Hi Bill,
haproxy should be as simple as installing the binary on your *NIX
platform, then using something similar to our shipped configuration:
https://docs.couchdb.org/en/latest/best-practices/reverse-proxies.html?highlight=haproxy#reverse-proxying-with-haproxy
Also, I see this walkthrough is referenced elsewhere as working for
Let's Encrypt and CouchDB:
https://www.joshmorony.com/creating-a-couchdb-database-on-an-ubuntu-server-digital-ocean/
Hope they help,
Joan "3.0.1 and 3.1.0 out hopefully next week" Touzet
On 2020-05-01 15:16, Bill Stephenson wrote:
FWIW, I tried the instructions I provided earlier this week and didn’t
get them to work again. I don’t know if it’s a change made by Let’s Encrypt
or I forget exactly what I did.
I’ll go through the process setting up a Digital Ocean vps again as soon
as I get some time because getting those certs configured has always been a
bit of a pain and it’d be a good thing to nail that process down.
If anyone has a list of instruction on setting up haproxy they can share
I’d be glad to have them and give that a shot too.
Kindest Regards,
Bill Stephenson
Tech Support
www.cherrypc.com <http://www.ezinvoice.com/>
1-417-546-8390
On Apr 30, 2020, at 3:56 PM, Joan Touzet <[email protected]> wrote:
On 2020-04-30 16:22, Rene Veerman wrote:
i'm really only looking for a quick and easy way to getting https to
work
again..
Bill Stephenson gave you a step-by-step that seemed reasonable to me.
do the creators of couchdb read this mailinglist?
Yes.
Most of us terminate SSL ahead of CouchDB at a reverse proxy (such as
haproxy). Some of us have even contemplated dropping native SSL support in
CouchDB entirely, because configuring it is a bit of a pain, as you've
found. But it can be done, and it does work.
For SSL in pure CouchDB, when I must, I use something like EasyRSA:
https://github.com/OpenVPN/easy-rsa
to generate the certs, then munge them together and start it. It works
OK. But I do this about once every 2 years max.
-Joan "Erlang's SSL support isn't great" Touzet
On Sun, Apr 26, 2020 at 3:04 PM Joel Jucá <[email protected]>
wrote:
Rene,
Your problem seems to be infrastructure-related, rather than CouchDB
related. I would recommend you to read about Infrastructure as Code.
This
is a practice that allows a developer to declare its infrastructure
(in
your specific case, server configuration) and have some sort of
reproducibility from it. Then, you could also understand every single
change made to your server infrastructure - and even share it as a
Gist,
for instance, and have some sort of feedback/pull request directly on
it.
I would recommend you Ansible (
https://www.ansible.com/resources/get-started).
It's a great solution that allows you to declare your server
configuration
as YAML files and use it within Ansible CLI to reproduce the declared
configuration on a targeted server (eg: your Ubuntu-powered CouchDB
server).
I've struggled a lot with server configuration back in 2010-2012 when
I was
a full-stack PHP/Drupal developer, and after discovering Ansible I
could
never imagine myself handling performing a complex task (server
configuration) manually!
I hope it helps you in some way.
On Sat, Apr 25, 2020 at 6:28 PM Rene Veerman <[email protected]
wrote:
yes, i did..
On Sat, Apr 25, 2020 at 9:16 PM Bill Stephenson
<[email protected]
wrote:
Did you do a "sudo ufw allow 6984”?
Kindest Regards,
Bill Stephenson
Tech Support
www.cherrypc.com <http://www.ezinvoice.com/>
1-417-546-8390
On Apr 25, 2020, at 9:28 AM, Rene Veerman <[email protected]
wrote:
also (FYI) : i have already entered the right port forwarding
commands
into
my ADSL modem..
On Sat, Apr 25, 2020 at 4:21 PM Rene Veerman <
[email protected]>
wrote:
that gets me a 'connection refused' :
('albatross' === localhost === nicer.app)
root@albatross:/opt/couchdb/letsencrypt# service couchdb stop
root@albatross:/opt/couchdb/letsencrypt# telnet localhost 6984
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
root@albatross:/opt/couchdb/letsencrypt# telnet nicer.app 6984
Trying 127.0.0.1...
Trying 82.161.37.94...
telnet: Unable to connect to remote host: Connection refused
root@albatross:/opt/couchdb/letsencrypt#
On Sat, Apr 25, 2020 at 1:41 PM Florian Westreicher <
[email protected]>
wrote:
Did you try to telnet to the port while couchdb is down? If there
is
no
open port, telnet won't connect.
On April 25, 2020 03:50:56 Rene Veerman <[email protected]
wrote:
unfortunately that didn't fix things either. i'm still stuck at
the
eaddrinuse error..
[info] 2020-04-25T01:49:15.730815Z [email protected] <0.232.0>
--------
Apache CouchDB has started on https://0.0.0.0:6984/
[info] 2020-04-25T01:49:15.731032Z [email protected] <0.11.0>
--------
Application couch started on node '[email protected]'
[info] 2020-04-25T01:49:15.731178Z [email protected] <0.11.0>
--------
Application ets_lru started on node '[email protected]'
[notice] 2020-04-25T01:49:15.737605Z [email protected]
<0.284.0>
--------
rexi_server : started servers
[notice] 2020-04-25T01:49:15.738914Z [email protected]
<0.288.0>
--------
rexi_buffer : started servers
[info] 2020-04-25T01:49:15.739062Z [email protected] <0.11.0>
--------
Application rexi started on node '[email protected]'
[notice] 2020-04-25T01:49:15.786354Z [email protected]
<0.318.0>
--------
mem3_reshard_dbdoc start init()
[notice] 2020-04-25T01:49:15.790014Z [email protected]
<0.320.0>
--------
mem3_reshard start init()
[notice] 2020-04-25T01:49:15.790112Z [email protected]
<0.321.0>
--------
mem3_reshard db monitor <0.321.0> starting
[notice] 2020-04-25T01:49:15.792025Z [email protected]
<0.320.0>
--------
mem3_reshard starting reloading jobs
[notice] 2020-04-25T01:49:15.792087Z [email protected]
<0.320.0>
--------
mem3_reshard finished reloading jobs
[info] 2020-04-25T01:49:15.792900Z [email protected] <0.11.0>
--------
Application mem3 started on node '[email protected]'
[info] 2020-04-25T01:49:15.793024Z [email protected] <0.11.0>
--------
Application fabric started on node '[email protected]'
[error] 2020-04-25T01:49:15.796505Z [email protected] <0.330.0>
--------
CRASH REPORT Process (<0.330.0>) with 0 neighbors exited with
reason:
eaddrinuse at gen_server:init_it/6(line:349) <=
proc_lib:init_p_do_apply/3(line:247); initial_call:
{mochiweb_socket_server,init,['Argument__1']}, ancestors:
[chttpd_sup,<0.327.0>], message_queue_len: 0, messages: [],
links:
[<0.328.0>], dictionary: [], trap_exit: true, status: running,
heap_size:
376, stack_size: 27, reductions: 990
[error] 2020-04-25T01:49:15.796670Z [email protected] <0.328.0>
--------
Supervisor chttpd_sup had child chttpd started with
chttpd:start_link()
at
undefined exit with reason eaddrinuse in context start_error
[error] 2020-04-25T01:49:15.796942Z [email protected] <0.326.0>
--------
CRASH REPORT Process (<0.326.0>) with 0 neighbors exited with
reason:
{{shutdown,{failed_to_start_child,chttpd,eaddrinuse}},{chttpd_app,start,[normal,[]]}}
at application_master:init/4(line:134) <=
proc_lib:init_p_do_apply/3(line:247); initial_call:
{application_master,init,['Argument__1',...]}, ancestors:
[<0.325.0>],
message_queue_len: 1, messages: [{'EXIT',<0.327.0>,normal}],
links:
[<0.325.0>,<0.11.0>], dictionary: [], trap_exit: true, status:
running,
heap_size: 376, stack_size: 27, reductions: 172
[info] 2020-04-25T01:49:15.797060Z [email protected] <0.11.0>
--------
Application chttpd exited with reason:
{{shutdown,{failed_to_start_child,chttpd,eaddrinuse}},{chttpd_app,start,[normal,[]]}}
[info] 2020-04-25T01:49:17.882186Z [email protected] <0.11.0>
--------
Application couch_log started on node '[email protected]'
--
Joel Jucá
joelwallis.com
