couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Renato <ren...@sinitean.org>
Subject Re: couch-hash-pwd
Date Fri, 17 Nov 2017 21:48:06 GMT
Martin,

Are you interested how to make docker work with let’s encrypt or how to make let’s encrypt
and couchdb work together?

If it’s the later, I have been using let’s encrypt with couchdb for a few months now.
I run the let’s encrypt certbot client as a cronjob to auto renew the certs.

Certbot doesn’t have a plugin for couchdb and runs as root with root only access restrictions
on the certs. Unless you want to change the default permissions for couch to be able to read
the certs in the let’s encrypt dir,  you need a script to copy the renewed certs to the
couch cert dir. 
 
I’m using the deploy-hook for certbot and it works nicely. see:
https://certbot.eff.org/docs/using.html#renewing-certificates <https://certbot.eff.org/docs/using.html#renewing-certificates>

BTW: Even though I have couch configured with certs and it works, I use nginx as proxy and
for ssl termination. It forwards to couch over the standard non tls port (just like Geoff’s
load balancer setup below). I don’t want to allow unfiltered access to couch. Couch can
only locally be accessed directly.
You can use nginx as a load balancer as well. (I currently have a firewall in front of nginx
and plan to place a load balancer in front of nginx as well). I use Nginx to serve the static
files and to manage non-couch requests.
 
Renato.

PS: My servers are on ubuntu and dev on OS X.

> On Nov 17, 2017, at 12:43 PM, Geoffrey Cox <redgeoff@gmail.com> wrote:
> 
> Hi Martin,
> 
> I personally use a $42/year wildcard certificate from AlphaSSL.
> https://blog.alejandrocelaya.com/2016/08/16/setup-a-lets-encrypt-certificate-in-a-aws-elastic-load-balancer/
> appears
> to discuss a way of using letsencrypt with an AWS load balancer.
> 
> Geoff
> 
> On Thu, Nov 16, 2017 at 11:03 PM Martin Broerse <martin.broerse@gmail.com>
> wrote:
> 
>> Geoff,
>> 
>> Thanks for this and the article. Do you use Lets Encrypt with this docker
>> setup somewhere. I would like to read about that.
>> 
>> - Martin
>> 
>> On Thu, Nov 16, 2017 at 9:25 PM, Geoffrey Cox <redgeoff@gmail.com> wrote:
>> 
>>> Hi!
>>> 
>>> I just created a command line wrapper called couch-hash-pwd
>>> <https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated that
>>> allows you to hash a CouchDB password from the command line.
>>> 
>>> e.g. `$ couch-hash-pwd -p mysecret` outputs something like
>>> *-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a,
>>> 163fcff74d7cf643c2ae0d97f0b458bf,10*
>>> 
>>> I've also added details to
>>> Running a CouchDB 2.0 Cluster in Production on AWS with Docker
>>> <https://hackernoon.com/running-a-couchdb-2-0-cluster-
>>> in-production-on-aws-with-docker-50f745d4bdbc>
>>> 
>>> Special thanks to aphixsoftware and zemirco for creating the building
>>> blocks!
>>> 
>>> Geoff
>>> 
>> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message