuration ==
  
== Configuring ==
+
You can do this through Fauxton or using command line.
  
Change the default port, bind address, log-level and other useful nuggets in {{ic|/etc/couchdb/local.ini}}.  
+
To setup the database and create an admin account through Fauxton, visit [http://127.0.0.1:5984/_utils/#setup http://127.0.0.1:5984/_utils/#setup].
  
If you want to run CouchDB on port 80 you will have to run the daemon as root or use an iptables rule such as:
+
To setup a single node from the command line (where {{ic|<adminuser>}} and {{ic|<password>}} are to be replaced).
  
  iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5984
+
$ curl -X POST -H "Content-Type: application/json" http://127.0.0.1:5984/_cluster_setup -d '{"action": "enable_single_node", "bind_address":"127.0.0.1", "username": "<adminuser>", "password": "<password>"}'
  
'''Note:''' Do not modify {{ic|/etc/couchdb/default.ini}} as it gets overwritten whenever couchdb is updated, copy any values you would like to change and put them in your local.ini. Also be sure to restart couchdb after changes to this file.
+
Also, you might want to take a look at [[#Single node setup & Security]].
 +
 
 +
{{Tip|If you are doing a cluster setup, you might want to set {{ic|bind_address}} to {{ic|0.0.0.0}} to access CouchDB from other nodes.}}
 +
 
 +
Note that you can also do all this as well as changing the default port, bind address, log-level and other useful nuggets in {{ic|/etc/couchdb/local.ini}}.
 +
 
 +
{{Note|Do not modify {{ic|/etc/couchdb/default.ini}} as it gets overwritten whenever couchdb is updated, copy any values you would like to change and put them in {{ic|/etc/couchdb/local.ini}}. Also be sure to restart {{ic|couchdb.service}} after changes to this file.}}
 +
 
 +
If you want to run CouchDB on port 80 you will have to run the daemon as root, use a reverse proxy or set an iptables rule such as:
 +
 
 +
$ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5984
 +
 
 +
=== Creating a self-signed certificate ===
  
 
If you would like to use ssl with a self-signed certificate you can create one like this:
 
If you would like to use ssl with a self-signed certificate you can create one like this:
  
  # cd /etc/couchdb
+
# cd /etc/couchdb
  # openssl genrsa -des3 -out server.key 1024
+
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt
  # openssl req -new -key server.key -out server.csr
+
 
  # cp server.key server.key.org
+
Then uncomment httpsd and update the paths in {{ic|[daemons]}} and {{ic|[ssl]}} sections:
  # openssl rsa -in server.key.org -out server.key
+
 
  # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+
{{hc|/etc/couchdb/local.ini|2=
 +
[daemons]
 +
httpsd = {couch_httpd, start_link, [https]}
 +
 
 +
[ssl]
 +
cert_file = /etc/couchdb/server.crt
 +
key_file = /etc/couchdb/server.key
 +
}}
  
Then uncomment httpsd and update the path in the '''[ssl]''' section
+
Fauxton can then be accessed over SSL on port 6984 via [https://localhost:6984/_utils/ https://localhost:6984/_utils/].
  
  [daemons]
+
== Single node setup & Security ==
  httpsd = {couch_httpd, start_link, [https]}
 
  
  [ssl]
+
If you run CouchDB in a single node setup, you might want to increase security by not binding unnecessarily on public network interfaces. Two process are actually doing so: {{ic|epmd}} and {{ic|beam.smp}}. The first one is quite easy to work around, you can simply add the following systemd drop-in addition to {{ic|couchdb.service}}:
  cert_file = /etc/couchdb/server.crt
 
  key_file = /etc/couchdb/server.key
 
  
Futon can be accessed over ssl on port 6984 via https://localhost:6984/_utils/
+
{{hc|/etc/systemd/system/couchdb.service.d/10-bind-locally.conf|2=
 +
[Service]
 +
Environment=ERL_EPMD_ADDRESS=127.0.0.1
 +
}}
  
Admin users can be created in your {{ic|local.ini}} file. Add the username and password in plaintext, next time couch is restarted it will hash the password. See [http://lizconlan.github.com/sandbox/securing-couchdb.html create a read-only database] for locking down databases and further security.
+
The second one needs an edit in {{ic|vm.args}}
 
+
{{hc|/etc/couchdb/vm.args|2=
  [admins]
+
-kernel inet_dist_use_interface {127,0,0,1}
  admin = magicalunicorns
+
}}
  
== More Resources ==
+
== See also ==
  
 
* [http://couchdb.apache.org/ Official CouchDB page]
 
* [http://couchdb.apache.org/ Official CouchDB page]

Latest revision as of 15:57, 19 April 2018

"Apache CouchDB is a document-oriented database that can be queried and indexed in a MapReduce fashion using JavaScript." - CouchDB homepage

Installation

Install the couchdb package.

Usage

Start/Enable the couchdb.service daemon.

Test to see if the service is running by running curl http://127.0.0.1:5984/. Note that in order to access this instance of CouchDB from another system you’ll need to configure it (see below).

Using Fauxton admin interface

You can now access the Fauxton admin interface by going to http://localhost:5984/_utils.

Configuration

You can do this through Fauxton or using command line.

To setup the database and create an admin account through Fauxton, visit http://127.0.0.1:5984/_utils/#setup.

To setup a single node from the command line (where <adminuser> and <password> are to be replaced).

$ curl -X POST -H "Content-Type: application/json" http://127.0.0.1:5984/_cluster_setup -d '{"action": "enable_single_node", "bind_address":"127.0.0.1", "username": "<adminuser>", "password": "<password>"}'

Also, you might want to take a look at #Single node setup & Security.

Tip: If you are doing a cluster setup, you might want to set bind_address to 0.0.0.0 to access CouchDB from other nodes.

Note that you can also do all this as well as changing the default port, bind address, log-level and other useful nuggets in /etc/couchdb/local.ini.

Note: Do not modify /etc/couchdb/default.ini as it gets overwritten whenever couchdb is updated, copy any values you would like to change and put them in /etc/couchdb/local.ini. Also be sure to restart couchdb.service after changes to this file.

If you want to run CouchDB on port 80 you will have to run the daemon as root, use a reverse proxy or set an iptables rule such as:

$ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5984

Creating a self-signed certificate

If you would like to use ssl with a self-signed certificate you can create one like this:

# cd /etc/couchdb
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt

Then uncomment httpsd and update the paths in [daemons] and [ssl] sections:

/etc/couchdb/local.ini
[daemons]
httpsd = {couch_httpd, start_link, [https]}

[ssl]
cert_file = /etc/couchdb/server.crt
key_file = /etc/couchdb/server.key

Fauxton can then be accessed over SSL on port 6984 via https://localhost:6984/_utils/.

Single node setup & Security

If you run CouchDB in a single node setup, you might want to increase security by not binding unnecessarily on public network interfaces. Two process are actually doing so: epmd and beam.smp. The first one is quite easy to work around, you can simply add the following systemd drop-in addition to couchdb.service:

/etc/systemd/system/couchdb.service.d/10-bind-locally.conf
[Service]
Environment=ERL_EPMD_ADDRESS=127.0.0.1

The second one needs an edit in vm.args

/etc/couchdb/vm.args
-kernel inet_dist_use_interface {127,0,0,1}

See also