This commit is contained in:
Julien Calixte
2026-06-01 20:37:14 +02:00
commit 38089ef269
4 changed files with 104 additions and 0 deletions

10
.gitignore vendored Normal file
View File

@@ -0,0 +1,10 @@
.env
.env.*
!.env.example
# editors
.vscode/
.idea/
*.swp
*.swo
.DS_Store

36
README.md Normal file
View File

@@ -0,0 +1,36 @@
# coolcouch
CouchDB 3 on Coolify, with CORS enabled and system databases bootstrapped at first start.
## Deploy
1. In Coolify: **New Resource → Docker Compose** and point it at this repository.
2. In the resource's **Environment Variables** tab, set:
- `COUCHDB_PASSWORD` — required
- `COUCHDB_USER` — optional, defaults to `admin`
3. In the resource's **Domains** tab, assign a domain to the `couchdb` service on port `5984`. Coolify fills `SERVICE_FQDN_COUCHDB_5984` from this.
4. **Deploy.** The `couchdb-init` one-shot service will wait for CouchDB to be healthy, then `PUT` `_users`, `_replicator`, `_global_changes` and exit.
## Verify
Replace `$DOMAIN` and `$PASS`:
```bash
curl -fsS https://$DOMAIN/_up
curl -fsS -u admin:$PASS https://$DOMAIN/
curl -fsS -u admin:$PASS https://$DOMAIN/_all_dbs
curl -fsS -I -X OPTIONS https://$DOMAIN/ \
-H "Origin: https://example.com" \
-H "Access-Control-Request-Method: GET"
```
Expected: `_up` returns `{"status":"ok",...}`; `/` returns the CouchDB welcome JSON; `_all_dbs` returns `["_global_changes","_replicator","_users"]`; the preflight returns a 2xx with an `Access-Control-Allow-Origin` header.
## CORS
Wildcard origin (`*`), `credentials = false` — the only browser-spec-legal combination with a wildcard. If a client needs cookie/credentialed auth, switch `origins` in `couchdb/local.d/cors.ini` to an explicit list and set `credentials = true`.
## Files
- `docker-compose.yml` — services, volume, Traefik labels, healthcheck, init sidecar
- `couchdb/local.d/cors.ini` — mounted into `/opt/couchdb/etc/local.d/` so CouchDB picks it up at startup

8
couchdb/local.d/cors.ini Normal file
View File

@@ -0,0 +1,8 @@
[chttpd]
enable_cors = true
[cors]
origins = *
credentials = false
methods = GET, PUT, POST, HEAD, DELETE
headers = accept, authorization, content-type, origin, referer, x-csrf-token

50
docker-compose.yml Normal file
View File

@@ -0,0 +1,50 @@
services:
couchdb:
image: couchdb:3
restart: unless-stopped
environment:
SERVICE_FQDN_COUCHDB_5984:
COUCHDB_USER: ${COUCHDB_USER:-admin}
COUCHDB_PASSWORD: ${COUCHDB_PASSWORD}
expose:
- "5984"
volumes:
- couchdb_data:/opt/couchdb/data
- ./couchdb/local.d/cors.ini:/opt/couchdb/etc/local.d/cors.ini:ro
healthcheck:
test: ["CMD", "curl", "-fsS", "http://localhost:5984/_up"]
interval: 10s
timeout: 5s
retries: 12
start_period: 30s
labels:
- "traefik.enable=true"
- "traefik.http.routers.couchdb.rule=Host(`${SERVICE_FQDN_COUCHDB_5984}`)"
- "traefik.http.routers.couchdb.entrypoints=https"
- "traefik.http.routers.couchdb.tls=true"
- "traefik.http.services.couchdb.loadbalancer.server.port=5984"
couchdb-init:
image: curlimages/curl:latest
restart: "no"
depends_on:
couchdb:
condition: service_healthy
environment:
COUCHDB_USER: ${COUCHDB_USER:-admin}
COUCHDB_PASSWORD: ${COUCHDB_PASSWORD}
entrypoint: ["sh", "-c"]
command:
- |
set -eu
base="http://$${COUCHDB_USER}:$${COUCHDB_PASSWORD}@couchdb:5984"
for db in _users _replicator _global_changes; do
code=$$(curl -s -o /dev/null -w "%{http_code}" -X PUT "$$base/$$db")
case "$$code" in
201|202|412) echo "$$db: ok ($$code)" ;;
*) echo "$$db: failed ($$code)"; exit 1 ;;
esac
done
volumes:
couchdb_data: