Couchbase Lite ports and SSL


I’m building a new solution using CB Lite and Sync Gateway. I’m on newest CB server, Sync Gateway and CB Lite - and willl update if any updates are relevant :slight_smile:

For testing purposes I have set up a CB cluster in my demo environment - not on the same box as I have the application. The users access the application server via HTTPS - and I have set up an Nginx server in front of it to lift off the SSL.

With this app I’ll have a few REST calls (e.g. when registering a user or changing password) - but the majority of the data transfer will be done by CB Lite via the Sync Gateway. As I understand it that happens on port 4984 - and therefore this port will have to be open into my environment. So I have the following questions:

  1. Can I run on the same SSL connection into my Nginx (just using port 4984 - and redirect sync. traffic to the db cluster)?

  2. When users are in e.g. hotels there may be restrictions to what ports you can use. Will using port 4984 not create a problem for users on such restricted networks? If so, can the sync. run on a “standard” port instead?

These questions may be obvious to you - and just an expression of my lack of knowledge :blush:

Thanks in advance!

Sync Gateway can run on any port that you choose as long as you have permissions on that machine to do so (Ports 1 - 1024 generally have more restrictions about them from the OS than others do). As far as NGinx, I don’t see how it will be a problem if it is set up correctly. Since it is SSL all it can really do is tunnel the connection to the end server (Sync Gateway) but I’m not familiar with the particulars of setting that up.

Thanks for your reply @borrrden. I guess I need to find out if using other ports than 443 and 80 is that big a problem - and if so either user som url-pattern to differentiate the requests to the SG from the app.server’s API - and just split them out in Nginx.

I suppose I can add some url “path” to the SG endpoint? Or perhaps differentiate on protocol…? It’s probably obvious that I don’t really know all the angles of this issue - I was just confronted with the problem of limitations on some ports on public networks and really would like to avoid that being an issue for users of the app…