couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joan Touzet <woh...@apache.org>
Subject Re: Running CouchDB 2.0 cluster in EC2
Date Tue, 27 Jun 2017 04:20:27 GMT
I'd recommend stunnel instead of nginx. We used to use it at Cloudant
and it worked fine. Gets you away from any worries about nginx not
correctly reverse proxying chunked/multipart/etags/etc correctly.

-Joan

----- Original Message -----
From: "Vladimir Kuznetsov" <vovanec@gmail.com>
To: user@couchdb.apache.org
Sent: Monday, 26 June, 2017 8:29:00 PM
Subject: Running CouchDB 2.0 cluster in EC2


Hi guys

I'm planning to run CouchDB 2.0 cluster in EC2, probably 4 or 8 instances. 

I want clients to use SSL certificate to authenticate so I want to run Nginx on every CouchDB
instance which will do SSL termination and forward connection to the backend CouchDB instance
running plain HTTP. The reasons I want to terminate SSL on Nginx:

1)  I'm planning to refresh server certs periodically and I don't really want CouchDB nodes
to restart, I'd rather restarted Nginx frontend.
2) I want to check CRL to reject client certificates that were revoked
3)  Performance is another reason as I expect Nginx to be better in SSL decryption than CouchDB
itself. 

I'm planning to deploy CouchDb cluster instances behind AWS ELB(elastic load balancer), probably
in TCP mode which would load balance client connections between instances.

Does my deployment make sense? Anything specific to take into consideration In the above deployment
model? is there anything I have to be aware of? 

thanks,
--Vovan

Mime
View raw message