google app engine - Limit access to the Admin REST API of SyncGateway -


according documentation admin rest api of syncgateway shouldn't exposed.

quote:

by default, admin rest api runs on port 4985 (unless change admininterface configuration parameter). do not expose port—it belongs behind firewall. can reach port has free access , control on databases , user accounts.

this makes sense i'm wondering how can grant application server runs on google appengine , handles sign-up / creation of sessions access api without exposing it? there option expose admin rest api limit access specific server sending request or requiring username / password combination gui on :8091 port?

edit

just clarification i'm adding comment question:

the app server (running on gae) , couchbase server (running on digitalocean) 2 different physical devices , have different ip addresses. means: can't change admininterface configuration parameter in syncgateway_config.json loop-back address since connection gae server couchbase server won't have effect afterwards. server unreachable outside if i'm not mistaken?!

the usual expectation database server , other servers need admin-level access either on same host, or on internal network that's behind firewall. in latter case can safely bind admin port internal net. of course firewall rules allow external connections sync gateway (sg) public port.

if have auth server that's on entirely different network, things bit more complex.

one possibility use fancier options on firewall can allow external access admin port, only external auth server. few ways can imagine doing (a) hardcode auth server's ip address, (b) use ssl connection client cert, or (c) open ssh tunnel auth server sg server.

another possibility use distributed auth system oauth, designed kind of thing. mobile app talk auth server obtain token, present token sg, shows token auth server validate it. iirc don't have general purpose oauth support in sg yet need write small oauth handler run on sg server work.

[disclaimer: i'm architect @ couchbase , have worked on sync gateway work on couchbase lite these days i'm not expert on sg's current capabilities!]


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more