Sorry for the title, but I didn’t know how to explain my doubts in a few words.
I’ve always used RDBMS to develop web services, and I’m approaching Couchbase for the first time, so please treat me like a newbie
I’ve successfully installed Couchbase Server Community Edition on a single Linux AWS EC2 instance. Atm, I’m not interested in replication, load balancing and so. I simply need a basic setup to do some experimenting. However I’m very careful about security issues, so I have some questions.
On EC2 I opened the following ports to the world:
- 8091, and I can use it to log in the web admin console, using credential chosen in the setup wizard;
- 8092, and I can use it to query views with the REST API;
- 11210, which I’m not sure if it is needed considering I’m on a single cluster.
Now, question time:
As I said, when I access 8091 from my browser, I have to type in my credential to gain access to the web console. But if I use the REST API it all seems to work without authentication. Is it ok? Should I close port 8091 except from my office IP address? Or these are only generic information that can be public? For example, from my PC, with no auth, I can see: http://pastebin.com/raw.php?i=LN2JiMvR
On 8092 I can access all views/documents. Let’s say in the future I will use Couchbase Lite Sync Manager on a dedicated TCP port. Then, can I close 8092 so my DB will be accessed only through Sync Manager, with all its checks on users auth, roles and channels?
Is 11210 really needed for my setup? What’s exactly for? Doc says “Used by smart client libraries or Moxi to directly connect to the data nodes”, but that’s not very clear to me. Can I close that port?
Thank you all.