Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't use with jrcs/letsencrypt-nginx-proxy-companion #107

Closed
bigfarofa opened this issue Sep 17, 2018 · 4 comments
Closed

Can't use with jrcs/letsencrypt-nginx-proxy-companion #107

bigfarofa opened this issue Sep 17, 2018 · 4 comments

Comments

@bigfarofa
Copy link

bigfarofa commented Sep 17, 2018
edited

I've been trying to use couchdb and nginx-letsencrypt as docker containers. It works with my node js server, but it won't work with couchdb. It always give 502 bad gateway. The node.js server is in a different sub-domain.

To start nginx I use this:

docker run -d -p 80:80 -p 443:443 \
    --name nginx-proxy \
    -v /path/to/certs:/etc/nginx/certs:ro \
    -v /etc/nginx/vhost.d \
    -v /usr/share/nginx/html \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
    jwilder/nginx-proxy

To start letsencrypt-nginx-proxy-companion I use:

docker run -d \
--name nginx-proxy-letsencrypt \
    -v /path/to/certs:/etc/nginx/certs:rw \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    --volumes-from nginx-proxy \
    jrcs/letsencrypt-nginx-proxy-companion

To start couchdb I use:

docker run -e COUCHDB_USER=user\
-e COUCHDB_PASSWORD=password \
-e "VIRTUAL_HOST=app.domain.com" \
-e "LETSENCRYPT_HOST=app.domain.com" \
-e "LETSENCRYPT_EMAIL=example@domain.com" \
--volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d \
--name api-couchdb --restart always -d couchdb

The generated config file inside nginx-proxy container /etc/nginx/conf.d/default has this:
NOTE: I tried to remove the "down" in the upstream section but didn't work. Also tried to remove http2 but didn't work.

# app.domain.com
upstream app.domain.com {
				## Can be connected with "bridge" network
		# api-couchdb
			server 172.17.0.2 down;
}
server {
	server_name app.domain.com;
	listen 80 ;
	access_log /var/log/nginx/access.log vhost;
	return 301 https://$host$request_uri;
}
server {
	server_name app.domain.com;
	listen 443 ssl http2 ;
	access_log /var/log/nginx/access.log vhost;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_certificate /etc/nginx/certs/app.domain.com.crt;
	ssl_certificate_key /etc/nginx/certs/app.domain.com.key;
	ssl_dhparam /etc/nginx/certs/app.domain.com.dhparam.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/nginx/certs/app.domain.com.chain.pem;
	add_header Strict-Transport-Security "max-age=31536000" always;
	include /etc/nginx/vhost.d/default;
	location / {
		proxy_pass http://app.domain.com;
	}
}
@bigfarofa
Copy link
Author

bigfarofa commented Sep 17, 2018
edited

Ok I've got with a solution. When initializing couch, we need to specify the VIRTUAL_PORT.

docker run -e COUCHDB_USER=user \
-e COUCHDB_PASSWORD=password \
-e "VIRTUAL_HOST=app.domain.com" \
-e VIRTUAL_PORT=5984 \
-e "LETSENCRYPT_HOST=app.domain.com" \
-e "LETSENCRYPT_EMAIL=example@domain.com" \
--volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d \
--name api-couchdb --restart always -d couchdb

@wohali
Copy link
Member

wohali commented Sep 17, 2018

You may also want to use the official nginx configuration file to ensure replication etc. work:

http://docs.couchdb.org/en/stable/best-practices/nginx.html?highlight=nginx

@bigfarofa
Copy link
Author

BTW, can you help me enabling authenthication via couchdb via URL. Doing username:password@app.domain.com does not work

@wohali
Copy link
Member

wohali commented Sep 17, 2018

should be fine once you set up users in the _users database or the ini file for admins for access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wohali @bigfarofa