I can't get proxy_authentication_handler to work for chttpd, that is port 5984
When starting from a plain couchdb 2.3.1 I configure as single node, and add
[chttpd]
authentication_headers = {chttpd_auth, cookie_authentication_handler}, {couch_httpd_auth, proxy_authentication_handler}, {chttpd_auth, default_authentication_handler}
as mentioned in https://github.com/apache/couchdb/issues/1052#issuecomment-351775748 . curl then returns
curl localhost:5984/_session
{"ok":true,"userCtx":{"name":null,"roles":[]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","default"]}}
so proxy authentication is not activated.
If I do the same in
[httpd]
authentication_headers = {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, proxy_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
it works
marco@marcos-mbp /opt> curl localhost:5986/_session
{"ok":true,"userCtx":{"name":null,"roles":[]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","proxy","default"]}}
https://docs.couchdb.org/en/stable/config/http.html says, that _chttpd section refers to the standard, clustered port_ hence the service should be used using port 5984 which I can't get to run.
as above
proxy_authentication should be available on both ports I guess
Docker instance https://hub.docker.com/_/couchdb:latest shows the problem, but I was only able to find it with a local installation of 2.3.1 - as the docker image won't even allow acces to port 5986
@col-panic Will take a look soon but wanted to make it clear: do NOT use port 5986 for anything other than what the documentation states you should do. That means - do not point your database clients at port 5986, ever.
I have recently made proxy authentication work with 2.3.1 for a client, so I know it's possible, but need to retrace my steps. I'll be in touch later this week.
@col-panic See: https://docs.couchdb.org/en/stable/api/server/authn.html#proxy-authentication
The correct configuration is:
[chttpd]
authentication_handlers = {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, default_authentication_handler}
I can confirm, that after restarting couchdb it does work now!? This seems to have been the problem with the docker instance too! Thanks a lot!
Glad I was able to help. Yes, you need to restart CouchDB for that setting to take effect.
A quick word - your comments from before you made the above comment made it to our mailing list for posterity. Don't be so hasty to tell someone who maintains the software and has worked with it for more than 10 years that she doesn't know what she's doing.
@wohali thank you and yes - I apologize for that!
I tried all different settings for some hours yesterday, and it is not obvious, that for this one setting, a restart of couchdb seems necessary, where for all others this isn't the case!