Several Questions related to SG to SG replication via config over public API

Task: We need to replicate certain channels to remote SG instances. IMO the easiest way to do this is over the public api using a user that only has access to the channels we want replicated. This way it is a pull action and replication definition are on the target SG, but the access is controlled at the source SG.

example user in source SG config

"users": {
			"all_content": {
				"password": "passwordabc",
				"admin_channels": [
					"content"
				],
				"admin_roles": [
					"adminrole"
				  ],
				"disabled": false
			}
		},

example replication definition on target:

	"replications": [
	{
		"replication_id": "continuous-filtered",
		"source": "http://all_content:passwordabc@sourceurl.com:4984/sync_gateway",
		"target": "sync_gateway",
		"continuous": true,
		"changes_feed_limit": 1000
	}
]

I have two questions:

  1. Does anyone know if the TLS handshake is performed prior to passing the full url over with username and password?

  2. I’ve been working with Couchbase support for almost a week without getting anywhere, so I thought I would ask it here too. I am getting the following error on the target when it is trying to perform the replication work:

2019-05-21T11:58:56.016Z [DBG] Replicate+: Got notification CATCHING_UP
2019-05-21T11:58:56.016Z [INF] HTTP: #014: GET /sync_gateway/_local/e778eab791bc2f3270e33febf36048709fd21f03 (as ADMIN)
2019-05-21T11:58:56.017Z [INF] HTTP: #014: --> 404 missing (0.4 ms)
2019-05-21T11:59:56.115Z [DBG] Replicate+: Got notification ABORTED_WAITING_TO_RETRY
2019-05-21T11:59:56.615Z [DBG] Replicate+: Got notification CATCHING_UP
2019-05-21T11:59:56.616Z [INF] HTTP: #015: GET /sync_gateway/_local/e778eab791bc2f3270e33febf36048709fd21f03 (as ADMIN)
2019-05-21T11:59:56.617Z [INF] HTTP: #015: --> 404 missing (0.5 ms)
2019-05-21T12:00:56.716Z [DBG] Replicate+: Got notification ABORTED_WAITING_TO_RETRY
2019-05-21T12:00:57.216Z [DBG] Replicate+: Got notification CATCHING_UP
2019-05-21T12:00:57.216Z [INF] HTTP: #016: GET /sync_gateway/_local/e778eab791bc2f3270e33febf36048709fd21f03 (as ADMIN)
2019-05-21T12:00:57.217Z [INF] HTTP: #016: --> 404 missing (0.6 ms)

Things I’ve tried. Using a very simple sync function on both sides. It had no impact. I’ve also tried this on two different target SG databases with different target databases and a very similar error message was given.

Any help would be appreciated.

Some additional info. We are on Kubernetes and using a reverse proxy. It appears that our issue lies with the reverse proxy. We were able to get sync working when bypassing the ingress. Now the task is to try and figure out if we can make this work with the proxy by exposing some additional endpoints or if we have to have a dedicated non ingress endpoint.

Has anyone else out there figured out what additional endpoints need to be exposed in order for SG to SG replication to work while using a reverse proxy?

We’ve seen several problems with people trying to use websockets communications over various routers (Azure App Gateway, Traefik). Perhaps this is related? Deploying Sync Gatway behind Azure App Gateway - BLIP Sync

We have mobile apps replicating through the ingress without any issues for quite some time now. I am not sure why SG to SG is so different.

We found the issue. There was a miscommunication between the devops engineer and myself. I asked for the sync gateway endpoint that the phones use and he gave me the ‘backdoor’ with limited connectivity. When I switched to using the same 4984 endpoint that the phones use everything worked as designed.