Allow people to plugin custom app server into Sync Gateway #430
Comments
|
While the technical advantages stand, this would probably lead to a lot of support tickets along the lines of "I can't get my product X App server to work with SG", when it's probably some app server config that's wrong. |
|
Agreed .. it could lead to some unwanted tech support. But I think we could just punt early and tell people to switch over to nginx. I'm realizing this feature would probably be mainly useful in "developer sandbox" cases. Eg, let's say I want to spin up something in the cloud to develop against, and I need an app server (but I don't need nginx, since I only have one sync gateway). It seems awkward to force people to introduce nginx into this equation, just so they can talk to their app server. In contrast, if someone was running in production, and they already have a tier of SG's behind an nginx server, they could just add some configuration to their nginx and be done with it. |
Add configurable target proxy URL for app server. Any requests to /_appserver endpoint will be proxied to app server. If nothing configured, returns 500 error for /_appserver endpoint. #430
|
After discussion, we've decided to go with a slightly different approach: see https://github.com/couchbase/sync_gateway/wiki/Custom-Auth-Proxy |
I have the following architecture:
and need my app (light green) to be able to communicate with my app server (purple), so that:
(@snej, if this is sounding familiar, we had this very discussion a few days ago, sans fancy diagram)
The dotted line represents the hypothetical communication between the app and the app server, which isn't currently possible except by putting the app server outside the firewall. In my case, that means another conversation with the network admin, and one I'd rather not have.
Proposal
Add
/_appserverendpoint that would cause Sync Gateway to reverse proxy all requests under the that endpoint to the app server.How will Sync Gateway know the host/port of the app server? That would be a configuration value in config.json.
What if there was no app server configured? All requests to
/_appserverwould get a 5xx error.Advantages:
Security:
In its default state, it doesn't open any security holes, because by default, there won't be any app server that is configured and so the
/_appserverendpoint will be a no-op.We'd probably want to create some "best practices" for people who add an appserver, but ultimately the security will be in their hands (and it's already in their hands).
The text was updated successfully, but these errors were encountered: