Hi,
as always (esp. with security): it depends and you should have a thorough
plan about how 2 secure. There is really no serious general and binary
answer to the question. From a functional point of view, the nodes in a
cluster need to talk to each other over Erlang RPC and calling applications
need to be able to reach the HTTP endpoint.
Best
Sebastian
On Mon, Sep 5, 2016 at 11:41 PM, Joey Samonte <csharpdevelo...@hotmail.com>
wrote:
> Thanks. Does this mean I need to add ports 4369 and 5984 to the firewall
> exceptions?
>
> > Subject: Re: Adding a node to cluster
> > From: sebastianrothbuc...@googlemail.com
> > Date: Mon, 5 Sep 2016 23:08:04 +0200
> > To: dev@couchdb.apache.org
> >
> > Hi,
> >
> > clustering and replication are indeed two (very) separate things - and
> you won't get a Cluster by setting up replication. Again: treat the two as
> separate. Clustering turns several shards (on several nodes) into one
> database (from an user/caller perspective) while replication happens
> _between_ databases.
> > Consequently, technical underpinnings differ as well, as Bob explained
> below.
> >
> > Hope that gets things in perspective a little...
> >
> > Best
> > Sebastian
> >
> > Von meinem iPhone gesendet
> >
> > > Am 05.09.2016 um 22:47 schrieb Joey Samonte <
> csharpdevelo...@hotmail.com>:
> > >
> > > Does this mean that setting up replication is separate from setting up
> clustering?
> > >
> > > Does replication needs to be bi-directional between nodes?
> > >
> > >> From: rnew...@apache.org
> > >> Subject: Re: Adding a node to cluster
> > >> Date: Thu, 25 Aug 2016 11:10:45 +0100
> > >> To: dev@couchdb.apache.org
> > >>
> > >> Ok, seems I've confused you.
> > >>
> > >> Couchdb replication occurs over http or https, as you know. The nodes
> in a couchdb 2.0 cluster do not communicate with each other over http. They
> use Erlang rpc. Erlang rpc can be configured for TLS encryption. It's in
> the Erlang faq and is fairly simple to set up in newer Erlang releases.
> > >>
> > >> I feel I owe an example of 2.0 cluster that exclusively uses TLS for
> all communications.
> > >>
> > >> Sent from my iPhone
> > >>
> > >>> On 24 Aug 2016, at 20:47, Joey Samonte <csharpdevelo...@hotmail.com>
> wrote:
> > >>>
> > >>> What if we remove the reverse proxy and just set up the CouchDB
> nodes to allow only SSL connections, port 6984? https://wiki.apache.org/
> couchdb/How_to_enable_SSL
> > >>>
> > >>>> Subject: Re: Adding a node to cluster
> > >>>> From: rnew...@apache.org
> > >>>> Date: Wed, 24 Aug 2016 19:43:51 +0100
> > >>>> To: dev@couchdb.apache.org
> > >>>>
> > >>>> Assuming you mean a 2.0 cluster, no, all those nodes need to be
> able to communicate with erlang rpc (service discovery over port 4369 and
> then whatever port the node is running ong).
> > >>>>
> > >>>>> On 24 Aug 2016, at 12:36, Joey Samonte <
> csharpdevelo...@hotmail.com> wrote:
> > >>>>>
> > >>>>> Good day,
> > >>>>>
> > >>>>> Is it possible to add a node to a cluster from Fauxton if the
> remote host is behind a reverse proxy (nginx) configured as HTTPS?
> > >>>>>
> > >>>>> Regards,
> > >>>>> Joey
> > >
>
>
