Return-Path: 
 <user-return-14982-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 79763 invoked from network); 20 Feb 2011 12:59:01 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 20 Feb 2011 12:59:01 -0000
Received: (qmail 90395 invoked by uid 500); 20 Feb 2011 12:58:59 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 89973 invoked by uid 500); 20 Feb 2011 12:58:55 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 89928 invoked by uid 99); 20 Feb 2011 12:58:54 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 20 Feb 2011 12:58:54 +0000
X-ASF-Spam-Status: No, hits=3.6 required=5.0
	tests=FS_REPLICA,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [74.125.82.54] (HELO mail-ww0-f54.google.com) (74.125.82.54)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 20 Feb 2011 12:58:46 +0000
Received: by wwb31 with SMTP id 31so5325320wwb.23
        for <user@couchdb.apache.org>; Sun, 20 Feb 2011 04:58:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.39.196 with SMTP id d46mr243522web.114.1298206705409; Sun,
 20 Feb 2011 04:58:25 -0800 (PST)
Received: by 10.216.176.210 with HTTP; Sun, 20 Feb 2011 04:58:25 -0800 (PST)
In-Reply-To: <AANLkTi=-+sfF=e+bn+qZNPuZn7SGQUQnqTZ3zDuuKTvP@mail.gmail.com>
References: <AANLkTi=-+sfF=e+bn+qZNPuZn7SGQUQnqTZ3zDuuKTvP@mail.gmail.com>
Date: Sun, 20 Feb 2011 04:58:25 -0800
Message-ID: <AANLkTikh1XoyHa0rvGJPvkLcowJ9JV7qG4UwJLhzf7pa@mail.gmail.com>
Subject: Re: Replication Behind Firewalls
From: Isaac Force <isaac@autognosis.org>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

On Thu, Feb 17, 2011 at 5:33 PM, Ryan Ramage <ryan.ramage@gmail.com> wrote:
> In my application each user has a locally installed couch. I want them
> to be able to replicate with other machines they have (home, work,
> etc).
> Most people wont have public facing IP's or may be behind a firewall.
> I don't mind hosting a 'lookup service' but I want to be able to
> minimize the server traffic. I would prefer if the couch's could
> connect with each other direct.

If your users are technically savvy and willing to deal with port
forwarding, and the absence of replication when port forwarding isn't
an option is acceptable, a dynamic DNS provider would handle the case
where you want one public hostname for a client with an undefinable
public IP.

If the above conditions aren't true, I can't think of a reasonable way
to avoid requiring an intermediary of some sort. Inbound connections
can't be relied on with the prevalence of NAT and firewalls. If having
a public Couch for replication isn't an option, VPN with static IPs or
hostname registration with internal DNS would be the next easiest
solution. OpenVPN is relatively easy to set up and only uses an
outbound connection from the client side.

-Isaac