Bet you’re chuffed at that! How I love seeing the green padlock now.
However, Couchbase calls JS scripts on their non-SSL site and so the connection is mixed which sorta ruins the premium feel to the job.
Why’d they cut SSL support anyway for CE? It’s like… an essential for managing data. Especially due to this recent linux TLS vulnerability being discovered.
It is a shame that SSL support isn’t baked into CE.
I kind of understand their need to differentiate the products - make the Enterprise offer more desirable. I guess small businesses and hobbyists are not on their radar.
I’ve created a Couchbase mirror proxy with the same principal as I created the UI reverse with and will replace these values with my own ‘mirror’.
This still hasn’t fixed my problem but has at least made the site fully SSL. If you want to use my mirror, it’s https://cbmirror.exfusion.net.
The problem is definitely with HTTPS because I created another reverse proxy without HTTPS on port 8080 and it works fine with the popovers. Looking into it.
EDIT: Only seems to be with the Views tab.
if (base.charAt(base.length-1) !== '/') {
args[0] += '/'; // NOTE: this is base but it's used as part of
// args
}
Fails with error:
TypeError: Cannot read property 'charAt' of undefined
at buildDocURL (https://datastore.exfusion.net/js/views.js:34:11)
at Object.withDDoc (https://datastore.exfusion.net/js/views.js:1484:13)
at Object.compactDDoc (https://datastore.exfusion.net/js/views.js:1526:10)
at HTMLButtonElement.onclick (https://datastore.exfusion.net/index.html#sec=views&viewsBucket=inmcs&spatialFilter=stale%3Dfalse%26connection_timeout%3D60000&viewsFilter=inclusive_end%3Dtrue%26stale%3Dfalse%26connection_timeout%3D60000:1:14)
I use an SSH tunnel to the server and then just connect locally to the admin gui through that (via socks on browser). If that works, then firewall block from remote access the admin gui port (8091) for security and just connect through SSH. Only allow local access. I don’t feel comfortable at all having something like that available or running unencrypted remotely. You can also use a local proxy .pac (or similar) file to only proxy that server through the tunnel if needed (rather than all web traffic).