Sync_gateway + SSL how to configure?


#1

Hello.

I have a server running Couchbase CE + Sync_gateway.

I have also installed a LetsEncrypt SSL cert, that I have ensured is readable by the Couchbase/Sync_Gateway user.

Sync_gateway starts and as long as I use the ws protocol I can connect and replicate data to my test mobile app. Unfortunately I can not connect using the wss protocol, the app fails to connect.

I have checked to ensure the ports are open (4984 - 4985).

If I open the gateway in a browser using http://domain.com:4984 - success and I can see the http request hitting the sync_gateway server. If I attempt https://domain.com:4984 the page fails to load and there is no entry in the log. Which suggests I have miss configured something somewhere.

I’m not sure what else I can check.

Here is a copy of my test sync_gateway configuration. Please could someone have a look and check I’ve not made a school boy error in my config?

Thank you.

{
    "log": ["*"],
    "adminInterface": "127.0.0.1:4985",
    "interface": "0.0.0.0:4984",
    "databases": {
        "travel": {
            "server": "http://localhost:8091",
            "bucket": "travel-sample",
            "username": "sync_gateway",
            "password": "08c2eec2-aa35-4db-9d9d-298d5c52bea",
            "enable_shared_bucket_access": true,
            "import_docs": "continuous",
            "use_views": true,
            "users": { "GUEST": { "disabled": false, "admin_channels": ["*"] } },
            "SSLCert": "/etc/letsencrypt/live/mydomain/cert.pem",
            "SSLKey": "/etc/letsencrypt/live/mydomain/privkey.key",
            "sync": `function (doc, oldDoc) {
                if (doc.sdk) {
                    channel(doc.sdk);
                }
            }`
        }
    }
}

#2

School boy error.

[a] I shifted the SSLCert and key entries up a level.
[b] notice the privacy has a .key extension!

Damn.

All working now.