Components
- CouchDB image: CouchDB listens only on HTTPS (5984); HTTP is disabled.
- certgen.sh script: Generates a custom CA, server, and client certificates using OpenSSL.
- minidebug image: A Minimus dev toolkit that provides a shell, OpenSSL, and other utilities used to generate the certificates.
What this guide demonstrates:
- TLS handshake validation
- Server/client certificate trust
- Basic auth and CouchDB operations
Directory Structure
Deploy CouchDB with TLS certificates
Save certgen.sh
Save the following script to a file named
certgen.sh. The script is used to generate the TLS certificates and store them in a certs folder on the host.certgen.sh
Save create-certs.yml
Save the following YAML file to run with Docker Compose. It uses the Minimus minidebug image to generate the certificates with the
certgen.shshell script. Minidebug is a Minimus dev toolkit that provides a shell, OpenSSL, and other utilities.The certificates will be persisted in the certs volume on the host.create-certs.yml
Generate certificates
Run the following to generate the certificates:
TLS certificates
The scriptcertgen.sh generates the following self-signed certificates:- CA certificate (
ca.pem) - Server certificates (
server-cert.pem,server-key.pem) - Client certificates (
client.pem,client-key.pem)
local.ini.Save couchdb-local.ini
Save the following configuration to a file named
couchdb-local.ini:couchdb-local.ini
Save Docker Compose script
Save the following Docker Compose script to If you don’t yet have the folder
docker-compose.yml. This compose file sets up CouchDB using TLS (HTTPS only), with authentication enabled, mounts the generated certificates, uses the configurations in the local INI file, and exposes CouchDB over https://localhost:15984.docker-compose.yml
./data ready and waiting, create it and give it permissions:Run tests over HTTPS
Connect to the database and test connectivity. For example, here are a few commands you can try out:
-
Check server health:
You should get the response
{"seeds":{},"status":"ok"}. -
Create and delete a database (for example
testdb): -
List all databases:
You can also pass the request for a JSON format. This option requires the jq JSON processor.
-
Check if a database exists:
-
Create document: