forked from DevOps/deploy.stack
fix(couchdb): 更新配置以增强安全性和代理功能
修改 CouchDB 配置以增强安全性,包括认证处理和跨域设置 调整 Caddy 代理配置以改进路径处理和连接头设置
This commit is contained in:
cnphpbb
@@ -1,25 +1,28 @@
|
|||||||
yourdomain.com {
|
yourdomain.com {
|
||||||
# 自动申请 TLS 证书
|
# 自动申请 TLS 证书
|
||||||
tls your_email@example.com
|
tls your_email@example.com
|
||||||
# CouchDB 路径路由
|
|
||||||
handle_path /couchdb/* {
|
|
||||||
# 重写路径 (去掉 /couchdb 前缀)
|
|
||||||
rewrite * /{path.trim_prefix('/couchdb')}
|
|
||||||
# 反向代理到本地 CouchDB
|
|
||||||
reverse_proxy http://localhost:5984 {
|
|
||||||
# 关键头部设置
|
|
||||||
header_up Host {http.reverse_proxy.upstream.hostport}
|
|
||||||
header_up X-Forwarded-For {client_host}
|
|
||||||
header_up X-Forwarded-Proto https
|
|
||||||
|
|
||||||
# 可选:调整超时设置
|
handle /couchdb/* {
|
||||||
transport http {
|
@couch path /couchdb
|
||||||
keepalive 300s
|
redir @couch /couchdb/ permanent
|
||||||
|
handle_path /couchdb/* {
|
||||||
|
rewrite * /{path.trim_prefix('/couchdb')}
|
||||||
|
reverse_proxy http://10.0.0.2:5984 {
|
||||||
|
header_up Host {http.reverse_proxy.upstream.hostport}
|
||||||
|
header_up X-Forwarded-Prefix /couchdb
|
||||||
|
header_up Connection "upgrade"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# 可选:非/couchdb路径的默认响应
|
# 禁止直接访问根路径
|
||||||
handle {
|
handle {
|
||||||
respond "CouchDB available at /couchdb/" 404
|
respond "Access via /couchdb/" 403
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## 使用专用子域名 简单
|
||||||
|
# couchdb.yourdomain.com { # 使用专用子域名
|
||||||
|
# reverse_proxy http://localhost:5984 {
|
||||||
|
# header_up Host {http.reverse_proxy.upstream.hostport}
|
||||||
|
# }
|
||||||
|
# }
|
||||||
@@ -7,6 +7,9 @@ single_node=true
|
|||||||
# 最大文档大小(字节)
|
# 最大文档大小(字节)
|
||||||
max_document_size = 50000000
|
max_document_size = 50000000
|
||||||
|
|
||||||
|
[daemons]
|
||||||
|
httpd = {chttpd, start_link, [http]}
|
||||||
|
|
||||||
[chttpd]
|
[chttpd]
|
||||||
# 要求有效用户认证
|
# 要求有效用户认证
|
||||||
require_valid_user = true
|
require_valid_user = true
|
||||||
@@ -20,15 +23,22 @@ require_valid_user = true
|
|||||||
authentication_redirect = /_utils/session.html
|
authentication_redirect = /_utils/session.html
|
||||||
|
|
||||||
[httpd]
|
[httpd]
|
||||||
secure_rewrites = true
|
enable_cors = true # 开启跨域支持
|
||||||
|
secure_rewrites = true # 强制安全重写
|
||||||
|
authentication_handlers = {chttpd_auth, cookie_authentication_handler, default_authentication_handler}
|
||||||
# 基本认证领域
|
# 基本认证领域
|
||||||
WWW-Authenticate = Basic realm="couchdb"
|
WWW-Authenticate = Basic realm="Protected CouchDB"
|
||||||
# 启用 CORS
|
|
||||||
enable_cors = true
|
# 禁止访问 Fauxton 特定路径
|
||||||
|
blacklist = "_utils,_session,_active_tasks"
|
||||||
|
# 可选:关闭管理功能
|
||||||
|
enable_couch_manager = false
|
||||||
|
couch_peruser = false
|
||||||
|
|
||||||
[cors]
|
[cors]
|
||||||
# 允许的源(用逗号分隔)
|
# 允许的源(用逗号分隔)
|
||||||
origins = app://obsidian.md,capacitor://localhost,http://localhost
|
origins = app://obsidian.md,capacitor://localhost,http://localhost
|
||||||
|
# origins = *
|
||||||
# 允许发送认证信息
|
# 允许发送认证信息
|
||||||
credentials = true
|
credentials = true
|
||||||
# 允许的请求头
|
# 允许的请求头
|
||||||
|
|||||||
Reference in New Issue
Block a user