couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Samuel Newson <rnew...@apache.org>
Subject Re: Can clustering be setup between nodes that only accept SSL connections?
Date Mon, 29 Aug 2016 11:39:50 GMT
A fully encrypted demo is on my TODO list, hopefully will get to it this week.

B.

> On 25 Aug 2016, at 11:15, Joey Samonte <csharpdeveloper@hotmail.com> wrote:
> 
> We are currently using nginx sir as reverse proxy in front of CouchDB
> 
>> From: rnewson@apache.org
>> Subject: Re: Can clustering be setup between nodes that only accept SSL connections?
>> Date: Thu, 25 Aug 2016 11:07:29 +0100
>> To: dev@couchdb.apache.org
>> 
>> Yes, couchdb can be configured that way but my recommendation is to put something
like haproxy in front instead. The native ssl support in Erlang has a buggy history in my
experience, though I believe 18.x is working quite nicely. Further, with couchdb 2.0, you'll
want a round-robin loss balancer in front of them to fully enjoy the clustered fault tolerance.

>> 
>> For < 2.0, you just need to configure the httpsd daemon and comment out the httpsd
one. For 2.0, I'll have to research a little as I'm not sure the chttpd service is as rainy
disabled. 
>> 
>> Sent from my iPhone
>> 
>>> On 24 Aug 2016, at 21:08, Joey Samonte <csharpdeveloper@hotmail.com> wrote:
>>> 
>>> Good day,
>>> 
>>> SSL is a must for us to secure our data. Can the CouchDB nodes in the cluster
only allow https, for example, on port 6984?
>>> 
>> 
> 		 	   		  


Mime
View raw message