| # Licensed under the Apache License, Version 2.0 (the "License"); you may not |
| # use this file except in compliance with the License. You may obtain a copy of |
| # the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| # License for the specific language governing permissions and limitations under |
| # the License. |
| |
| # Each node in the system must have a unique name. These are specified through |
| # the Erlang -name flag, which takes the form: |
| # |
| # -name nodename@<FQDN> |
| # |
| # or |
| # |
| # -name nodename@<IP-ADDRESS> |
| # |
| # CouchDB recommends the following values for this flag: |
| # |
| # 1. If this is a single node, not in a cluster, use: |
| # -name couchdb@127.0.0.1 |
| # |
| # 2. If DNS is configured for this host, use the FQDN, such as: |
| # -name couchdb@my.host.domain.com |
| # |
| # 3. If DNS isn't configured for this host, use IP addresses only, such as: |
| # -name couchdb@192.168.0.1 |
| # |
| # Do not rely on tricks with /etc/hosts or libresolv to handle anything |
| # other than the above 3 approaches correctly. They will not work reliably. |
| # |
| # Multiple CouchDBs running on the same machine can use couchdb1@, couchdb2@, |
| # etc. |
| {{node_name}} |
| |
| # All nodes must share the same magic cookie for distributed Erlang to work. |
| # Uncomment the following line and append a securely generated random value. |
| # -setcookie |
| |
| # Which interfaces should the node listen on? |
| -kernel inet_dist_use_interface {127,0,0,1} |
| |
| # Tell kernel and SASL not to log anything |
| -kernel error_logger silent |
| -sasl sasl_error_logger false |
| |
| # This will toggle to true in Erlang 25+. However since we don't use global |
| # any longer, and have our own auto-connection module, we can keep the |
| # existing global behavior to avoid surprises. See |
| # https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more |
| # information about possible increased coordination and messages being sent on |
| # disconnections when this setting is enabled. |
| # |
| -kernel prevent_overlapping_partitions false |
| |
| # Increase the pool of dirty IO schedulers from 10 to 16 |
| # Dirty IO schedulers are used for file IO. |
| +SDio 16 |
| |
| # Comment this line out to enable the interactive Erlang shell on startup |
| +Bd -noinput |
| |
| # Set maximum SSL session lifetime to reap terminated replication readers |
| -ssl session_lifetime 300 |
| |
| ## TLS Distribution |
| ## Use TLS for connections between Erlang cluster members. |
| ## http://erlang.org/doc/apps/ssl/ssl_distribution.html |
| ## |
| ## Generate Cert(PEM) File |
| ## This is just an example command to generate a certfile (PEM). |
| ## This is not an endorsement of specific expiration limits, key sizes, or algorithms. |
| ## $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem |
| ## $ cat key.pem cert.pem > dev/erlserver.pem && rm key.pem cert.pem |
| ## |
| ## Generate a Config File (couch_ssl_dist.conf) |
| ## [{server, |
| ## [{certfile, "</path/to/erlserver.pem>"}, |
| ## {secure_renegotiate, true}]}, |
| ## {client, |
| ## [{secure_renegotiate, true}]}]. |
| ## |
| ## CouchDB recommends the following values for no_tls flag: |
| ## 1. Use TCP only, set to true, such as: |
| ## -couch_dist no_tls true |
| ## 2. Use TLS only, set to false, such as: |
| ## -couch_dist no_tls false |
| ## 3. Specify which node to use TCP, such as: |
| ## -couch_dist no_tls \"*@127.0.0.1\" |
| ## |
| ## To ensure search works, make sure to set 'no_tls' option for the clouseau node. |
| ## By default that would be "clouseau@127.0.0.1". |
| ## Don't forget to override the paths to point to your certificate(s) and key(s)! |
| ## |
| #-proto_dist couch |
| #-couch_dist no_tls '"clouseau@127.0.0.1"' |
| #-ssl_dist_optfile <path/to/couch_ssl_dist.conf> |