detroitenglish commented on a change in pull request #318: Add Caddy Server reverse-proxy config examples incl. cluster load balancing URL: https://github.com/apache/couchdb-documentation/pull/318#discussion_r209928100
########## File path: src/best-practices/caddy.rst ########## @@ -0,0 +1,167 @@ +.. Licensed under the Apache License, Version 2.0 (the "License"); you may not +.. use this file except in compliance with the License. You may obtain a copy of +.. the License at +.. +.. http://www.apache.org/licenses/LICENSE-2.0 +.. +.. Unless required by applicable law or agreed to in writing, software +.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +.. License for the specific language governing permissions and limitations under +.. the License. + +.. _best-practices/Caddy: + +======================== +Caddy as a Reverse Proxy +======================== + +CouchDB recommends the use of `HAProxy`_ as a load balancer and reverse proxy. +The team's experience with using it in production has shown it to be superior +for configuration and monitoring capabilities, as well as overall performance. + +CouchDB's sample haproxy configuration is present in the `code repository`_ and +release tarball as ``rel/haproxy.cfg``. + +However, ``Caddy`` is a suitable alternative. Below are instructions on +configuring Caddy appropriately. + +.. _HAProxy: http://haproxy.org/ +.. _code repository: https://github.com/apache/couchdb/blob/master/rel/haproxy.cfg + +Basic configuration +=================== + +Here's a basic excerpt from a Caddyfile in +``/<path>/<to>/<site>/Caddyfile``. This will proxy all +requests from ``http(s)://domain.com/...`` to ``http://localhost:5984/...`` + +.. code-block:: text + + domain.com { + + import /path/to/other/config.caddy # logging, error handling etc. + + proxy / localhost:5984 { + transparent + } + + } + +Note that, because Caddy is https-by-default, you must explicitly include the +``http://`` protocol in the site address if you do NOT want Caddy +to automatically acquire and install an SSL certificate and begin accepting +``https`` connections on port 443. + Review comment: `transparent` is a preset which includes all the necessary headers for CouchDB. Clarified with a note under Basic Config: https://github.com/apache/couchdb-documentation/pull/318/commits/dfaa2c6b286e036f8a8677447138a4c0dfb1ee6c In short, it's: ``` header_upstream Host {host} header_upstream X-Real-IP {remote} header_upstream X-Forwarded-For {remote} header_upstream X-Forwarded-Proto {scheme} ``` I've used Caddy for 3+ node clusters for a couple years now, and it's handled all the replications I've thrown at it without issue ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
