I'd recommend stunnel instead of nginx. We used to use it at Cloudant and it worked fine. Gets you away from any worries about nginx not correctly reverse proxying chunked/multipart/etags/etc correctly.
-Joan ----- Original Message ----- From: "Vladimir Kuznetsov" <[email protected]> To: [email protected] Sent: Monday, 26 June, 2017 8:29:00 PM Subject: Running CouchDB 2.0 cluster in EC2 Hi guys I'm planning to run CouchDB 2.0 cluster in EC2, probably 4 or 8 instances. I want clients to use SSL certificate to authenticate so I want to run Nginx on every CouchDB instance which will do SSL termination and forward connection to the backend CouchDB instance running plain HTTP. The reasons I want to terminate SSL on Nginx: 1) I'm planning to refresh server certs periodically and I don't really want CouchDB nodes to restart, I'd rather restarted Nginx frontend. 2) I want to check CRL to reject client certificates that were revoked 3) Performance is another reason as I expect Nginx to be better in SSL decryption than CouchDB itself. I'm planning to deploy CouchDb cluster instances behind AWS ELB(elastic load balancer), probably in TCP mode which would load balance client connections between instances. Does my deployment make sense? Anything specific to take into consideration In the above deployment model? is there anything I have to be aware of? thanks, --Vovan
