Provide target authentication credentials in Sync Gateway to Sync Gateway replication


#1

I can replicate between my source and destination sync gateway servers when the GUEST account is enabled, following the instructions here: https://developer.couchbase.com/documentation/mobile/2.0/guides/sync-gateway/running-replications/index.html

However, if I disable GUEST on the target, the replication obviously fails since the source server is unable to authenticate. How can I get my source server to authenticate with the target for a replication? Is this possible via the Admin REST API?

Thanks!


#2

You can use the Admin Rest API on the target host, as follows:

    {
        "source": "db",
        "target": "db-copy"
    },
    {
        "source": "db",
        "target": "http://example.com:4985/db-copy"
    },

But you will need to create some sort of VPN / SSH tunneling to open up port 4985 to the source sync gateway, but not to the rest of the world at large, which would be a gaping security hole.

The other option would be to stay with the public API port 4984, but encode the credentials into the URL and use HTTPS so they can’t be sniffed over the wire, as follows:

    {
        "source": "db",
        "target": "db-copy"
    },
    {
        "source": "db",
        "target": "https://username:password@example.com:4984/db-copy"
    },

#3

OK great, the second option will work for us. Thank you!

FYI, I tried encoding the credentials earlier and couldn’t get it to work – I discovered the target destination URL actually requires a trailing ‘/’ character or the replication won’t work.

{
        "source": "db",
        "target": "https://username:password@example.com:4984/db-copy**/**"
}