You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Geoffrey Cox <re...@gmail.com> on 2017/11/16 20:25:59 UTC
couch-hash-pwd
Hi!
I just created a command line wrapper called couch-hash-pwd
<https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated that
allows you to hash a CouchDB password from the command line.
e.g. `$ couch-hash-pwd -p mysecret` outputs something like
*-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a,163fcff74d7cf643c2ae0d97f0b458bf,10*
I've also added details to
Running a CouchDB 2.0 Cluster in Production on AWS with Docker
<https://hackernoon.com/running-a-couchdb-2-0-cluster-in-production-on-aws-with-docker-50f745d4bdbc>
Special thanks to aphixsoftware and zemirco for creating the building
blocks!
Geoff
Re: couch-hash-pwd
Posted by Martin Broerse <in...@martinbroerse.com>.
Thanks Renato,
I think we will use nginx and we are are exploring what our best setup will
be. We will probably go for a CentOS server with a docker CouchDB 2.1.1
nginx and haproxy. We are currently deploying all App's direct to CouchDB
with https://github.com/martinic/ember-cli-deploy-couchdb . I know we can
deploy with https://github.com/martinic/ember-cli-deploy-sftp to nginx but
it seems like a step back. Our current setup just works out of the box by
only setting a vhost.
Thanks for letting me know how you setup Lets Encrypt and CouchDB and it
good to hear it is working fine.
- Martin
On Fri, Nov 17, 2017 at 10:48 PM, Renato <re...@sinitean.org> wrote:
> Martin,
>
> Are you interested how to make docker work with let’s encrypt or how to
> make let’s encrypt and couchdb work together?
>
> If it’s the later, I have been using let’s encrypt with couchdb for a few
> months now. I run the let’s encrypt certbot client as a cronjob to auto
> renew the certs.
>
> Certbot doesn’t have a plugin for couchdb and runs as root with root only
> access restrictions on the certs. Unless you want to change the default
> permissions for couch to be able to read the certs in the let’s encrypt
> dir, you need a script to copy the renewed certs to the couch cert dir.
>
> I’m using the deploy-hook for certbot and it works nicely. see:
> https://certbot.eff.org/docs/using.html#renewing-certificates <
> https://certbot.eff.org/docs/using.html#renewing-certificates>
>
> BTW: Even though I have couch configured with certs and it works, I use
> nginx as proxy and for ssl termination. It forwards to couch over the
> standard non tls port (just like Geoff’s load balancer setup below). I
> don’t want to allow unfiltered access to couch. Couch can only locally be
> accessed directly.
> You can use nginx as a load balancer as well. (I currently have a firewall
> in front of nginx and plan to place a load balancer in front of nginx as
> well). I use Nginx to serve the static files and to manage non-couch
> requests.
>
> Renato.
>
> PS: My servers are on ubuntu and dev on OS X.
>
> > On Nov 17, 2017, at 12:43 PM, Geoffrey Cox <re...@gmail.com> wrote:
> >
> > Hi Martin,
> >
> > I personally use a $42/year wildcard certificate from AlphaSSL.
> > https://blog.alejandrocelaya.com/2016/08/16/setup-a-lets-
> encrypt-certificate-in-a-aws-elastic-load-balancer/
> > appears
> > to discuss a way of using letsencrypt with an AWS load balancer.
> >
> > Geoff
> >
> > On Thu, Nov 16, 2017 at 11:03 PM Martin Broerse <
> martin.broerse@gmail.com>
> > wrote:
> >
> >> Geoff,
> >>
> >> Thanks for this and the article. Do you use Lets Encrypt with this
> docker
> >> setup somewhere. I would like to read about that.
> >>
> >> - Martin
> >>
> >> On Thu, Nov 16, 2017 at 9:25 PM, Geoffrey Cox <re...@gmail.com>
> wrote:
> >>
> >>> Hi!
> >>>
> >>> I just created a command line wrapper called couch-hash-pwd
> >>> <https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated
> that
> >>> allows you to hash a CouchDB password from the command line.
> >>>
> >>> e.g. `$ couch-hash-pwd -p mysecret` outputs something like
> >>> *-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a,
> >>> 163fcff74d7cf643c2ae0d97f0b458bf,10*
> >>>
> >>> I've also added details to
> >>> Running a CouchDB 2.0 Cluster in Production on AWS with Docker
> >>> <https://hackernoon.com/running-a-couchdb-2-0-cluster-
> >>> in-production-on-aws-with-docker-50f745d4bdbc>
> >>>
> >>> Special thanks to aphixsoftware and zemirco for creating the building
> >>> blocks!
> >>>
> >>> Geoff
> >>>
> >>
>
>
Re: couch-hash-pwd
Posted by Renato <re...@sinitean.org>.
Martin,
Are you interested how to make docker work with let’s encrypt or how to make let’s encrypt and couchdb work together?
If it’s the later, I have been using let’s encrypt with couchdb for a few months now. I run the let’s encrypt certbot client as a cronjob to auto renew the certs.
Certbot doesn’t have a plugin for couchdb and runs as root with root only access restrictions on the certs. Unless you want to change the default permissions for couch to be able to read the certs in the let’s encrypt dir, you need a script to copy the renewed certs to the couch cert dir.
I’m using the deploy-hook for certbot and it works nicely. see:
https://certbot.eff.org/docs/using.html#renewing-certificates <https://certbot.eff.org/docs/using.html#renewing-certificates>
BTW: Even though I have couch configured with certs and it works, I use nginx as proxy and for ssl termination. It forwards to couch over the standard non tls port (just like Geoff’s load balancer setup below). I don’t want to allow unfiltered access to couch. Couch can only locally be accessed directly.
You can use nginx as a load balancer as well. (I currently have a firewall in front of nginx and plan to place a load balancer in front of nginx as well). I use Nginx to serve the static files and to manage non-couch requests.
Renato.
PS: My servers are on ubuntu and dev on OS X.
> On Nov 17, 2017, at 12:43 PM, Geoffrey Cox <re...@gmail.com> wrote:
>
> Hi Martin,
>
> I personally use a $42/year wildcard certificate from AlphaSSL.
> https://blog.alejandrocelaya.com/2016/08/16/setup-a-lets-encrypt-certificate-in-a-aws-elastic-load-balancer/
> appears
> to discuss a way of using letsencrypt with an AWS load balancer.
>
> Geoff
>
> On Thu, Nov 16, 2017 at 11:03 PM Martin Broerse <ma...@gmail.com>
> wrote:
>
>> Geoff,
>>
>> Thanks for this and the article. Do you use Lets Encrypt with this docker
>> setup somewhere. I would like to read about that.
>>
>> - Martin
>>
>> On Thu, Nov 16, 2017 at 9:25 PM, Geoffrey Cox <re...@gmail.com> wrote:
>>
>>> Hi!
>>>
>>> I just created a command line wrapper called couch-hash-pwd
>>> <https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated that
>>> allows you to hash a CouchDB password from the command line.
>>>
>>> e.g. `$ couch-hash-pwd -p mysecret` outputs something like
>>> *-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a,
>>> 163fcff74d7cf643c2ae0d97f0b458bf,10*
>>>
>>> I've also added details to
>>> Running a CouchDB 2.0 Cluster in Production on AWS with Docker
>>> <https://hackernoon.com/running-a-couchdb-2-0-cluster-
>>> in-production-on-aws-with-docker-50f745d4bdbc>
>>>
>>> Special thanks to aphixsoftware and zemirco for creating the building
>>> blocks!
>>>
>>> Geoff
>>>
>>
Re: couch-hash-pwd
Posted by Geoffrey Cox <re...@gmail.com>.
Hi Martin,
I personally use a $42/year wildcard certificate from AlphaSSL.
https://blog.alejandrocelaya.com/2016/08/16/setup-a-lets-encrypt-certificate-in-a-aws-elastic-load-balancer/
appears
to discuss a way of using letsencrypt with an AWS load balancer.
Geoff
On Thu, Nov 16, 2017 at 11:03 PM Martin Broerse <ma...@gmail.com>
wrote:
> Geoff,
>
> Thanks for this and the article. Do you use Lets Encrypt with this docker
> setup somewhere. I would like to read about that.
>
> - Martin
>
> On Thu, Nov 16, 2017 at 9:25 PM, Geoffrey Cox <re...@gmail.com> wrote:
>
> > Hi!
> >
> > I just created a command line wrapper called couch-hash-pwd
> > <https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated that
> > allows you to hash a CouchDB password from the command line.
> >
> > e.g. `$ couch-hash-pwd -p mysecret` outputs something like
> > *-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a,
> > 163fcff74d7cf643c2ae0d97f0b458bf,10*
> >
> > I've also added details to
> > Running a CouchDB 2.0 Cluster in Production on AWS with Docker
> > <https://hackernoon.com/running-a-couchdb-2-0-cluster-
> > in-production-on-aws-with-docker-50f745d4bdbc>
> >
> > Special thanks to aphixsoftware and zemirco for creating the building
> > blocks!
> >
> > Geoff
> >
>
Re: couch-hash-pwd
Posted by Martin Broerse <ma...@gmail.com>.
Geoff,
Thanks for this and the article. Do you use Lets Encrypt with this docker
setup somewhere. I would like to read about that.
- Martin
On Thu, Nov 16, 2017 at 9:25 PM, Geoffrey Cox <re...@gmail.com> wrote:
> Hi!
>
> I just created a command line wrapper called couch-hash-pwd
> <https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated that
> allows you to hash a CouchDB password from the command line.
>
> e.g. `$ couch-hash-pwd -p mysecret` outputs something like
> *-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a,
> 163fcff74d7cf643c2ae0d97f0b458bf,10*
>
> I've also added details to
> Running a CouchDB 2.0 Cluster in Production on AWS with Docker
> <https://hackernoon.com/running-a-couchdb-2-0-cluster-
> in-production-on-aws-with-docker-50f745d4bdbc>
>
> Special thanks to aphixsoftware and zemirco for creating the building
> blocks!
>
> Geoff
>