couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Williams <cliffywi...@aol.com>
Subject Re: https?
Date Fri, 29 Oct 2010 13:23:28 GMT
Doug,

I hope you are well.

Couchdb does not handle https by itself.

I think that a generally acceptable method would be to put couchdb 
behind a reverse proxy such as nginx and allow nginx to handle all of 
the ssl/tls traffic. (I don't like using VPNs for this sort of thing 
since it always feels like a bit of a kludge and not very Restful)

These are good start points (Its quite a bit less complicated than it 
first appears)

http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy
http://www.cyberciti.biz/faq/howto-linux-unix-setup-nginx-ssl-proxy/

best regards

Cliff

On 29/10/10 10:30, Doug wrote:
> Hmm... Lets try that again..
>
> ---------- Forwarded message ----------
> From: "Doug"<douglas.linder@gmail.com>
> Date: 29/10/2010 3:27 PM
> Subject: replication for local user apps...
> To:<user@couchdb.apache.org>
>
> Hi,
>
> I've got what seems like a simple couchdb question, but reading around I
> haven't found any really helpful information about it.
>
> Basically, how do you do securely use / replicate databases?
>
> Everything happens over http, and I can't find anything about https and
> couchdb working happily together.
>
> The options as far as I can tell seem to be:
>
> 1) Local only.
> - Create a local couchdb instance on local and server machines.
> - Setup SSH tunnels between the machines and push the content through them
> via replication.
>
> 2) Hide couchdb behind a firewall and talk to it via a https website.
>
> 3) There is no three.
>
> ??
>
> I mean, I thought the great thing about couchdb was I could write a webapp
> that runs entirely off couchdb, use it on the net, pull a copy of it onto my
> laptop's copy of couch when I jump on a plane, and keep running, and sync it
> all via replication when I get back into a wifi zone. ...but, I don't
> understand how you can do any of that securely and privately.
>
> Am I missing some really obvious configuration option to turn on https or
> something?
>
> ~
> Doug.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message