Adding Sync Gateway Authorization Not working

Hi,

I want to add Authorization to Sync Gateway. I followed this link. i tried following curl operation on terminal. Here i replaced local host with server ip address. then im getting Failed to connect to server ip address port 4985: Connection refused

Please assist me how can i achieve this.

curl -X POST http://localhost:4985/couchbaseevents/_user/
-d ‘{“name”:“couchbase_user”, “password”:“mobile”}’
-H “Content-Type: application/json”

@itssrinadh

By default Sync Gateway will bind the ADMIN REST API to the local callback interface “127.0.0.1”, this allows you to only access the ADMIN REST API from the same host using “localhost” or “127.0.0.1”.

If you want to access the ADMIN REST API via network interface you must add the following property to the top level of your Sync Gateway config.json:

"adminInterface":"<PUBLIC_IP_ADDRESS>:4985",

e.g. if your network interface IP address is 10.0.1.5 you would set the proeprty to:

"adminInterface":"10.0.1.5:4985",

And you could then use the following curl command:

curl -X POST http://10.0.1.5:4985/db/_user/ -d '{"name":"couchbase_user", "password":"mobile"}' -H "Content-Type: application/json"

Thanks @andy Here is my config file. Where i can keep adminInterface":“<PUBLIC_IP_ADDRESS>:4985” on following file.

{
  "log": ["*"],
  "databases": {
    "db": {
      "server": "http://myserveraddress:8091/",
      "bucket": "default",
      "users": { "GUEST": { "disabled": true, "admin_channels": ["*"] } }
    }
  }
}

So, it’s worth noting that it’s this way by default for a reason, see here:

The Admin REST API is used to administer user accounts and roles. It can also be used to look at the contents of databases in superuser mode. The default port for the Admin REST API is 4985. By default, the Admin REST API is reachable only from localhost for safety reasons.

and here:

By default, the Admin REST API runs on port 4985 (unless you change the adminInterface configuration parameter). Do not expose this port—It belongs behind your firewall. Anyone who can reach this port has free access to and control over your databases and user accounts.

That being said, you can configure as detailed here, so for example:

{
  "log": ["*"],
  "adminInterface":"10.0.1.15:4985",
  "databases": {
    "db": {
      "server": "http://myserveraddress:8091/",
      "bucket": "default",
      "users": { "GUEST": { "disabled": true, "admin_channels": ["*"] } }
    }
  }
}

Thank you for you help @JFlath.

@JFlath No luck please look following config file. im trying to give username and password from config files. but my docker existing this container always. if i remove username, password, interface and adminInterface. then its working good.

Please assist me on this.

Tried another way but no use.

username and password should relate to the Couchbase Server bucket, if you’re not using a password on the bucket on Couchbase Server then you shouldn’t need them.

As it works when you don’t include them, I’m assuming you don’t have a password on the Couchbase Server bucket. What happens if you only specify the adminInterface?

@JFlath Actually my requirement is, Im using couchbase syc gateway port 4984 and N1QL query with port 8093, when i want to authenticate these two ports. so can you please help me, how to add security to those services.