From 0aec2296cea85182a67b37f3ce5aa325a2a51c6a Mon Sep 17 00:00:00 2001
From: cnphpbb <moqiruyi@gmail.com>
Date: Tue, 9 Sep 2025 23:24:53 +0800
Subject: [PATCH] =?UTF-8?q?feat(couchdb):=20=E6=B7=BB=E5=8A=A0=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8=E9=87=8D=E5=86=99=E5=92=8CCaddy=E4=BB=A3=E7=90=86?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

添加secure_rewrites配置以增强CouchDB安全性
新增Caddy代理配置文件，支持TLS和路径重写
---
 dbSer/couchdb/etc/caddy/proxy.conf          | 25 +++++++++++++++++++++
 dbSer/couchdb/etc/couchdb/local.d/local.ini |  6 ++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 dbSer/couchdb/etc/caddy/proxy.conf

diff --git a/dbSer/couchdb/etc/caddy/proxy.conf b/dbSer/couchdb/etc/caddy/proxy.conf
new file mode 100644
index 0000000..6dbb276
--- /dev/null
+++ b/dbSer/couchdb/etc/caddy/proxy.conf
@@ -0,0 +1,25 @@
+yourdomain.com {
+    # 自动申请 TLS 证书
+    tls your_email@example.com 
+    # CouchDB 路径路由
+    handle_path /couchdb/* {
+        # 重写路径 (去掉 /couchdb 前缀)
+        rewrite * /{path.trim_prefix('/couchdb')}
+        # 反向代理到本地 CouchDB
+        reverse_proxy http://localhost:5984 {
+            # 关键头部设置
+            header_up Host {http.reverse_proxy.upstream.hostport}
+            header_up X-Forwarded-For {client_host}
+            header_up X-Forwarded-Proto https
+            
+            # 可选：调整超时设置
+            transport http {
+                keepalive 300s
+            }
+        }
+    }
+    # 可选：非/couchdb路径的默认响应
+    handle {
+        respond "CouchDB available at /couchdb/" 404
+    }
+}
\ No newline at end of file
diff --git a/dbSer/couchdb/etc/couchdb/local.d/local.ini b/dbSer/couchdb/etc/couchdb/local.d/local.ini
index df134ee..7a392b6 100644
--- a/dbSer/couchdb/etc/couchdb/local.d/local.ini
+++ b/dbSer/couchdb/etc/couchdb/local.d/local.ini
@@ -20,6 +20,7 @@ require_valid_user = true
 authentication_redirect = /_utils/session.html
 
 [httpd]
+secure_rewrites = true
 # 基本认证领域
 WWW-Authenticate = Basic realm="couchdb"
 # 启用 CORS
@@ -35,4 +36,7 @@ headers = accept, authorization, content-type, origin, referer
 # 允许的 HTTP 方法
 methods = GET, PUT, POST, HEAD, DELETE
 # CORS 预检请求缓存时间（秒）
-max_age = 3600 
\ No newline at end of file
+max_age = 3600 
+
+; [daemons]
+; httpd = {chttpd, start_link, [http]}
\ No newline at end of file