小书匠 + CouchDB 搭建文件数据中心

小书匠 + CouchDB 搭建文件数据中心

官方文档:http://docs.couchdb.org/en/2.1.1/install/index.html

准备

  • 小书匠(付费版)。免费版用户好像不支持自定义数据中心。
    • 云服务器(1 核 1G 左右)。需要管理员权限来安装 CouchDB 数据库。
    • ssh 客户端。远程登录你的服务器。 Windows 用户可以使用 putty 或者 xshell 等工具, Linux 系统可以直接使用 ssh 命令 ssh 用户名@服务器地址

安装 Apache CouchDB 软件包官方源

CentOS: /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo

[bintray--apache-couchdb-rpm]
name=bintray--apache-couchdb-rpm
baseurl=http://apache.bintray.com/couchdb-rpm/el$releasever/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1

RedHat/RHEL: /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo

## el7

[bintray--apache-couchdb-rpm]
name=bintray--apache-couchdb-rpm
baseurl=http://apache.bintray.com/couchdb-rpm/el7/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1

## el6
[bintray--apache-couchdb-rpm]
name=bintray--apache-couchdb-rpm
baseurl=http://apache.bintray.com/couchdb-rpm/el6/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1

Debian/Ubuntu: 运行命令

echo "deb https://apache.bintray.com/couchdb-deb {distribution} main"\
    | sudo tee -a /etc/apt/sources.list

{distribution} 替换为您的操作系统版本的适当选择:

  • Debian 8: jessie
    • Debian 9: stretch
    • Ubuntu 14.04: trusty
    • Ubuntu 16.04: xenial
    • Ubuntu 18.04: bionic

安装 Apache CouchDB 软件包

RedHat/CentOS:

sudo yum -y install yum-plugin-fastestmirror && yum -y install epel-release && yum install couchdb -y

Debian/Ubuntu: 安装存储库秘钥

curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc\
    | sudo apt-key add -

更新存储库缓存并安装 couchdb 软件包

sudo apt-get update && sudo apt-get install couchdb

配置 Apache CouchDB 数据库

原始配置文件

原始配置文件路径 /opt/couchdb/etc/local.ini

; CouchDB Configuration Settings

; Custom settings should be made in this file. They will override settings
; in default.ini, but unlike changes made to default.ini, this file won't be
; overwritten on server upgrade.

[couchdb]
;max_document_size = 4294967296 ; bytes
;os_process_timeout = 5000

[couch_peruser]
; If enabled, couch_peruser ensures that a private per-user database
; exists for each document in _users. These databases are writable only
; by the corresponding user. Databases are in the following form:
; userdb-{hex encoded username}
;enable = true
; If set to true and a user is deleted, the respective database gets
; deleted as well.
;delete_dbs = true

[chttpd]
;port = 5984
;bind_address = 127.0.0.1
; Options for the MochiWeb HTTP server.
;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
; For more socket options, consult Erlang's module 'inet' man page.
;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]

[httpd]
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
; Uncomment next line to trigger basic-auth popup on unauthorized requests.
;WWW-Authenticate = Basic realm="administrator"

; Uncomment next line to set the configuration modification whitelist. Only
; whitelisted values may be changed via the /_config URLs. To allow the admin
; to change this value over HTTP, remember to include {httpd,config_whitelist}
; itself. Excluding it from the list would require editing this file to update
; the whitelist.
;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}]

[query_servers]
;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js

[httpd_global_handlers]
;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>}

[couch_httpd_auth]
; If you set this to true, you should also uncomment the WWW-Authenticate line
; above. If you don't configure a WWW-Authenticate header, CouchDB will send
; Basic realm="server" in order to prevent you getting logged out.
; require_valid_user = false

[os_daemons]
; For any commands listed here, CouchDB will attempt to ensure that
; the process remains alive. Daemons should monitor their environment
; to know when to exit. This can most easily be accomplished by exiting
; when stdin is closed.
;foo = /path/to/command -with args

[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
; httpsd = {chttpd, start_link, [https]}

[ssl]
;cert_file = /full/path/to/server_cert.pem
;key_file = /full/path/to/server_key.pem
;password = somepassword
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
;fail_if_no_peer_cert = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
;ssl_certificate_max_depth = 1
;
; Reject renegotiations that do not live up to RFC 5746.
;secure_renegotiate = true
; The cipher suites that should be supported.
; Can be specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}"
; or in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
;ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
; The SSL/TLS versions to support
;tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2']

; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
; the Virual Host will be redirected to the path. In the example below all requests
; to http://example.com/ are redirected to /database.
; If you run CouchDB on a specific port, include the port number in the vhost:
; example.com:5984 = /database
[vhosts]
;example.com = /database/

[update_notification]
;unique notifier name=/full/path/to/exe -with "cmd line arg"

; To create an admin account uncomment the '[admins]' section below and add a
; line in the format 'username = password'. When you next start CouchDB, it
; will change the password to a hash (so that your passwords don't linger
; around in plain-text files). You can add more admin accounts with more
; 'username = password' lines. Don't forget to restart CouchDB after
; changing this.
[admins]
;admin = mysecretpassword

修改配置文件后,要将修改文本行首的 ; 删除。例如 113 行修改之后变为:

admin = mysecretpassword

修改 21 行 [chttpd] 节点内容

port = 5984 CouchDB 数据库端口号,默认就行。想修改可以自己更改,后面连接数据库记得换成自己端口号。

bind_address = 127.0.0.1 信任访问 IP ,默认本地访问,需要修改成为不限制 IP (但开启开启有效用户登录验证,验证用户名以及密码)。修改为: bind_address = 0.0.0.0

修改后的 [chttpd] 节点内容为:

[chttpd]
;port = 5984
;bind_address = 127.0.0.1
bind_address = 0.0.0.0
require_valid_user = true
; Options for the MochiWeb HTTP server.
;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
; For more socket options, consult Erlang's module 'inet' man page.
;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]

修改 29[httpd] 节点内容

最后添加一行: enable_cors = true ,开启 跨域权限。

修改后的 [httpd] 节点内容为:

[httpd]
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
; Uncomment next line to trigger basic-auth popup on unauthorized requests.
;WWW-Authenticate = Basic realm="administrator"
enable_cors = true

修改 50[couch_httpd_auth] 节点内容

require_valid_user = true 修改为 require_valid_user = true 。开启开启有效用户登录验证,验证用户名以及密码。

修改后的 [couch_httpd_auth] 节点内容为:

[couch_httpd_auth]
; If you set this to true, you should also uncomment the WWW-Authenticate line
; above. If you don't configure a WWW-Authenticate header, CouchDB will send
; Basic realm="server" in order to prevent you getting logged out.
require_valid_user = true

修改 112[admins] 节点内容

;admin = mysecretpassword , 其中 admin用户名, mysecretpassword密码,可以根据自己需要替换用户名和密码。

修改后的 [admins] 节点内容为:

[admins]
Ryanjiena = 4Y]38Yn[32(83v6XjLbP>

文件的结尾添加下面的内容

[cors]
origins = *
credentials = true
headers = accept, authorization, content-type, origin, referer
methods = GET, PUT, POST, HEAD, DELETE

修改后的配置文件

; CouchDB Configuration Settings

; Custom settings should be made in this file. They will override settings
; in default.ini, but unlike changes made to default.ini, this file won't be
; overwritten on server upgrade.

[couchdb]
;max_document_size = 4294967296 ; bytes
;os_process_timeout = 5000

[couch_peruser]
; If enabled, couch_peruser ensures that a private per-user database
; exists for each document in _users. These databases are writable only
; by the corresponding user. Databases are in the following form:
; userdb-{hex encoded username}
;enable = true
; If set to true and a user is deleted, the respective database gets
; deleted as well.
;delete_dbs = true

[chttpd]
;port = 5984
;bind_address = 127.0.0.1
bind_address = 0.0.0.0
require_valid_user = true
; Options for the MochiWeb HTTP server.
;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
; For more socket options, consult Erlang's module 'inet' man page.
;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]

[httpd]
; NOTE that this only configures the "backend" node-local port, not the
; "frontend" clustered port. You probably don't want to change anything in
; this section.
; Uncomment next line to trigger basic-auth popup on unauthorized requests.
;WWW-Authenticate = Basic realm="administrator"
enable_cors = true

; Uncomment next line to set the configuration modification whitelist. Only
; whitelisted values may be changed via the /_config URLs. To allow the admin
; to change this value over HTTP, remember to include {httpd,config_whitelist}
; itself. Excluding it from the list would require editing this file to update
; the whitelist.
;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}]

[query_servers]
;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js

[httpd_global_handlers]
;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>}

[couch_httpd_auth]
; If you set this to true, you should also uncomment the WWW-Authenticate line
; above. If you don't configure a WWW-Authenticate header, CouchDB will send
; Basic realm="server" in order to prevent you getting logged out.
require_valid_user = true

[os_daemons]
; For any commands listed here, CouchDB will attempt to ensure that
; the process remains alive. Daemons should monitor their environment
; to know when to exit. This can most easily be accomplished by exiting
; when stdin is closed.
;foo = /path/to/command -with args

[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
; httpsd = {chttpd, start_link, [https]}

[ssl]
;cert_file = /full/path/to/server_cert.pem
;key_file = /full/path/to/server_key.pem
;password = somepassword
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
;fail_if_no_peer_cert = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
;ssl_certificate_max_depth = 1
;
; Reject renegotiations that do not live up to RFC 5746.
;secure_renegotiate = true
; The cipher suites that should be supported.
; Can be specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}"
; or in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
;ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
; The SSL/TLS versions to support
;tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2']

; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
; the Virual Host will be redirected to the path. In the example below all requests
; to http://example.com/ are redirected to /database.
; If you run CouchDB on a specific port, include the port number in the vhost:
; example.com:5984 = /database
[vhosts]
;example.com = /database/

[update_notification]
;unique notifier name=/full/path/to/exe -with "cmd line arg"

; To create an admin account uncomment the '[admins]' section below and add a
; line in the format 'username = password'. When you next start CouchDB, it
; will change the password to a hash (so that your passwords don't linger
; around in plain-text files). You can add more admin accounts with more
; 'username = password' lines. Don't forget to restart CouchDB after
; changing this.
[admins]
Ryanjiena = 4Y]38Yn[32(83v6XjLbP>

[cors]
origins = *
credentials = true
headers = accept, authorization, content-type, origin, referer
methods = GET, PUT, POST, HEAD, DELETE

云服务器开启端口

Linux 设置开放开放端口

开放的端口位于 /etc/sysconfig/iptables 中 。

## 查询所有开放端口信息
netstat -anp

## 查看 CouchDB 端口号状态
netstat -nat | grep 5984

## 开启 CouchDB 端口

itables -I INPUT -p tcp --dport 5984 -j ACCEPT

## 保存到 /etc/sysconfig 目录下的 iptables 文件中
service iptables save

## 重启 iptables 服务
service iptables restart

备注:关闭 CouchDB 端口命令为

## 关闭 CouchDB 端口
iptables -A OUTPUT -p tcp --dport 5984 -j DROP

如果您购买的是腾讯云 or 阿里云 or 华为云等等的云服务器,您还需要在云服务商的控制面板里进行相关设置,方法如下。

腾讯云 or 阿里云 or 华为云 等等

在各种云(腾讯云 or 阿里云 or 华为云等等) 控制面板 -> 云服务器 -> 安全组 中添加入站和出站规则。

腾讯云安全组传送门: https://console.cloud.tencent.com/cvm/securitygroup

启动 CouchDB 服务

##  启动 CouchDB 服务
service couchdb start

这时, 访问链接 http://服务器IP:5984/_utils/index.html 输入用户名和密码就能正常访问 CouchDB 数据库。

小书匠编辑器自定义数据中心配置

在小书匠编辑器中按下图进行配置。

小书匠+CouchDB 搭建个人数据中心

访问链接 http://服务器IP:5984/_utils/index.html 输入用户名和密码就能看到 数据已经同步到你自定义 CouchDB 数据库里了。

CouchDB数据

另外,可以到 小书匠主按钮>用户>用户管理界面>用户配置 里,把实时同步配置参数打开,这样在其他办公环境或者其他电脑里,只要用小书匠的账号登录,系统就会把自定义数据中心的配置信息同步过来,并同步你自己的数据文件到新的环境下,继续未完成文章的编辑。

小书匠用户同步


   Reprint policy


《小书匠 + CouchDB 搭建文件数据中心》 by Ryanjie is licensed under a Creative Commons Attribution 4.0 International License
 Previous
【安全预警】Linux sudo 本地提权漏洞安全预警(CVE-2019-14287) 【安全预警】Linux sudo 本地提权漏洞安全预警(CVE-2019-14287)
腾讯云安全中心监测到 Linux Sudo 被曝存在本地提权漏洞(漏洞编号:CVE-2019-14287),攻击者可本地利用获取以 Root 权限执行命令。 为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
2019-10-15
Next 
专为 markdown 写作设计 小书匠(Story-writer) 专为 markdown 写作设计 小书匠(Story-writer)
小书匠是专为 markdown 写作设计,让用户心无旁骛的进行创作的文档编辑器。支持 codemirror 编辑器,ace 编辑器,轻量编辑器,CJK 竖排编辑器。
2019-10-11
  TOC