Hey, I think I should have started this tread as Couch on port 443 My goal: to have a linux server standard with ssl out of the box with no additional web server or app server. The simplicity would mean a lot to lower threshold for server admin on platforms like DigitalOcean. Fire up a DigitalOcean "snapshot", replicate some Couch buckets from the couch ecosystem, go!
I would like to pursue the below but am stuck due to close to zero linux brains Anyone who have the brains and time to put together a Couch-on-port-443-for-ubuntu recipe for dummies? johs On Sun, Nov 15, 2015 at 10:01 AM, Johs Ensby <j...@b2w.com <mailto:j...@b2w.com>> wrote: > Anyone with a better approach to this than this? > > $ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 5984 Technically, you need to modify your init script to let it start couchdb as root and then via chuid get it back running via couchdb user, but I didn't try this way. > I also tried an approach with Nginx forwarding everything to localhost:5984 > with the new rewrite function. > The problem here was that the IP adress of the request object got lost on its > way, so the new rewrite function would report > peer to be 127.0.0.1 If your setup proxying right, then you'll have the following directives in your conifg: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; And then you can get peer IP address or real requested protocol via these headers. General logic of headers processing is to look for X-* headers first and then fallback to standard solutions.
