blob: 174fba1c540f8618de6b6bf93e3aab03dddd39fe [file] [log] [blame]
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
# Each node in the system must have a unique name. These are specified through
# the Erlang -name flag, which takes the form:
# -name nodename@<FQDN>
# or
# -name nodename@<IP-ADDRESS>
# CouchDB recommends the following values for this flag:
# 1. If this is a single node, not in a cluster, use:
# -name couchdb@
# 2. If DNS is configured for this host, use the FQDN, such as:
# -name
# 3. If DNS isn't configured for this host, use IP addresses only, such as:
# -name couchdb@
# Do not rely on tricks with /etc/hosts or libresolv to handle anything
# other than the above 3 approaches correctly. They will not work reliably.
# Multiple CouchDBs running on the same machine can use couchdb1@, couchdb2@,
# etc.
# All nodes must share the same magic cookie for distributed Erlang to work.
# Uncomment the following line and append a securely generated random value.
# -setcookie
# Which interfaces should the node listen on?
-kernel inet_dist_use_interface {127,0,0,1}
# Tell kernel and SASL not to log anything
-kernel error_logger silent
-sasl sasl_error_logger false
# This will toggle to true in Erlang 25+. However since we don't use global
# any longer, and have our own auto-connection module, we can keep the
# existing global behavior to avoid surprises. See
# for more
# information about possible increased coordination and messages being sent on
# disconnections when this setting is enabled.
-kernel prevent_overlapping_partitions false
# Increase the pool of dirty IO schedulers from 10 to 16
# Dirty IO schedulers are used for file IO.
+SDio 16
# Comment this line out to enable the interactive Erlang shell on startup
+Bd -noinput
# Set maximum SSL session lifetime to reap terminated replication readers
-ssl session_lifetime 300
## TLS Distribution
## Use TLS for connections between Erlang cluster members.
## Generate Cert(PEM) File
## This is just an example command to generate a certfile (PEM).
## This is not an endorsement of specific expiration limits, key sizes, or algorithms.
## $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
## $ cat key.pem cert.pem > dev/erlserver.pem && rm key.pem cert.pem
## Generate a Config File (couch_ssl_dist.conf)
## [{server,
## [{certfile, "</path/to/erlserver.pem>"},
## {secure_renegotiate, true}]},
## {client,
## [{secure_renegotiate, true}]}].
## CouchDB recommends the following values for no_tls flag:
## 1. Use TCP only, set to true, such as:
## -couch_dist no_tls true
## 2. Use TLS only, set to false, such as:
## -couch_dist no_tls false
## 3. Specify which node to use TCP, such as:
## -couch_dist no_tls \"*@\"
## To ensure search works, make sure to set 'no_tls' option for the clouseau node.
## By default that would be "clouseau@".
## Don't forget to override the paths to point to your certificate(s) and key(s)!
#-proto_dist couch
#-couch_dist no_tls '"clouseau@"'
#-ssl_dist_optfile <path/to/couch_ssl_dist.conf>
# Enable FIPS mode
# Ensure that:
# - Erlang is built with --enable-fips configuration option
# - Crypto library (e.g. OpenSSL) supports this mode
# When the mode is successfully enabled "Welcome" message should show `fips`
# in the features list.
#-crypto fips_mode true