You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Joey Samonte <cs...@hotmail.com> on 2016/08/24 20:08:27 UTC
Can clustering be setup between nodes that only accept SSL
connections?
Good day,
SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
Re: Can clustering be setup between nodes that only accept SSL connections?
Posted by Robert Samuel Newson <rn...@apache.org>.
nope, sorry, trying to get the last few release blockers for 2.0 done.
This might help you: https://www.erlang-solutions.com/blog/erlang-distribution-over-tls.html
B.
> On 5 Sep 2016, at 03:03, Joey Samonte <cs...@hotmail.com> wrote:
>
> Sorry for asking, but any updates on this? :)
>
>> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
>> From: rnewson@apache.org
>> Date: Mon, 29 Aug 2016 12:39:50 +0100
>> To: dev@couchdb.apache.org
>>
>> A fully encrypted demo is on my TODO list, hopefully will get to it this week.
>>
>> B.
>>
>>> On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
>>>
>>> We are currently using nginx sir as reverse proxy in front of CouchDB
>>>
>>>> From: rnewson@apache.org
>>>> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
>>>> Date: Thu, 25 Aug 2016 11:07:29 +0100
>>>> To: dev@couchdb.apache.org
>>>>
>>>> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance.
>>>>
>>>> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled.
>>>>
>>>> Sent from my iPhone
>>>>
>>>>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
>>>>>
>>>>> Good day,
>>>>>
>>>>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
>>>>>
>>>>
>>>
>>
>
RE: Can clustering be setup between nodes that only accept SSL
connections?
Posted by Joey Samonte <cs...@hotmail.com>.
Sorry for asking, but any updates on this? :)
> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> From: rnewson@apache.org
> Date: Mon, 29 Aug 2016 12:39:50 +0100
> To: dev@couchdb.apache.org
>
> A fully encrypted demo is on my TODO list, hopefully will get to it this week.
>
> B.
>
> > On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
> >
> > We are currently using nginx sir as reverse proxy in front of CouchDB
> >
> >> From: rnewson@apache.org
> >> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> >> Date: Thu, 25 Aug 2016 11:07:29 +0100
> >> To: dev@couchdb.apache.org
> >>
> >> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance.
> >>
> >> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled.
> >>
> >> Sent from my iPhone
> >>
> >>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
> >>>
> >>> Good day,
> >>>
> >>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
> >>>
> >>
> >
>
RE: Can clustering be setup between nodes that only accept SSL
connections?
Posted by Joey Samonte <cs...@hotmail.com>.
Thank you very much. :)
> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> From: rnewson@apache.org
> Date: Mon, 29 Aug 2016 12:39:50 +0100
> To: dev@couchdb.apache.org
>
> A fully encrypted demo is on my TODO list, hopefully will get to it this week.
>
> B.
>
> > On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
> >
> > We are currently using nginx sir as reverse proxy in front of CouchDB
> >
> >> From: rnewson@apache.org
> >> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> >> Date: Thu, 25 Aug 2016 11:07:29 +0100
> >> To: dev@couchdb.apache.org
> >>
> >> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance.
> >>
> >> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled.
> >>
> >> Sent from my iPhone
> >>
> >>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
> >>>
> >>> Good day,
> >>>
> >>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
> >>>
> >>
> >
>
Re: Can clustering be setup between nodes that only accept SSL connections?
Posted by Robert Samuel Newson <rn...@apache.org>.
A fully encrypted demo is on my TODO list, hopefully will get to it this week.
B.
> On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
>
> We are currently using nginx sir as reverse proxy in front of CouchDB
>
>> From: rnewson@apache.org
>> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
>> Date: Thu, 25 Aug 2016 11:07:29 +0100
>> To: dev@couchdb.apache.org
>>
>> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance.
>>
>> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled.
>>
>> Sent from my iPhone
>>
>>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
>>>
>>> Good day,
>>>
>>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
>>>
>>
>
RE: Can clustering be setup between nodes that only accept SSL
connections?
Posted by Joey Samonte <cs...@hotmail.com>.
We are currently using nginx sir as reverse proxy in front of CouchDB
> From: rnewson@apache.org
> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> Date: Thu, 25 Aug 2016 11:07:29 +0100
> To: dev@couchdb.apache.org
>
> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance.
>
> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled.
>
> Sent from my iPhone
>
> > On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
> >
> > Good day,
> >
> > SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
> >
>
Re: Can clustering be setup between nodes that only accept SSL connections?
Posted by Robert Newson <rn...@apache.org>.
Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance.
For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled.
Sent from my iPhone
> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
>
> Good day,
>
> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
>