GithubHelp home page GithubHelp logo

zerrtech / docker-couchdb-ssl Goto Github PK

View Code? Open in Web Editor NEW

This project forked from klaemo/docker-couchdb-ssl

0.0 2.0 0.0 24 KB

Dockerized CouchDB with stud SSL terminator

License: Apache License 2.0

Shell 2.70% Nginx 97.30%

docker-couchdb-ssl's Introduction

Dockerized CouchDB with nginx SSL terminator

Make your CouchDB a straight A SSL student!

NOTE: This image uses nginx to provide the SSL/TLS endpoint. CouchDB's SSL features are unused.

Version: CouchDB 1.6.1 and nginx 1.9.9.

Run

Available in the docker index as klaemo/couchdb-ssl based on klaemo/couchdb

Note: Out of the box bogus self-signed certificates are being used. You should replace them with your real files (see below).

$ [sudo] docker pull klaemo/couchdb-ssl:latest

# expose it to the world on port 6984
$ [sudo] docker run -d -p 6984:6984 --name couchdb klaemo/couchdb-ssl

$ curl -k https://localhost:6984

Features

  • exposes couchdb on port 6984 (https) of the container
  • runs everything as non-root user (security ftw!)
  • nginx is configured with a list of preferable cipher suites (more security win!!11)

Your CouchDB will get a straight A on the SSL Labs Server Test!

Build your own

You can use klaemo/couchdb-ssl as the base image for your own couchdb instance. You might want to provide your own version of the following files:

  • local.ini for CouchDB.
  • nginx.conf for nginx configuration.
  • server.crt for nginx configuration (certificate).
  • server.key for nginx configuration (private key).
  • dhparams.pem for nginx configuration (diffie-helman parameters).
  • chain.pem for nginx configuration (all three above combined).

Example Dockerfile:

FROM klaemo/couchdb-ssl

COPY local.ini /usr/local/etc/couchdb/
COPY nginx.conf /etc/nginx/
COPY server.crt /etc/nginx/certs/
COPY server.key /etc/nginx/certs/
COPY dhparams.pem /etc/nginx/certs/
COPY chain.pem /etc/nginx/certs/

and then build and run it

$ [sudo] docker build -t you/awesome-couchdb .
$ [sudo] docker run -d -p 5984:5984 -p 6984:6984 you/awesome-couchdb

et voilá you have your own CouchDB instance with SSL support on port 6984.

Generate self-signed certificate

Heroku - Creating a Self-Signed SSL Certificate

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
writing RSA key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr
...
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
...
A challenge password []:
...
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
Getting Private key

Generate strong Diffie-Helman parameters

$ openssl dhparam -out dhparams.pem 2048

NOTE: For higher key size negotiation, you may wish to create a 4096 bit dhparams file. Just change the number above.

Concatenate to chain.pem

The chain.pem file contains your SSL key, certificates and DH parameters.

Specifically, the following information:

  • The server's private key
  • The server's certificate (signing its private key)
  • (Optionally) Intermediate certificates
  • (Optionally, recommended) DH parameters

To create the PEM file, use something similar to the following:

$ cat server.key server.crt [intermediate_cert1.pem ...] dhparams.pem > chain.pem

Credits

Contributors

License

Apache License 2.0

docker-couchdb-ssl's People

Contributors

jrzerr avatar klaemo avatar zemirco avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.