[NEWS] The CouchDB weekly news for August 25 is out!
Hello there! The CouchDB weekly news is now live at: https://blog.couchdb.org/2016/08/25 /couchdb-weekly-news-august-25-2016/ Highlights include our recap on the CouchDB 2.0 blog series, a cool Electron/PouchDB use case, plus all you ever wanted to know about Repetitive Stress Injuries! Big thanks to Dave and Alexander for contributing content this week! You can help us spread the news by sharing on Twitter (https://twitter.com/CouchDB/status/768872322589753344) and other social networks. Also if you have news for next week, just REPLY to this thread! Cheers! Jenn Turner The Neighbourhoodie Software GmbH Adalbertstr. 7-8, 10999 Berlin [neighbourhood.ie](http://neighbourhood.ie/) Handelsregister HRB 157851 B Amtsgericht Charlottenburg Geschäftsführung: Jan Lehnardt
RE: Adding a node to cluster
Thank you very much. An example would really be helpful. I am a little bit confused how to do this in Fauxton if all nodes are SSL enabled (actually nginx as reverse proxy) > From: rnew...@apache.org > Subject: Re: Adding a node to cluster > Date: Thu, 25 Aug 2016 11:10:45 +0100 > To: dev@couchdb.apache.org > > Ok, seems I've confused you. > > Couchdb replication occurs over http or https, as you know. The nodes in a > couchdb 2.0 cluster do not communicate with each other over http. They use > Erlang rpc. Erlang rpc can be configured for TLS encryption. It's in the > Erlang faq and is fairly simple to set up in newer Erlang releases. > > I feel I owe an example of 2.0 cluster that exclusively uses TLS for all > communications. > > Sent from my iPhone > > > On 24 Aug 2016, at 20:47, Joey Samontewrote: > > > > What if we remove the reverse proxy and just set up the CouchDB nodes to > > allow only SSL connections, port 6984? > > https://wiki.apache.org/couchdb/How_to_enable_SSL > > > >> Subject: Re: Adding a node to cluster > >> From: rnew...@apache.org > >> Date: Wed, 24 Aug 2016 19:43:51 +0100 > >> To: dev@couchdb.apache.org > >> > >> Assuming you mean a 2.0 cluster, no, all those nodes need to be able to > >> communicate with erlang rpc (service discovery over port 4369 and then > >> whatever port the node is running ong). > >> > >>> On 24 Aug 2016, at 12:36, Joey Samonte > >>> wrote: > >>> > >>> Good day, > >>> > >>> Is it possible to add a node to a cluster from Fauxton if the remote host > >>> is behind a reverse proxy (nginx) configured as HTTPS? > >>> > >>> Regards, > >>> Joey > > >
RE: Can clustering be setup between nodes that only accept SSL connections?
We are currently using nginx sir as reverse proxy in front of CouchDB > From: rnew...@apache.org > Subject: Re: Can clustering be setup between nodes that only accept SSL > connections? > Date: Thu, 25 Aug 2016 11:07:29 +0100 > To: dev@couchdb.apache.org > > Yes, couchdb can be configured that way but my recommendation is to put > something like haproxy in front instead. The native ssl support in Erlang has > a buggy history in my experience, though I believe 18.x is working quite > nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in > front of them to fully enjoy the clustered fault tolerance. > > For < 2.0, you just need to configure the httpsd daemon and comment out the > httpsd one. For 2.0, I'll have to research a little as I'm not sure the > chttpd service is as rainy disabled. > > Sent from my iPhone > > > On 24 Aug 2016, at 21:08, Joey Samontewrote: > > > > Good day, > > > > SSL is a must for us to secure our data. Can the CouchDB nodes in the > > cluster only allow https, for example, on port 6984? > > >
Re: Adding a node to cluster
Ok, seems I've confused you. Couchdb replication occurs over http or https, as you know. The nodes in a couchdb 2.0 cluster do not communicate with each other over http. They use Erlang rpc. Erlang rpc can be configured for TLS encryption. It's in the Erlang faq and is fairly simple to set up in newer Erlang releases. I feel I owe an example of 2.0 cluster that exclusively uses TLS for all communications. Sent from my iPhone > On 24 Aug 2016, at 20:47, Joey Samontewrote: > > What if we remove the reverse proxy and just set up the CouchDB nodes to > allow only SSL connections, port 6984? > https://wiki.apache.org/couchdb/How_to_enable_SSL > >> Subject: Re: Adding a node to cluster >> From: rnew...@apache.org >> Date: Wed, 24 Aug 2016 19:43:51 +0100 >> To: dev@couchdb.apache.org >> >> Assuming you mean a 2.0 cluster, no, all those nodes need to be able to >> communicate with erlang rpc (service discovery over port 4369 and then >> whatever port the node is running ong). >> >>> On 24 Aug 2016, at 12:36, Joey Samonte wrote: >>> >>> Good day, >>> >>> Is it possible to add a node to a cluster from Fauxton if the remote host >>> is behind a reverse proxy (nginx) configured as HTTPS? >>> >>> Regards, >>> Joey >
Re: Can clustering be setup between nodes that only accept SSL connections?
Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance. For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled. Sent from my iPhone > On 24 Aug 2016, at 21:08, Joey Samontewrote: > > Good day, > > SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster > only allow https, for example, on port 6984? >