Edge Server Configuration Schema

https://packages.couchbase.com/couchbase-edge-server/config_schema.json

Allows config files to declare they conform to this schema. Otherwise ignored.

The databases to be served. Keys are the URI names to use.

A database configuration.

Collections to share. If omitted, all collections are shared. If it's an array, the items are the names of the collections to share (and create, if create is true). If it's an object, each key is a collection name and the value is an object describing the collection.

If true, database will be created on startup if it doesn't exist.

If true, clients can submit freeform SQL++ SELECT queries.

Not recommended in production due to potential for abuse: slow-running queries can be used as DoS attacks.

Enables client sync connections. pull is read-only, push is write-only, bidirectional or true enables both. Defaults to false, that is, sync is not allowed.

Enables writing to database via PUT / POST / DELETE requests. Lets clients write to the documents via the REST API. It does not affect clients syncing. So it's possible to disallow writes via REST but allow them via push replication, or vice versa.

This does not affect upstream replication or client sync. To prevent clients from writing to the database via sync, enable_client_sync must be omitted or set to pull.

Database password, or raw AES256 key encoded as 64 hex digits.

Path of database file.

Database UUID to be replaced on first launch. The placeholder_uuid property should be used if the database has been copied from elsewhere. Every database file contains a universally unique ID (UUID); copying a database file means this is no longer unique, and that will cause problems with replication. If a canned initial database file is to be deployed to a number of Edge Servers, its current UUID can be set as the value of this property. The first time each server starts up, it will replace that UUID with a new, actually-unique one. You can find a database file's UUID via cblite info -v db.cblite2.

SQL++ queries clients can invoke. Keys are query names, values are SQL++.

A SQL++ 'SELECT' query.

If true, unauthenticated requests are allowed (guest access).

TLS settings. If present, tls_cert_path and tls_key_path are required.

Path of file containing CA cert for authenticating clients (mTLS).

If present, clients must connect using TLS client certificates. Only certs signed by this CA cert will be accepted. The Common Name (CN) field of the client cert will be used as the username for purposes of logging.

Path of file containing TLS server certificate.

Path of file containing matching private key.

0.0.0.0:59840

Listening interface IP address and port, separated by a colon. The interface address is optional and defaults to 0.0.0.0, i.e. all interfaces. A useful value for testing is 127.0.0.1, which allows only clients on the same device to connect. The default port number is 59840.

Logging configuration.

Configuration for audit logging.

Array of integer event IDs to disable, or "*" to disable all - (enable overrides these).

Array of integer event IDs to enable, or "*" to enable all. (Takes priority over 'disable').

Filename of audit log.

If true, audit events will omit the description property.

The description property can be useful for human readers, but is quite verbose and will significantly increase log file size.

true

Whether to log to stdout/stderr.

Custom levels for specific logging domains. Keys are domain names. Common domains are Default, REST, Listener, DB, Query, Sync.

warning

Log level of the domain: verbose, info, warning or error

Configuration for file-based logging.

Path of existing directory where log files will be created.

binary

Format of log files: binary or text.

1000000

Size in bytes at which log files are rotated.

Number of older log files that are preserved.

Replications to run when the server starts.

Authorization credentials.

An OpenID Connect token.

Password for HTTP Basic auth to remote server. Requires 'user'.

A Sync Gateway session cookie.

This Edge Server's TLS client certificate, for mTLS. (Requires 'tls_client_cert_key'.)

Private key of TLS client certificate. (Requires 'tls_client_cert'.)

Username for HTTP Basic auth to remote server. Requires 'password'.

If true, replication is bidirectional.

Channel filter (incompatible with 'collections')

_default

Collections to replicate. If omitted, only the default collection is replicated.

If true, replication is continuous, i.e. keeps running forever.

Document IDs to replicate (incompatible with 'collections')

Extra HTTP headers; keys are header names, values are header values.

Header value

Path of file containing the required server certificate.

HTTP proxy settings

Proxy authorization credentials.

An OpenID Connect token.

Password for HTTP Basic auth to proxy. Requires 'user'.

This Edge Server's TLS client certificate, for mTLS. (Requires 'tls_client_cert_key'.)

Private key of TLS client certificate. (Requires 'tls_client_cert'.)

Username for HTTP Basic auth to proxy. Requires 'password'.

Hostname of proxy server

Port number of proxy server

HTTP

Proxy type: 'HTTP' or 'HTTPS'

The source database: a local name or remote 'wss:' URL.

The destination database: a local name or remote 'wss:' URL.

Path of file containing one or more additional root certificates to be trusted.

Path to JSON file containing users and roles.