amazon-web-services - 托管在 AWS 实例上的 bitnami CouchDB 的 SSL

Question

我已经使用来自 bitnami 的 CouchDB 创建了一个实例。链接在这里https://bitnami.com/stack/couchdb它在 HTTP 上运行良好。但我想让它在 https 上运行，为此，我使用本指南创建了一个自签名认证:https://docs.bitnami.com/oci/infrastructure/couchdb/administration/create-ssl-certificate-couchdb/以及他们在服务器上启用它的指南:https://docs.bitnami.com/oci/infrastructure/couchdb/administration/enable-ssl/这是我在 /opt/bitnami/couchdb/etc/local.ini 中的 SSL 部分

`[ssl]
port = 6984
enable = true
cert_file = /opt/bitnami/couchdb/etc/server.crt
key_file = /opt/bitnami/couchdb/etc/server.key
;password = somepassword
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
;fail_if_no_peer_cert = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
;ssl_certificate_max_depth = 1`

请让我知道我应该提供哪些其他信息。在此先感谢一下，我已经为此纠结了一个星期!
这是来自 curl -a -k mydomain.com 的日志

`* Expire in 1 ms for 1 (transfer 0x55b57b804f50)
*   Trying 3.85.5.117...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55b57b804f50)
* Connected to data.posifier.com (3.85.5.117) port 6984 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to data.posifier.com:6984
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to data.posifier.com:6984`

Answer 1

为了使 SSL 正常工作，您需要(至少)拥有自签名证书。在您的配置文件中，您有 cacert_file =/full/path/to/cacertf 行注释。
我写了一个分步指南来使它工作。
看看here