juliobetta · July 3, 2018 20:48
diff --git a/couchdb.service b/couchdb.service
 # /etc/systemd/system/couchdb.service

 [Unit]
 Description=Couchdb service
 After=network.target

 [Service]
 Type=simple
 User=couchdb
 ExecStart=/opt/couchdb/bin/couchdb -o /dev/stdout -e /dev/stderr
 Restart=always

 [Install]
 WantedBy=multi-user.target
diff --git a/install-couchdb-lucene.sh b/install-couchdb-lucene.sh
 add-apt-repository -y ppa:webupd8team/java
 apt-get update
 apt-get install -y maven git-core oracle-java8-installer

 && git clone [email protected]:juliobetta/couchdb-lucene.git \
 && cd couchdb-lucene \
 && mvn \
 && unzip couchdb-lucene-experimental-SNAPSHOT-dist.zip \
 && mv couchdb-lucene-experimental-SNAPSHOT /opt/couchdb-lucene

 sed -e 's/^host=localhost$/host=0.0.0.0/' -i /opt/couchdb-lucene/conf/couchdb-lucene.ini
 sed -e 's/^DAEMON=\/usr\/local\/couchdb-lucene-0.8.0\/bin\/run$/DAEMON=\/opt\/couchdb-lucene\/bin\/run/' -i /opt/couchdb-lucene/tools/etc/init.d/couchdb-lucene/couchdb-lucene
 sed -e 's/^DESC="Description of the service"$/DESC="CouchDB Lucene"/' -i /opt/couchdb-lucene/tools/etc/init.d/couchdb-lucene/couchdb-lucene

 cp /opt/couchdb-lucene/tools/etc/init.d/couchd-lucene/couchdb-lucene /etc/init.d
 && chmod +x /etc/init.d/couchdb-lucene

 update-rc.d couchdb-lucene defaults 95

 service couchdb-lucene start
 
diff --git a/install.sh b/install.sh
 #!/bin/bash
 apt-get --no-install-recommends -y install build-essential pkg-config erlang libicu-dev libmozjs185-dev libcurl4-openssl-dev
 apt-get -y install nginx mosh redis-server htop python-software-properties

 sed -i.bak 's/bind 127.0.0.1/bind 0.0.0.0/g' /etc/redis/redis.conf
 service redis-server restart

 # Fauxton dependecies ##############################################################
 curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
 apt-get install nodejs
 npm install graceful-fs minimatch uuid coffee-script jshint node-gyp node-ninja tough-cookie babel-cli pm2 -g
 ####################################################################################

 git clone https://github.com/apache/couchdb.git
 cd couchdb && ./configure --disable-docs
 make release
 adduser --disabled-login --disabled-password --no-create-home --gecos "" couchdb
 cp -R /root/couchdb/rel/couchdb /opt
 chown -R couchdb:couchdb /opt/couchdb
 find /opt/couchdb -type d -exec chmod 0770 {} \;
 chmod 0644 /opt/couchdb/etc/*

 apt-get install systemd libpam-systemd systemd-ui
 systemctl  daemon-reload
 systemctl  start couchdb.service
 systemctl  enable couchdb.service
 # check if service is running
 journalctl -u couchdb.service

 # Configure SWAP ####################################################################################
 fallocate -l 4G /swapfile
 chmod 600 /swapfile
 mkswap /swapfile
 swapon /swapfile
 swapon -s
 sysctl vm.swappiness=10
 sysctl vm.vfs_cache_pressure=50
 echo 'vm.swappiness = 10' >> /etc/sysctl.conf
 echo 'vm.vfs_cache_pressure = 50' >> /etc/sysctl.conf
 echo '/swapfile   none    swap    sw    0   0' >> /etc/fstab
 #####################################################################################################

 # do not forget to check UFW rules
 # allow private and public ip from any other machines linked to the server to port 5984
 # allow private ip from any other machines linked to the server to port 80
 # allow port shh and mosh, or not, in case using knock
diff --git a/local.ini b/local.ini
 ; /opt/couchdb/etc/local.ini

 ; CouchDB Configuration Settings

 ; Custom settings should be made in this file. They will override settings
 ; in default.ini, but unlike changes made to default.ini, this file won't be
 ; overwritten on server upgrade.

 [couchdb]
 ;max_document_size = 4294967296 ; bytes
 ;os_process_timeout = 5000
 ; WARNING: generate a UUID here https://www.uuidgenerator.net/
 uuid = autogenerated
 max_dbs_open = 1024

 [couch_peruser]
 ; If enabled, couch_peruser ensures that a private per-user database
 ; exists for each document in _users. These databases are writable only
 ; by the corresponding user. Databases are in the following form:
 ; userdb-{hex encoded username}
 enable = true
 ; If set to true and a user is deleted, the respective database gets
 ; deleted as well.
 ;delete_dbs = true

 [chttpd]
 port = 5984
 ;bind_address = 10.128.12.163
 bind_address = 0.0.0.0
 ; Options for the MochiWeb HTTP server.
 ;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
 ; For more socket options, consult Erlang's module 'inet' man page.
 ;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
 ; Options for the MochiWeb HTTP server.
 server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
 ; For more socket options, consult Erlang's module 'inet' man page.
 socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]

 [httpd]
 ; NOTE that this only configures the "backend" node-local port, not the
 ; "frontend" clustered port. You probably don't want to change anything in
 ; this section.
 ; Uncomment next line to trigger basic-auth popup on unauthorized requests.
 WWW-Authenticate = Basic realm="administrator"

 ; Uncomment next line to set the configuration modification whitelist. Only
 ; whitelisted values may be changed via the /_config URLs. To allow the admin
 ; to change this value over HTTP, remember to include {httpd,config_whitelist}
 ; itself. Excluding it from the list would require editing this file to update
 ; the whitelist.
 ;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}]
 enable_cors = true
 ;bind_address = 10.128.12.163
 bind_address = 0.0.0.0
 server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
 socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
 ;x_forwarded_host = X-Forwarded-Host
 ;x_forwarded_proto = X-Forwarded-Proto
 ;x_forwarded_ssl = X-Forwarded-Ssl
 ; 3 minutes = 3 * 60 * 1000 = 180000
 changes_timeout = 180000
 ;Note that writer = stderr fits (seems to) with the systemd startup script described in the couchdb installation part in this documentation
 ;[log]
 ;level = debug
 writer = stderr
 level = warning
 authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}

 [query_servers]
 ;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js


 [httpd_global_handlers]
 ;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>}

 [couch_httpd_auth]
 ; If you set this to true, you should also uncomment the WWW-Authenticate line
 ; above. If you don't configure a WWW-Authenticate header, CouchDB will send
 ; Basic realm="server" in order to prevent you getting logged out.
 require_valid_user = true

 ; WARNING: generate a Secret Key here http://passwordsgenerator.net/
 secret = MySecret
 allow_persistent_cookies = true

 ; 14 days = 14 * 24 * 60 * 60 = 1209600 seconds
 timeout = 1209600
 auth_cache_size = 1000

 [os_daemons]
 ; For any commands listed here, CouchDB will attempt to ensure that
 ; the process remains alive. Daemons should monitor their environment
 ; to know when to exit. This can most easily be accomplished by exiting
 ; when stdin is closed.
 ;foo = /path/to/command -with args

 [daemons]
 ; enable SSL support by uncommenting the following line and supply the PEM's below.
 ; the default ssl port CouchDB listens on is 6984
 ; httpsd = {chttpd, start_link, [https]}

 [ssl]
 ;cert_file = /full/path/to/server_cert.pem
 ;key_file = /full/path/to/server_key.pem
 ;password = somepassword
 ; set to true to validate peer certificates
 ;verify_ssl_certificates = false
 ; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
 ;fail_if_no_peer_cert = false
 ; Path to file containing PEM encoded CA certificates (trusted
 ; certificates used for verifying a peer certificate). May be omitted if
 ; you do not want to verify the peer.
 ;cacert_file = /full/path/to/cacertf
 ; The verification fun (optional) if not specified, the default
 ; verification fun will be used.
 ;verify_fun = {Module, VerifyFun}
 ; maximum peer certificate depth
 ;ssl_certificate_max_depth = 1
 ;
 ; Reject renegotiations that do not live up to RFC 5746.
 ;secure_renegotiate = true
 ; The cipher suites that should be supported.
 ; Can be specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}"
 ; or in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
 ;ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
 ; The SSL/TLS versions to support
 ;tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2']

 ; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
 ; the Virual Host will be redirected to the path. In the example below all requests
 ; to http://example.com/ are redirected to /database.
 ; If you run CouchDB on a specific port, include the port number in the vhost:
 ; example.com:5984 = /database
 [vhosts]
 ;api.datagenno.com = /couchdb2/

 [update_notification]
 ;unique notifier name=/full/path/to/exe -with "cmd line arg"

 ; To create an admin account uncomment the '[admins]' section below and add a
 ; line in the format 'username = password'. When you next start CouchDB, it
 ; will change the password to a hash (so that your passwords don't linger
 ; around in plain-text files). You can add more admin accounts with more
 ; 'username = password' lines. Don't forget to restart CouchDB after
 ; changing this.
 [admins]
 ; WARNING: generate a Password here http://passwordsgenerator.net/
 admin = password

 [replicator]
 ; 3 minutes = 3 * 60 * 1000 = 180000
 connection_timeout = 180000
 use_checkpoints = true

 ; adjust this to your situation
 worker_batch_size = 2000

 [compactions]
 _default =  [{db_fragmentation,"70%"},{view_fragmentation,"60%"},{from,"00:00"},{to,"06:00"}]

 [cors]
 ; See also https://github.com/pouchdb/add-cors-to-couchdb
 ; Note: the Fauxton cors settings are slightly different
 origins = *
 credentials = true
 headers = accept, authorization, content-type, origin, cookie, referer, x-csrf-token
 methods = GET, OPTIONS, HEAD, PUT, POST, DELETE, TRACE
diff --git a/migrate-to-2.1.1.sh b/migrate-to-2.1.1.sh
 #!/bin/bash
 service couchdb stop
 cd ~/ && mkdir couchdb
 curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/2.1.1/apache-couchdb-2.1.1.tar.gz -o couchdb.tar.gz
 tar -xzf couchdb.tar.gz -C couchdb --strip-components=1
 cd couchdb
 ./configure --disable-docs
 make release
 mv /opt/couchdb /opt/couchdb-old
 mv ./rel/couchdb /opt/couchdb
 cp -R /opt/couchdb-old/data /opt/couchdb
 cp -R /opt/couchdb-old/etc/local.ini /opt/couchdb/etc
 cp -R /opt/couchdb-old/etc/vm.args /opt/couchdb/etc
 chown -R couchdb:couchdb /opt/couchdb
 find /opt/couchdb -type d -exec chmod 0770 {} \;
 chmod 0644 /opt/couchdb/etc/*
 service couchdb start
diff --git a/rollback-to-2.0.0.sh b/rollback-to-2.0.0.sh
 #!/bin/bash
 service couchdb stop
 mv /opt/couchdb /opt/couchdb-new
 mv ./rel/couchdb-old /opt/couchdb
 cp -R /opt/couchdb-new/data /opt/couchdb
 chown -R couchdb:couchdb /opt/couchdb
 find /opt/couchdb -type d -exec chmod 0770 {} \;
 chmod 0644 /opt/couchdb/etc/*
 service couchdb start
	# /etc/systemd/system/couchdb.service

	[Unit]
	Description=Couchdb service
	After=network.target

	[Service]
	Type=simple
	User=couchdb
	ExecStart=/opt/couchdb/bin/couchdb -o /dev/stdout -e /dev/stderr
	Restart=always

	[Install]
	WantedBy=multi-user.target
	add-apt-repository -y ppa:webupd8team/java
	apt-get update
	apt-get install -y maven git-core oracle-java8-installer

	&& git clone [email protected]:juliobetta/couchdb-lucene.git \
	&& cd couchdb-lucene \
	&& mvn \
	&& unzip couchdb-lucene-experimental-SNAPSHOT-dist.zip \
	&& mv couchdb-lucene-experimental-SNAPSHOT /opt/couchdb-lucene

	sed -e 's/^host=localhost$/host=0.0.0.0/' -i /opt/couchdb-lucene/conf/couchdb-lucene.ini
	sed -e 's/^DAEMON=\/usr\/local\/couchdb-lucene-0.8.0\/bin\/run$/DAEMON=\/opt\/couchdb-lucene\/bin\/run/' -i /opt/couchdb-lucene/tools/etc/init.d/couchdb-lucene/couchdb-lucene
	sed -e 's/^DESC="Description of the service"$/DESC="CouchDB Lucene"/' -i /opt/couchdb-lucene/tools/etc/init.d/couchdb-lucene/couchdb-lucene

	cp /opt/couchdb-lucene/tools/etc/init.d/couchd-lucene/couchdb-lucene /etc/init.d
	&& chmod +x /etc/init.d/couchdb-lucene

	update-rc.d couchdb-lucene defaults 95

	service couchdb-lucene start
	#!/bin/bash
	apt-get --no-install-recommends -y install build-essential pkg-config erlang libicu-dev libmozjs185-dev libcurl4-openssl-dev
	apt-get -y install nginx mosh redis-server htop python-software-properties

	sed -i.bak 's/bind 127.0.0.1/bind 0.0.0.0/g' /etc/redis/redis.conf
	service redis-server restart

	# Fauxton dependecies ##############################################################
	curl -sL https://deb.nodesource.com/setup_6.x \| sudo -E bash -
	apt-get install nodejs
	npm install graceful-fs minimatch uuid coffee-script jshint node-gyp node-ninja tough-cookie babel-cli pm2 -g
	####################################################################################

	git clone https://github.com/apache/couchdb.git
	cd couchdb && ./configure --disable-docs
	make release
	adduser --disabled-login --disabled-password --no-create-home --gecos "" couchdb
	cp -R /root/couchdb/rel/couchdb /opt
	chown -R couchdb:couchdb /opt/couchdb
	find /opt/couchdb -type d -exec chmod 0770 {} \;
	chmod 0644 /opt/couchdb/etc/*

	apt-get install systemd libpam-systemd systemd-ui
	systemctl daemon-reload
	systemctl start couchdb.service
	systemctl enable couchdb.service
	# check if service is running
	journalctl -u couchdb.service

	# Configure SWAP ####################################################################################
	fallocate -l 4G /swapfile
	chmod 600 /swapfile
	mkswap /swapfile
	swapon /swapfile
	swapon -s
	sysctl vm.swappiness=10
	sysctl vm.vfs_cache_pressure=50
	echo 'vm.swappiness = 10' >> /etc/sysctl.conf
	echo 'vm.vfs_cache_pressure = 50' >> /etc/sysctl.conf
	echo '/swapfile none swap sw 0 0' >> /etc/fstab
	#####################################################################################################

	# do not forget to check UFW rules
	# allow private and public ip from any other machines linked to the server to port 5984
	# allow private ip from any other machines linked to the server to port 80
	# allow port shh and mosh, or not, in case using knock
	; /opt/couchdb/etc/local.ini

	; CouchDB Configuration Settings

	; Custom settings should be made in this file. They will override settings
	; in default.ini, but unlike changes made to default.ini, this file won't be
	; overwritten on server upgrade.

	[couchdb]
	;max_document_size = 4294967296 ; bytes
	;os_process_timeout = 5000
	; WARNING: generate a UUID here https://www.uuidgenerator.net/
	uuid = autogenerated
	max_dbs_open = 1024

	[couch_peruser]
	; If enabled, couch_peruser ensures that a private per-user database
	; exists for each document in _users. These databases are writable only
	; by the corresponding user. Databases are in the following form:
	; userdb-{hex encoded username}
	enable = true
	; If set to true and a user is deleted, the respective database gets
	; deleted as well.
	;delete_dbs = true

	[chttpd]
	port = 5984
	;bind_address = 10.128.12.163
	bind_address = 0.0.0.0
	; Options for the MochiWeb HTTP server.
	;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
	; For more socket options, consult Erlang's module 'inet' man page.
	;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
	; Options for the MochiWeb HTTP server.
	server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
	; For more socket options, consult Erlang's module 'inet' man page.
	socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]

	[httpd]
	; NOTE that this only configures the "backend" node-local port, not the
	; "frontend" clustered port. You probably don't want to change anything in
	; this section.
	; Uncomment next line to trigger basic-auth popup on unauthorized requests.
	WWW-Authenticate = Basic realm="administrator"

	; Uncomment next line to set the configuration modification whitelist. Only
	; whitelisted values may be changed via the /_config URLs. To allow the admin
	; to change this value over HTTP, remember to include {httpd,config_whitelist}
	; itself. Excluding it from the list would require editing this file to update
	; the whitelist.
	;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}]
	enable_cors = true
	;bind_address = 10.128.12.163
	bind_address = 0.0.0.0
	server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
	socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
	;x_forwarded_host = X-Forwarded-Host
	;x_forwarded_proto = X-Forwarded-Proto
	;x_forwarded_ssl = X-Forwarded-Ssl
	; 3 minutes = 3 * 60 * 1000 = 180000
	changes_timeout = 180000
	;Note that writer = stderr fits (seems to) with the systemd startup script described in the couchdb installation part in this documentation
	;[log]
	;level = debug
	writer = stderr
	level = warning
	authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}

	[query_servers]
	;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js


	[httpd_global_handlers]
	;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>}

	[couch_httpd_auth]
	; If you set this to true, you should also uncomment the WWW-Authenticate line
	; above. If you don't configure a WWW-Authenticate header, CouchDB will send
	; Basic realm="server" in order to prevent you getting logged out.
	require_valid_user = true

	; WARNING: generate a Secret Key here http://passwordsgenerator.net/
	secret = MySecret
	allow_persistent_cookies = true

	; 14 days = 14 * 24 * 60 * 60 = 1209600 seconds
	timeout = 1209600
	auth_cache_size = 1000

	[os_daemons]
	; For any commands listed here, CouchDB will attempt to ensure that
	; the process remains alive. Daemons should monitor their environment
	; to know when to exit. This can most easily be accomplished by exiting
	; when stdin is closed.
	;foo = /path/to/command -with args

	[daemons]
	; enable SSL support by uncommenting the following line and supply the PEM's below.
	; the default ssl port CouchDB listens on is 6984
	; httpsd = {chttpd, start_link, [https]}

	[ssl]
	;cert_file = /full/path/to/server_cert.pem
	;key_file = /full/path/to/server_key.pem
	;password = somepassword
	; set to true to validate peer certificates
	;verify_ssl_certificates = false
	; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true.
	;fail_if_no_peer_cert = false
	; Path to file containing PEM encoded CA certificates (trusted
	; certificates used for verifying a peer certificate). May be omitted if
	; you do not want to verify the peer.
	;cacert_file = /full/path/to/cacertf
	; The verification fun (optional) if not specified, the default
	; verification fun will be used.
	;verify_fun = {Module, VerifyFun}
	; maximum peer certificate depth
	;ssl_certificate_max_depth = 1
	;
	; Reject renegotiations that do not live up to RFC 5746.
	;secure_renegotiate = true
	; The cipher suites that should be supported.
	; Can be specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}"
	; or in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
	;ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
	; The SSL/TLS versions to support
	;tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2']

	; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
	; the Virual Host will be redirected to the path. In the example below all requests
	; to http://example.com/ are redirected to /database.
	; If you run CouchDB on a specific port, include the port number in the vhost:
	; example.com:5984 = /database
	[vhosts]
	;api.datagenno.com = /couchdb2/

	[update_notification]
	;unique notifier name=/full/path/to/exe -with "cmd line arg"

	; To create an admin account uncomment the '[admins]' section below and add a
	; line in the format 'username = password'. When you next start CouchDB, it
	; will change the password to a hash (so that your passwords don't linger
	; around in plain-text files). You can add more admin accounts with more
	; 'username = password' lines. Don't forget to restart CouchDB after
	; changing this.
	[admins]
	; WARNING: generate a Password here http://passwordsgenerator.net/
	admin = password

	[replicator]
	; 3 minutes = 3 * 60 * 1000 = 180000
	connection_timeout = 180000
	use_checkpoints = true

	; adjust this to your situation
	worker_batch_size = 2000

	[compactions]
	_default = [{db_fragmentation,"70%"},{view_fragmentation,"60%"},{from,"00:00"},{to,"06:00"}]

	[cors]
	; See also https://github.com/pouchdb/add-cors-to-couchdb
	; Note: the Fauxton cors settings are slightly different
	origins = *
	credentials = true
	headers = accept, authorization, content-type, origin, cookie, referer, x-csrf-token
	methods = GET, OPTIONS, HEAD, PUT, POST, DELETE, TRACE
	#!/bin/bash
	service couchdb stop
	cd ~/ && mkdir couchdb
	curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/2.1.1/apache-couchdb-2.1.1.tar.gz -o couchdb.tar.gz
	tar -xzf couchdb.tar.gz -C couchdb --strip-components=1
	cd couchdb
	./configure --disable-docs
	make release
	mv /opt/couchdb /opt/couchdb-old
	mv ./rel/couchdb /opt/couchdb
	cp -R /opt/couchdb-old/data /opt/couchdb
	cp -R /opt/couchdb-old/etc/local.ini /opt/couchdb/etc
	cp -R /opt/couchdb-old/etc/vm.args /opt/couchdb/etc
	chown -R couchdb:couchdb /opt/couchdb
	find /opt/couchdb -type d -exec chmod 0770 {} \;
	chmod 0644 /opt/couchdb/etc/*
	service couchdb start
	#!/bin/bash
	service couchdb stop
	mv /opt/couchdb /opt/couchdb-new
	mv ./rel/couchdb-old /opt/couchdb
	cp -R /opt/couchdb-new/data /opt/couchdb
	chown -R couchdb:couchdb /opt/couchdb
	find /opt/couchdb -type d -exec chmod 0770 {} \;
	chmod 0644 /opt/couchdb/etc/*
	service couchdb start