| # Licensed under the Apache License, Version 2.0 (the "License"); you may not |
| # use this file except in compliance with the License. You may obtain a copy of |
| # the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| # License for the specific language governing permissions and limitations under |
| # the License. |
| |
| # Each node in the system must have a unique name. These are specified through |
| # the Erlang -name flag, which takes the form: |
| # |
| # -name nodename@<FQDN> |
| # |
| # or |
| # |
| # -name nodename@<IP-ADDRESS> |
| # |
| # CouchDB recommends the following values for this flag: |
| # |
| # 1. If this is a single node, not in a cluster, use: |
| # -name couchdb@127.0.0.1 |
| # |
| # 2. If DNS is configured for this host, use the FQDN, such as: |
| # -name couchdb@my.host.domain.com |
| # |
| # 3. If DNS isn't configured for this host, use IP addresses only, such as: |
| # -name couchdb@192.168.0.1 |
| # |
| # Do not rely on tricks with /etc/hosts or libresolv to handle anything |
| # other than the above 3 approaches correctly. They will not work reliably. |
| # |
| # Multiple CouchDBs running on the same machine can use couchdb1@, couchdb2@, |
| # etc. |
| {{node_name}} |
| |
| # All nodes must share the same magic cookie for distributed Erlang to work. |
| # Uncomment the following line and append a securely generated random value. |
| # -setcookie |
| |
| # Which interfaces should the node listen on? |
| -kernel inet_dist_use_interface {127,0,0,1} |
| |
| # Tell kernel and SASL not to log anything |
| -kernel error_logger silent |
| -sasl sasl_error_logger false |
| |
| # This will toggle to true in Erlang 25+. However since we don't use global |
| # any longer, and have our own auto-connection module, we can keep the |
| # existing global behavior to avoid surprises. See |
| # https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more |
| # information about possible increased coordination and messages being sent on |
| # disconnections when this setting is enabled. |
| # |
| -kernel prevent_overlapping_partitions false |
| |
| # Increase the pool of dirty IO schedulers from 10 to 16 |
| # Dirty IO schedulers are used for file IO. |
| +SDio 16 |
| |
| # Increase distribution buffer size from default of 1MB to 32MB. The default is |
| # usually a bit low on busy clusters. Has no effect for single-node setups. |
| # The unit is in kilobytes. |
| +zdbbl 32768 |
| |
| # When running on Docker, Kubernetes or an OS using CFS (Completely Fair |
| # Scheduler) with CPU quota limits set, disable busy waiting for schedulers to |
| # avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. |
| #+sbwt none |
| #+sbwtdcpu none |
| #+sbwtdio none |
| |
| # Comment this line out to enable the interactive Erlang shell on startup |
| +Bd -noinput |
| |
| # Set maximum SSL session lifetime to reap terminated replication readers |
| -ssl session_lifetime 300 |
| |
| ## TLS Distribution |
| ## Use TLS for connections between Erlang cluster members. |
| ## http://erlang.org/doc/apps/ssl/ssl_distribution.html |
| ## |
| ## Generate Cert(PEM) File |
| ## This is just an example command to generate a certfile (PEM). |
| ## This is not an endorsement of specific expiration limits, key sizes, or algorithms. |
| ## $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem |
| ## $ cat key.pem cert.pem > dev/erlserver.pem && rm key.pem cert.pem |
| ## |
| ## Generate a Config File (couch_ssl_dist.conf) |
| ## [{server, |
| ## [{certfile, "</path/to/erlserver.pem>"}, |
| ## {secure_renegotiate, true}]}, |
| ## {client, |
| ## [{secure_renegotiate, true}]}]. |
| ## |
| ## CouchDB recommends the following values for no_tls flag: |
| ## 1. Use TCP only, set to true, such as: |
| ## -couch_dist no_tls true |
| ## 2. Use TLS only, set to false, such as: |
| ## -couch_dist no_tls false |
| ## 3. Specify which node to use TCP, such as: |
| ## -couch_dist no_tls \"*@127.0.0.1\" |
| ## |
| ## To ensure search works, make sure to set 'no_tls' option for the clouseau node. |
| ## By default that would be "clouseau@127.0.0.1". |
| ## Don't forget to override the paths to point to your certificate(s) and key(s)! |
| ## |
| #-proto_dist couch |
| #-couch_dist no_tls '"clouseau@127.0.0.1"' |
| #-ssl_dist_optfile <path/to/couch_ssl_dist.conf> |
| |
| # Enable FIPS mode |
| # https://www.erlang.org/doc/apps/crypto/fips.html |
| # Ensure that: |
| # - Erlang is built with --enable-fips configuration option |
| # - Crypto library (e.g. OpenSSL) supports this mode |
| # |
| # When the mode is successfully enabled "Welcome" message should show `fips` |
| # in the features list. |
| # |
| #-crypto fips_mode true |