Martin, Are you interested how to make docker work with let’s encrypt or how to make let’s encrypt and couchdb work together?
If it’s the later, I have been using let’s encrypt with couchdb for a few months now. I run the let’s encrypt certbot client as a cronjob to auto renew the certs. Certbot doesn’t have a plugin for couchdb and runs as root with root only access restrictions on the certs. Unless you want to change the default permissions for couch to be able to read the certs in the let’s encrypt dir, you need a script to copy the renewed certs to the couch cert dir. I’m using the deploy-hook for certbot and it works nicely. see: https://certbot.eff.org/docs/using.html#renewing-certificates <https://certbot.eff.org/docs/using.html#renewing-certificates> BTW: Even though I have couch configured with certs and it works, I use nginx as proxy and for ssl termination. It forwards to couch over the standard non tls port (just like Geoff’s load balancer setup below). I don’t want to allow unfiltered access to couch. Couch can only locally be accessed directly. You can use nginx as a load balancer as well. (I currently have a firewall in front of nginx and plan to place a load balancer in front of nginx as well). I use Nginx to serve the static files and to manage non-couch requests. Renato. PS: My servers are on ubuntu and dev on OS X. > On Nov 17, 2017, at 12:43 PM, Geoffrey Cox <[email protected]> wrote: > > Hi Martin, > > I personally use a $42/year wildcard certificate from AlphaSSL. > https://blog.alejandrocelaya.com/2016/08/16/setup-a-lets-encrypt-certificate-in-a-aws-elastic-load-balancer/ > appears > to discuss a way of using letsencrypt with an AWS load balancer. > > Geoff > > On Thu, Nov 16, 2017 at 11:03 PM Martin Broerse <[email protected]> > wrote: > >> Geoff, >> >> Thanks for this and the article. Do you use Lets Encrypt with this docker >> setup somewhere. I would like to read about that. >> >> - Martin >> >> On Thu, Nov 16, 2017 at 9:25 PM, Geoffrey Cox <[email protected]> wrote: >> >>> Hi! >>> >>> I just created a command line wrapper called couch-hash-pwd >>> <https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated that >>> allows you to hash a CouchDB password from the command line. >>> >>> e.g. `$ couch-hash-pwd -p mysecret` outputs something like >>> *-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a, >>> 163fcff74d7cf643c2ae0d97f0b458bf,10* >>> >>> I've also added details to >>> Running a CouchDB 2.0 Cluster in Production on AWS with Docker >>> <https://hackernoon.com/running-a-couchdb-2-0-cluster- >>> in-production-on-aws-with-docker-50f745d4bdbc> >>> >>> Special thanks to aphixsoftware and zemirco for creating the building >>> blocks! >>> >>> Geoff >>> >>
