Sync_gateway + SSL how to configure?

Mobile Sync Gateway
1

Hello.

I have a server running Couchbase CE + Sync_gateway.

I have also installed a LetsEncrypt SSL cert, that I have ensured is readable by the Couchbase/Sync_Gateway user.

Sync_gateway starts and as long as I use the ws protocol I can connect and replicate data to my test mobile app. Unfortunately I can not connect using the wss protocol, the app fails to connect.

I have checked to ensure the ports are open (4984 - 4985).

If I open the gateway in a browser using http://domain.com:4984 - success and I can see the http request hitting the sync_gateway server. If I attempt https://domain.com:4984 the page fails to load and there is no entry in the log. Which suggests I have miss configured something somewhere.

I’m not sure what else I can check.

Here is a copy of my test sync_gateway configuration. Please could someone have a look and check I’ve not made a school boy error in my config?

Thank you.

{
    "log": ["*"],
    "adminInterface": "127.0.0.1:4985",
    "interface": "0.0.0.0:4984",
    "databases": {
        "travel": {
            "server": "http://localhost:8091",
            "bucket": "travel-sample",
            "username": "sync_gateway",
            "password": "08c2eec2-aa35-4db-9d9d-298d5c52bea",
            "enable_shared_bucket_access": true,
            "import_docs": "continuous",
            "use_views": true,
            "users": { "GUEST": { "disabled": false, "admin_channels": ["*"] } },
            "SSLCert": "/etc/letsencrypt/live/mydomain/cert.pem",
            "SSLKey": "/etc/letsencrypt/live/mydomain/privkey.key",
            "sync": `function (doc, oldDoc) {
                if (doc.sdk) {
                    channel(doc.sdk);
                }
            }`
        }
    }
}
2

School boy error.

[a] I shifted the SSLCert and key entries up a level.
[b] notice the privacy has a .key extension!

Damn.

All working now.

3

Please i have encountered the same problem but cannot understand what you mean by shifting the SSLkeys one level high. If i can do the same it will be very very helpful. If you can explain it will help i am new to Ubuntu

4

Hi @felixronoh,
This means putting the SSLkey and SSLcert in to the top-level object (after the first bracket but not in the databases object).

For example, the new config that Ian would be using would be:

{
    "log": ["*"],
    "adminInterface": "127.0.0.1:4985",
    "interface": "0.0.0.0:4984",
    "SSLCert": "/etc/letsencrypt/live/mydomain/cert.pem",
    "SSLKey": "/etc/letsencrypt/live/mydomain/privkey.key",
    "databases": {
        "travel": {
            "server": "http://localhost:8091",
            "bucket": "travel-sample",
            "username": "sync_gateway",
            "password": "xxxxxx",
            "enable_shared_bucket_access": true,
            "import_docs": "continuous",
            "use_views": true,
            "users": { "GUEST": { "disabled": false, "admin_channels": ["*"] } },
            "sync": `function (doc, oldDoc) {
                if (doc.sdk) {
                    channel(doc.sdk);
                }
            }`
        }
    }
}

Hope this helps.

5

Thank you so much for this elaborate information. I have updated the sync_gateway.json appropriately.
But now sync gateway fails to start unless i changed the “server” : " http://localhost:8091 " to “server”:" https://localhost:8091"
and by changing the sever from http to htttps i can no longer establish connection to sync gateway . I think i am missing something in my setup again.

I am testing it on couchbase server community edition and couchbase lite java desktop

Thanks in advance. any advice will be appreciated

7

Hi @felixronoh ,
Please open a new topic for this issue and include additional information such as your config file, logs, and software versions.
Information about retrieving your logs can be found here.
Thanks