[NEWS] The CouchDB weekly news for August 25 is out!

2016-08-25 Thread Jenn Turner 
Hello there!

  

The CouchDB weekly news is now live at: https://blog.couchdb.org/2016/08/25
/couchdb-weekly-news-august-25-2016/

  

Highlights include our recap on the CouchDB 2.0 blog series, a cool
Electron/PouchDB use case, plus all you ever wanted to know about Repetitive
Stress Injuries!

  

Big thanks to Dave and Alexander for contributing content this week!

  

You can help us spread the news by sharing on Twitter
(https://twitter.com/CouchDB/status/768872322589753344) and other social
networks.  

  

Also if you have news for next week, just REPLY to this thread!

  

Cheers!  
  

Jenn Turner

The Neighbourhoodie Software GmbH  
Adalbertstr. 7-8, 10999 Berlin  
[neighbourhood.ie](http://neighbourhood.ie/)  
  

Handelsregister HRB 157851 B Amtsgericht Charlottenburg  
Geschäftsführung: Jan Lehnardt

RE: Adding a node to cluster

2016-08-25 Thread Joey Samonte 
Thank you very much. An example would really be helpful. I am a little bit 
confused how to do this in Fauxton if all nodes are SSL enabled (actually nginx 
as reverse proxy)
 
> From: rnew...@apache.org
> Subject: Re: Adding a node to cluster
> Date: Thu, 25 Aug 2016 11:10:45 +0100
> To: dev@couchdb.apache.org
> 
> Ok, seems I've confused you. 
> 
> Couchdb replication occurs over http or https, as you know. The nodes in a 
> couchdb 2.0 cluster do not communicate with each other over http. They use 
> Erlang rpc. Erlang rpc can be configured for TLS encryption.  It's in the 
> Erlang faq and is fairly simple to set up in newer Erlang releases. 
> 
> I feel I owe an example of 2.0 cluster that exclusively uses TLS for all 
> communications. 
> 
> Sent from my iPhone
> 
> > On 24 Aug 2016, at 20:47, Joey Samonte  wrote:
> > 
> > What if we remove the reverse proxy and just set up the CouchDB nodes to 
> > allow only SSL connections, port 6984? 
> > https://wiki.apache.org/couchdb/How_to_enable_SSL
> > 
> >> Subject: Re: Adding a node to cluster
> >> From: rnew...@apache.org
> >> Date: Wed, 24 Aug 2016 19:43:51 +0100
> >> To: dev@couchdb.apache.org
> >> 
> >> Assuming you mean a 2.0 cluster, no, all those nodes need to be able to 
> >> communicate with erlang rpc (service discovery over port 4369 and then 
> >> whatever port the node is running ong).
> >> 
> >>> On 24 Aug 2016, at 12:36, Joey Samonte  
> >>> wrote:
> >>> 
> >>> Good day,
> >>> 
> >>> Is it possible to add a node to a cluster from Fauxton if the remote host 
> >>> is behind a reverse proxy (nginx) configured as HTTPS?
> >>> 
> >>> Regards,
> >>> Joey
> > 
>

RE: Can clustering be setup between nodes that only accept SSL connections?

2016-08-25 Thread Joey Samonte 
We are currently using nginx sir as reverse proxy in front of CouchDB
 
> From: rnew...@apache.org
> Subject: Re: Can clustering be setup between nodes that only accept SSL 
> connections?
> Date: Thu, 25 Aug 2016 11:07:29 +0100
> To: dev@couchdb.apache.org
> 
> Yes, couchdb can be configured that way but my recommendation is to put 
> something like haproxy in front instead. The native ssl support in Erlang has 
> a buggy history in my experience, though I believe 18.x is working quite 
> nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in 
> front of them to fully enjoy the clustered fault tolerance. 
> 
> For < 2.0, you just need to configure the httpsd daemon and comment out the 
> httpsd one. For 2.0, I'll have to research a little as I'm not sure the 
> chttpd service is as rainy disabled. 
> 
> Sent from my iPhone
> 
> > On 24 Aug 2016, at 21:08, Joey Samonte  wrote:
> > 
> > Good day,
> > 
> > SSL is a must for us to secure our data. Can the CouchDB nodes in the 
> > cluster only allow https, for example, on port 6984?
> > 
>

Re: Adding a node to cluster

2016-08-25 Thread Robert Newson 
Ok, seems I've confused you. 

Couchdb replication occurs over http or https, as you know. The nodes in a 
couchdb 2.0 cluster do not communicate with each other over http. They use 
Erlang rpc. Erlang rpc can be configured for TLS encryption.  It's in the 
Erlang faq and is fairly simple to set up in newer Erlang releases. 

I feel I owe an example of 2.0 cluster that exclusively uses TLS for all 
communications. 

Sent from my iPhone

> On 24 Aug 2016, at 20:47, Joey Samonte  wrote:
> 
> What if we remove the reverse proxy and just set up the CouchDB nodes to 
> allow only SSL connections, port 6984? 
> https://wiki.apache.org/couchdb/How_to_enable_SSL
> 
>> Subject: Re: Adding a node to cluster
>> From: rnew...@apache.org
>> Date: Wed, 24 Aug 2016 19:43:51 +0100
>> To: dev@couchdb.apache.org
>> 
>> Assuming you mean a 2.0 cluster, no, all those nodes need to be able to 
>> communicate with erlang rpc (service discovery over port 4369 and then 
>> whatever port the node is running ong).
>> 
>>> On 24 Aug 2016, at 12:36, Joey Samonte  wrote:
>>> 
>>> Good day,
>>> 
>>> Is it possible to add a node to a cluster from Fauxton if the remote host 
>>> is behind a reverse proxy (nginx) configured as HTTPS?
>>> 
>>> Regards,
>>> Joey
>

Re: Can clustering be setup between nodes that only accept SSL connections?

2016-08-25 Thread Robert Newson 
Yes, couchdb can be configured that way but my recommendation is to put 
something like haproxy in front instead. The native ssl support in Erlang has a 
buggy history in my experience, though I believe 18.x is working quite nicely. 
Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of 
them to fully enjoy the clustered fault tolerance. 

For < 2.0, you just need to configure the httpsd daemon and comment out the 
httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd 
service is as rainy disabled. 

Sent from my iPhone

> On 24 Aug 2016, at 21:08, Joey Samonte  wrote:
> 
> Good day,
> 
> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster 
> only allow https, for example, on port 6984?
>