You can make this setup using Nginx too. I'm unsure about haproxy but Nginx is quite trivial to setup.
On Fri, May 1, 2020 at 4:26 PM Joan Touzet <[email protected]> wrote: > Hi Bill, > > haproxy should be as simple as installing the binary on your *NIX > platform, then using something similar to our shipped configuration: > > > https://docs.couchdb.org/en/latest/best-practices/reverse-proxies.html?highlight=haproxy#reverse-proxying-with-haproxy > > > Also, I see this walkthrough is referenced elsewhere as working for > Let's Encrypt and CouchDB: > > > https://www.joshmorony.com/creating-a-couchdb-database-on-an-ubuntu-server-digital-ocean/ > > Hope they help, > Joan "3.0.1 and 3.1.0 out hopefully next week" Touzet > > On 2020-05-01 15:16, Bill Stephenson wrote: > > FWIW, I tried the instructions I provided earlier this week and didn’t > get them to work again. I don’t know if it’s a change made by Let’s Encrypt > or I forget exactly what I did. > > > > I’ll go through the process setting up a Digital Ocean vps again as soon > as I get some time because getting those certs configured has always been a > bit of a pain and it’d be a good thing to nail that process down. > > > > If anyone has a list of instruction on setting up haproxy they can share > I’d be glad to have them and give that a shot too. > > > > > > Kindest Regards, > > > > Bill Stephenson > > Tech Support > > www.cherrypc.com <http://www.ezinvoice.com/> > > 1-417-546-8390 > > > > > > > > > >> On Apr 30, 2020, at 3:56 PM, Joan Touzet <[email protected]> wrote: > >> > >> On 2020-04-30 16:22, Rene Veerman wrote: > >>> i'm really only looking for a quick and easy way to getting https to > work > >>> again.. > >> > >> Bill Stephenson gave you a step-by-step that seemed reasonable to me. > >> > >>> do the creators of couchdb read this mailinglist? > >> > >> Yes. > >> > >> Most of us terminate SSL ahead of CouchDB at a reverse proxy (such as > haproxy). Some of us have even contemplated dropping native SSL support in > CouchDB entirely, because configuring it is a bit of a pain, as you've > found. But it can be done, and it does work. > >> > >> For SSL in pure CouchDB, when I must, I use something like EasyRSA: > >> > >> https://github.com/OpenVPN/easy-rsa > >> > >> to generate the certs, then munge them together and start it. It works > OK. But I do this about once every 2 years max. > >> > >> -Joan "Erlang's SSL support isn't great" Touzet > >> > >> > >>> On Sun, Apr 26, 2020 at 3:04 PM Joel Jucá <[email protected]> > wrote: > >>>> Rene, > >>>> > >>>> Your problem seems to be infrastructure-related, rather than CouchDB > >>>> related. I would recommend you to read about Infrastructure as Code. > This > >>>> is a practice that allows a developer to declare its infrastructure > (in > >>>> your specific case, server configuration) and have some sort of > >>>> reproducibility from it. Then, you could also understand every single > >>>> change made to your server infrastructure - and even share it as a > Gist, > >>>> for instance, and have some sort of feedback/pull request directly on > it. > >>>> > >>>> I would recommend you Ansible ( > >>>> https://www.ansible.com/resources/get-started). > >>>> It's a great solution that allows you to declare your server > configuration > >>>> as YAML files and use it within Ansible CLI to reproduce the declared > >>>> configuration on a targeted server (eg: your Ubuntu-powered CouchDB > >>>> server). > >>>> > >>>> I've struggled a lot with server configuration back in 2010-2012 when > I was > >>>> a full-stack PHP/Drupal developer, and after discovering Ansible I > could > >>>> never imagine myself handling performing a complex task (server > >>>> configuration) manually! > >>>> > >>>> I hope it helps you in some way. > >>>> > >>>> On Sat, Apr 25, 2020 at 6:28 PM Rene Veerman <[email protected] > > > >>>> wrote: > >>>> > >>>>> yes, i did.. > >>>>> > >>>>> On Sat, Apr 25, 2020 at 9:16 PM Bill Stephenson > >>>> <[email protected] > >>>>>> > >>>>> wrote: > >>>>> > >>>>>> Did you do a "sudo ufw allow 6984”? > >>>>>> > >>>>>> > >>>>>> Kindest Regards, > >>>>>> > >>>>>> Bill Stephenson > >>>>>> Tech Support > >>>>>> www.cherrypc.com <http://www.ezinvoice.com/> > >>>>>> 1-417-546-8390 > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>> On Apr 25, 2020, at 9:28 AM, Rene Veerman <[email protected] > > > >>>>>> wrote: > >>>>>>> > >>>>>>> also (FYI) : i have already entered the right port forwarding > >>>> commands > >>>>>> into > >>>>>>> my ADSL modem.. > >>>>>>> > >>>>>>> On Sat, Apr 25, 2020 at 4:21 PM Rene Veerman < > >>>> [email protected]> > >>>>>>> wrote: > >>>>>>> > >>>>>>>> that gets me a 'connection refused' : > >>>>>>>> > >>>>>>>> ('albatross' === localhost === nicer.app) > >>>>>>>> > >>>>>>>> root@albatross:/opt/couchdb/letsencrypt# service couchdb stop > >>>>>>>> root@albatross:/opt/couchdb/letsencrypt# telnet localhost 6984 > >>>>>>>> Trying 127.0.0.1... > >>>>>>>> telnet: Unable to connect to remote host: Connection refused > >>>>>>>> root@albatross:/opt/couchdb/letsencrypt# telnet nicer.app 6984 > >>>>>>>> Trying 127.0.0.1... > >>>>>>>> Trying 82.161.37.94... > >>>>>>>> telnet: Unable to connect to remote host: Connection refused > >>>>>>>> root@albatross:/opt/couchdb/letsencrypt# > >>>>>>>> > >>>>>>>> On Sat, Apr 25, 2020 at 1:41 PM Florian Westreicher < > >>>>>> [email protected]> > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>>> Did you try to telnet to the port while couchdb is down? If there > >>>> is > >>>>> no > >>>>>>>>> open port, telnet won't connect. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On April 25, 2020 03:50:56 Rene Veerman <[email protected] > > > >>>>>> wrote: > >>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> unfortunately that didn't fix things either. i'm still stuck at > >>>> the > >>>>>>>>>>> eaddrinuse error.. > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> [info] 2020-04-25T01:49:15.730815Z [email protected] <0.232.0> > >>>>>> -------- > >>>>>>>>>> Apache CouchDB has started on https://0.0.0.0:6984/ > >>>>>>>>>> [info] 2020-04-25T01:49:15.731032Z [email protected] <0.11.0> > >>>>>> -------- > >>>>>>>>>> Application couch started on node '[email protected]' > >>>>>>>>>> [info] 2020-04-25T01:49:15.731178Z [email protected] <0.11.0> > >>>>>> -------- > >>>>>>>>>> Application ets_lru started on node '[email protected]' > >>>>>>>>>> [notice] 2020-04-25T01:49:15.737605Z [email protected] > <0.284.0> > >>>>>>>>> -------- > >>>>>>>>>> rexi_server : started servers > >>>>>>>>>> [notice] 2020-04-25T01:49:15.738914Z [email protected] > <0.288.0> > >>>>>>>>> -------- > >>>>>>>>>> rexi_buffer : started servers > >>>>>>>>>> [info] 2020-04-25T01:49:15.739062Z [email protected] <0.11.0> > >>>>>> -------- > >>>>>>>>>> Application rexi started on node '[email protected]' > >>>>>>>>>> [notice] 2020-04-25T01:49:15.786354Z [email protected] > <0.318.0> > >>>>>>>>> -------- > >>>>>>>>>> mem3_reshard_dbdoc start init() > >>>>>>>>>> [notice] 2020-04-25T01:49:15.790014Z [email protected] > <0.320.0> > >>>>>>>>> -------- > >>>>>>>>>> mem3_reshard start init() > >>>>>>>>>> [notice] 2020-04-25T01:49:15.790112Z [email protected] > <0.321.0> > >>>>>>>>> -------- > >>>>>>>>>> mem3_reshard db monitor <0.321.0> starting > >>>>>>>>>> [notice] 2020-04-25T01:49:15.792025Z [email protected] > <0.320.0> > >>>>>>>>> -------- > >>>>>>>>>> mem3_reshard starting reloading jobs > >>>>>>>>>> [notice] 2020-04-25T01:49:15.792087Z [email protected] > <0.320.0> > >>>>>>>>> -------- > >>>>>>>>>> mem3_reshard finished reloading jobs > >>>>>>>>>> [info] 2020-04-25T01:49:15.792900Z [email protected] <0.11.0> > >>>>>> -------- > >>>>>>>>>> Application mem3 started on node '[email protected]' > >>>>>>>>>> [info] 2020-04-25T01:49:15.793024Z [email protected] <0.11.0> > >>>>>> -------- > >>>>>>>>>> Application fabric started on node '[email protected]' > >>>>>>>>>> [error] 2020-04-25T01:49:15.796505Z [email protected] <0.330.0> > >>>>>>>>> -------- > >>>>>>>>>> CRASH REPORT Process (<0.330.0>) with 0 neighbors exited with > >>>>> reason: > >>>>>>>>>> eaddrinuse at gen_server:init_it/6(line:349) <= > >>>>>>>>>> proc_lib:init_p_do_apply/3(line:247); initial_call: > >>>>>>>>>> {mochiweb_socket_server,init,['Argument__1']}, ancestors: > >>>>>>>>>> [chttpd_sup,<0.327.0>], message_queue_len: 0, messages: [], > links: > >>>>>>>>>> [<0.328.0>], dictionary: [], trap_exit: true, status: running, > >>>>>>>>> heap_size: > >>>>>>>>>> 376, stack_size: 27, reductions: 990 > >>>>>>>>>> [error] 2020-04-25T01:49:15.796670Z [email protected] <0.328.0> > >>>>>>>>> -------- > >>>>>>>>>> Supervisor chttpd_sup had child chttpd started with > >>>>>> chttpd:start_link() > >>>>>>>>> at > >>>>>>>>>> undefined exit with reason eaddrinuse in context start_error > >>>>>>>>>> [error] 2020-04-25T01:49:15.796942Z [email protected] <0.326.0> > >>>>>>>>> -------- > >>>>>>>>>> CRASH REPORT Process (<0.326.0>) with 0 neighbors exited with > >>>>> reason: > >>>>>>>>>> > >>>>>>>>> > >>>>>> > >>>>> > >>>> > {{shutdown,{failed_to_start_child,chttpd,eaddrinuse}},{chttpd_app,start,[normal,[]]}} > >>>>>>>>>> at application_master:init/4(line:134) <= > >>>>>>>>>> proc_lib:init_p_do_apply/3(line:247); initial_call: > >>>>>>>>>> {application_master,init,['Argument__1',...]}, ancestors: > >>>>> [<0.325.0>], > >>>>>>>>>> message_queue_len: 1, messages: [{'EXIT',<0.327.0>,normal}], > >>>> links: > >>>>>>>>>> [<0.325.0>,<0.11.0>], dictionary: [], trap_exit: true, status: > >>>>>> running, > >>>>>>>>>> heap_size: 376, stack_size: 27, reductions: 172 > >>>>>>>>>> [info] 2020-04-25T01:49:15.797060Z [email protected] <0.11.0> > >>>>>> -------- > >>>>>>>>>> Application chttpd exited with reason: > >>>>>>>>>> > >>>>>>>>> > >>>>>> > >>>>> > >>>> > {{shutdown,{failed_to_start_child,chttpd,eaddrinuse}},{chttpd_app,start,[normal,[]]}} > >>>>>>>>>> [info] 2020-04-25T01:49:17.882186Z [email protected] <0.11.0> > >>>>>> -------- > >>>>>>>>>> Application couch_log started on node '[email protected]' > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> > >>>>>> > >>>>> > >>>> > >>>> > >>>> -- > >>>> Joel Jucá > >>>> joelwallis.com > >>>> > > > > > -- Joel Jucá joelwallis.com
