I saw in code of sync gateway that proxy option is not currently supported. But it also gives a hint this will be coming in future, I thought you are the right person to ask a tentative time line.
What we need is to have sync gateway to sync gateway replication in a authenticated manner.
Where on cloud there will be one sync gateway and on different locations there will be different sync gateways. These will connect through VPN but the issue is there is not authentication between them if we use SG<->SG replication.
Because one sync gateway needs to replicate data to multiple sync gateways we need to open its IPs. Yes it is correct that the IP will be local and will be through VPN. But still having low confidence in the authentication part.
We could have used XDCR too but we will be having mobile users on both sync gateways. And then SG<->SG replication is the only option.
I saw in code of sync gateway that proxy option is not currently supported.
Can you point to the code in question that you are referring to?
What we need is to have sync gateway to sync gateway replication in a authenticated manner.
Here are the possible ways I can think of to do that:
Use a reverse proxy like NGINX to “front” Sync Gateway admin port 4985, and then setup BasicAuth authentication at the NGINX layer. Since this is already encrypted via VPN in your case, I don’t think it should be an issue to pass basic auth credentials across the wire … but I don’t know your exact security requirements.
Use Sync Gateway user port 4984 and use the Sync Gateway authentication. If you go that route, you would probably want to create additional users that have access to all channels.
Please let me know more about your specific requirements and I can give some more guidance.
Above Idea looks good and we already have NGINX and all sync gateways are behind that. I think it possible to let the NGINX know that this is legitimate call. Why I am fearing this is because Admin port is very risky to be opened even in local VPN.
This one I tried, may be 4 months back but I think if the network between Sync gateway and Couch Base is having issue then the sync becomes very fragile. Please correct me if I am wrong. Because in this case one sync gateway will point to a couch base server having poor network to the sync gateway.
We will have two locations doing sync gateway to sync gateway replication through a very bad network. Which will be down may be 4 days a week and will use Satellite network. Do you think second approach will work on this.