Can sync_server reside on the client side?

omnibazaar3 · November 3, 2015, 12:19pm

Can sync_gateway be configured to run on the client side and still connect successfully to the CB Server through the firewall?

My developer has been attempting to run sync_gateway (along with the lite client app), and connect with the server remotely from outside the firewall. This results in the following error (with the links mangled enough to meet the forum restrictions):

20:33:23.014229 WARNING: Error installing Couchbase design doc: Put hhhp://192.1
68.2.102:8092/omnibazaar/_design/sync_gateway: dial tcp 192.168.2.102:8092: Conn
ectEx tcp: A connection attempt failed because the connected party did not prope
rly respond after a period of time, or established connection failed because con
nected host has failed to respond. – db.installViews() at database.go:291
20:33:44.055739 WARNING: Error installing Couchbase design doc: Put hhhp://192.1
68.2.102:8092/omnibazaar/_design/sync_housekeeping: dial tcp 192.168.2.102:8092:
ConnectEx tcp: A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection failed becaus
e connected host has failed to respond. – db.installViews() at database.go:305
20:33:44.055739 FATAL: Error opening database: Put hhhp://192.168.2.102:8092/omn
ibazaar/_design/sync_housekeeping: dial tcp 192.168.2.102:8092: ConnectEx tcp: A
connection attempt failed because the connected party did not properly respond
after a period of time, or established connection failed because connected host
has failed to respond. – rest.RunServer() at config.go:415

As I understand it, sync_gateway needs to reside on the server side of the firewall/router in order to work right. When the client application (along with sync_gateway) is installed on a machine on the same local network as the CB server, the above error goes away. It seems that sync_gateway can connect in this situation because it is able to reach the internal IP address (192.168.2.102). But, any instance of the application (and sync) that tries to connect with the CB server from outside the firewall gets the above error.

Is there any way to configure sync_gateway and/or the server so that the above client-side configuration will work? I will it be necessary to move sync to the server side?

andy · November 3, 2015, 12:52pm

Here is documentation covering the Couchbase server ports, it shows the ports that must be open between each node in the cluster and any clients (e.g. Sync Gateway.)

I would not recommend opening these ports through the firewall, it would leave your Couchbase Server nodes vulnerable.

Typically you would deploy Sync Gateway behind the firewall and only open port 4984 (default public REST API) on Sync Gateway through the firewall.

omnibazaar3 · November 3, 2015, 1:09pm

Thank you.

We have tried opening all, or almost all, of the ports on that list (except the ones that specify that they apply to SSL). But, we still end up with that same error. And I agree with your assessment that it is not good to keep all those ports open.

I think your answers have pointed us in the right direction. I appreciate your help.