You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by Joey Samonte <cs...@hotmail.com> on 2016/08/24 20:08:27 UTC

Can clustering be setup between nodes that only accept SSL connections?

Good day,
 
SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?

Re: Can clustering be setup between nodes that only accept SSL connections?

Posted by Robert Samuel Newson <rn...@apache.org>.

nope, sorry, trying to get the last few release blockers for 2.0 done.

This might help you: https://www.erlang-solutions.com/blog/erlang-distribution-over-tls.html

B.

> On 5 Sep 2016, at 03:03, Joey Samonte <cs...@hotmail.com> wrote:
> 
> Sorry for asking, but any updates on this? :)
> 
>> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
>> From: rnewson@apache.org
>> Date: Mon, 29 Aug 2016 12:39:50 +0100
>> To: dev@couchdb.apache.org
>> 
>> A fully encrypted demo is on my TODO list, hopefully will get to it this week.
>> 
>> B.
>> 
>>> On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
>>> 
>>> We are currently using nginx sir as reverse proxy in front of CouchDB
>>> 
>>>> From: rnewson@apache.org
>>>> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
>>>> Date: Thu, 25 Aug 2016 11:07:29 +0100
>>>> To: dev@couchdb.apache.org
>>>> 
>>>> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance. 
>>>> 
>>>> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled. 
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
>>>>> 
>>>>> Good day,
>>>>> 
>>>>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
>>>>> 
>>>> 
>>> 		 	   		  
>> 
>

RE: Can clustering be setup between nodes that only accept SSL connections?

Posted by Joey Samonte <cs...@hotmail.com>.

Sorry for asking, but any updates on this? :)
 
> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> From: rnewson@apache.org
> Date: Mon, 29 Aug 2016 12:39:50 +0100
> To: dev@couchdb.apache.org
> 
> A fully encrypted demo is on my TODO list, hopefully will get to it this week.
> 
> B.
> 
> > On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
> > 
> > We are currently using nginx sir as reverse proxy in front of CouchDB
> > 
> >> From: rnewson@apache.org
> >> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> >> Date: Thu, 25 Aug 2016 11:07:29 +0100
> >> To: dev@couchdb.apache.org
> >> 
> >> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance. 
> >> 
> >> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled. 
> >> 
> >> Sent from my iPhone
> >> 
> >>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
> >>> 
> >>> Good day,
> >>> 
> >>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
> >>> 
> >> 
> > 		 	   		  
>

RE: Can clustering be setup between nodes that only accept SSL connections?

Posted by Joey Samonte <cs...@hotmail.com>.

Thank you very much. :)
 
> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> From: rnewson@apache.org
> Date: Mon, 29 Aug 2016 12:39:50 +0100
> To: dev@couchdb.apache.org
> 
> A fully encrypted demo is on my TODO list, hopefully will get to it this week.
> 
> B.
> 
> > On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
> > 
> > We are currently using nginx sir as reverse proxy in front of CouchDB
> > 
> >> From: rnewson@apache.org
> >> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> >> Date: Thu, 25 Aug 2016 11:07:29 +0100
> >> To: dev@couchdb.apache.org
> >> 
> >> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance. 
> >> 
> >> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled. 
> >> 
> >> Sent from my iPhone
> >> 
> >>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
> >>> 
> >>> Good day,
> >>> 
> >>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
> >>> 
> >> 
> > 		 	   		  
>

Re: Can clustering be setup between nodes that only accept SSL connections?

Posted by Robert Samuel Newson <rn...@apache.org>.

A fully encrypted demo is on my TODO list, hopefully will get to it this week.

B.

> On 25 Aug 2016, at 11:15, Joey Samonte <cs...@hotmail.com> wrote:
> 
> We are currently using nginx sir as reverse proxy in front of CouchDB
> 
>> From: rnewson@apache.org
>> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
>> Date: Thu, 25 Aug 2016 11:07:29 +0100
>> To: dev@couchdb.apache.org
>> 
>> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance. 
>> 
>> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled. 
>> 
>> Sent from my iPhone
>> 
>>> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
>>> 
>>> Good day,
>>> 
>>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
>>> 
>> 
>

RE: Can clustering be setup between nodes that only accept SSL connections?

Posted by Joey Samonte <cs...@hotmail.com>.

We are currently using nginx sir as reverse proxy in front of CouchDB
 
> From: rnewson@apache.org
> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
> Date: Thu, 25 Aug 2016 11:07:29 +0100
> To: dev@couchdb.apache.org
> 
> Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance. 
> 
> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled. 
> 
> Sent from my iPhone
> 
> > On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
> > 
> > Good day,
> > 
> > SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
> >                         
>

Re: Can clustering be setup between nodes that only accept SSL connections?

Posted by Robert Newson <rn...@apache.org>.

Yes, couchdb can be configured that way but my recommendation is to put something like haproxy in front instead. The native ssl support in Erlang has a buggy history in my experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance. 

For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy disabled. 

Sent from my iPhone

> On 24 Aug 2016, at 21:08, Joey Samonte <cs...@hotmail.com> wrote:
> 
> Good day,
> 
> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster only allow https, for example, on port 6984?
>