Thanks Renato, I think we will use nginx and we are are exploring what our best setup will be. We will probably go for a CentOS server with a docker CouchDB 2.1.1 nginx and haproxy. We are currently deploying all App's direct to CouchDB with https://github.com/martinic/ember-cli-deploy-couchdb . I know we can deploy with https://github.com/martinic/ember-cli-deploy-sftp to nginx but it seems like a step back. Our current setup just works out of the box by only setting a vhost.
Thanks for letting me know how you setup Lets Encrypt and CouchDB and it good to hear it is working fine. - Martin On Fri, Nov 17, 2017 at 10:48 PM, Renato <[email protected]> wrote: > Martin, > > Are you interested how to make docker work with let’s encrypt or how to > make let’s encrypt and couchdb work together? > > If it’s the later, I have been using let’s encrypt with couchdb for a few > months now. I run the let’s encrypt certbot client as a cronjob to auto > renew the certs. > > Certbot doesn’t have a plugin for couchdb and runs as root with root only > access restrictions on the certs. Unless you want to change the default > permissions for couch to be able to read the certs in the let’s encrypt > dir, you need a script to copy the renewed certs to the couch cert dir. > > I’m using the deploy-hook for certbot and it works nicely. see: > https://certbot.eff.org/docs/using.html#renewing-certificates < > https://certbot.eff.org/docs/using.html#renewing-certificates> > > BTW: Even though I have couch configured with certs and it works, I use > nginx as proxy and for ssl termination. It forwards to couch over the > standard non tls port (just like Geoff’s load balancer setup below). I > don’t want to allow unfiltered access to couch. Couch can only locally be > accessed directly. > You can use nginx as a load balancer as well. (I currently have a firewall > in front of nginx and plan to place a load balancer in front of nginx as > well). I use Nginx to serve the static files and to manage non-couch > requests. > > Renato. > > PS: My servers are on ubuntu and dev on OS X. > > > On Nov 17, 2017, at 12:43 PM, Geoffrey Cox <[email protected]> wrote: > > > > Hi Martin, > > > > I personally use a $42/year wildcard certificate from AlphaSSL. > > https://blog.alejandrocelaya.com/2016/08/16/setup-a-lets- > encrypt-certificate-in-a-aws-elastic-load-balancer/ > > appears > > to discuss a way of using letsencrypt with an AWS load balancer. > > > > Geoff > > > > On Thu, Nov 16, 2017 at 11:03 PM Martin Broerse < > [email protected]> > > wrote: > > > >> Geoff, > >> > >> Thanks for this and the article. Do you use Lets Encrypt with this > docker > >> setup somewhere. I would like to read about that. > >> > >> - Martin > >> > >> On Thu, Nov 16, 2017 at 9:25 PM, Geoffrey Cox <[email protected]> > wrote: > >> > >>> Hi! > >>> > >>> I just created a command line wrapper called couch-hash-pwd > >>> <https://github.com/redgeoff/couch-hash-pwd> for couch-pwd-updated > that > >>> allows you to hash a CouchDB password from the command line. > >>> > >>> e.g. `$ couch-hash-pwd -p mysecret` outputs something like > >>> *-pbkdf2-4a52aa4dc97b5d39498b33b1d563ff344ac08e1a, > >>> 163fcff74d7cf643c2ae0d97f0b458bf,10* > >>> > >>> I've also added details to > >>> Running a CouchDB 2.0 Cluster in Production on AWS with Docker > >>> <https://hackernoon.com/running-a-couchdb-2-0-cluster- > >>> in-production-on-aws-with-docker-50f745d4bdbc> > >>> > >>> Special thanks to aphixsoftware and zemirco for creating the building > >>> blocks! > >>> > >>> Geoff > >>> > >> > >
