Configuration settings for modifying how the REST API is interacted with.

Network interface to bind admin API to.

By default, this will only be accessible to the localhost.

Whether the admin API requires authentication

If false, disables compression of HTTP responses

List of allowed headers. These headers will be added the Access-Control-Allow-Headers response to a valid CORS request.

A recommended minimum set of values should be ["Accept-Encoding", "Authorization", "Content-Type", "If-Match"].

List of allowed origins to apply to public /{db}/_session API.

To use cors on /{db}/_session, the domain must be present in both login_origin and origin.

If configured, Authorization must be included in headers.

Value for Access-Control-Maximum-Age. Uses 0 by default.

List of allowed origins for the public API. The request Origin header is checked against these values. If successful the Origin header is returned in the HTTP response header as Access-Control-Allow-Origin.

Whether to enable the DP permissions check feature of admin auth.

Defaults to true if using Enterprise Edition or false if using Community Edition.

Whether product versions removed from Server headers and REST API responses

The TLS cert file to use for the REST APIs

The TLS key file to use for the REST APIs

The minimum allowable TLS version for the REST APIs

The maximum amount of time to wait for the next request when keep-alives are enabled.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Max of incoming HTTP connections to accept

Network interface to bind metrics API to.

By default, this will only be accessible to the localhost.

Whether the metrics API requires authentication

Network interface to bind profiling API to

Network interface to bind public API to

The amount of time allowed to read request headers.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Maximum duration before timing out read of the HTTP(S) request.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Maximum duration before timing out write of the HTTP(S) response.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Cost to use for bcrypt password hashes

Configuration settings for interacting with Couchbase Server.

Root CA cert path for TLS connection

How often to poll Couchbase Server for new config changes.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

The config group ID to use when discovering databases. Allows for non-homogenous configuration.

Password for authenticating to server

Couchbase Server connection string/URL for bootstrap configuration. The connection string should only reference Couchbase Server Data (KV) nodes. Using other node types (Query, Index, Analytics, or Search nodes) is not supported. Connection String Format Sync Gateway supports the ability to resolve DNS SRV records for alternate hostnames, or specifying multiple hostnames explicitly. See the Couchbase Go SDK documentation on DNS SRV records for more details. Sync Gateway supports both the couchbases:// for TLS and couchbase:// schemes for insecure connection. The supported schemes match that of the Couchbase Server SDKs. Examples of valid server values:

• couchbases://nodeA.example.com
• couchbase://nodeA.example.com
• couchbases://nodeA.example.com,nodeB.example.com
• couchbase://nodeA.example.com,nodeB.example.com
• couchbases://nodeA.example.com:1234,nodeB.example.com:1234
• couchbase://nodeA.example.com:1234,nodeB.example.com:1234
• couchbases://127.0.0.1
• couchbase://127.0.0.1 On startup, Sync Gateway will try all hostnames until it is able to connect successfully. Port Information When using the couchbase:// or couchbases:// schemes, the port is not required as Sync Gateway will use the default Couchbase Server client-to-node ports (11210 for couchbase:// and 11207 for couchbases://). See the Couchbase Server ports documentation for more details. Alternate Addresses If your Couchbase Server cluster is running in a containerized, port mapped, or otherwise NATd environment like Docker or Kubernetes, Sync Gateway might need more information to connect to the cluster. In many cases the client is able to automatically select the correct set of addresses. If the detection heuristic fails in your environment, it is possible to override this behavior by adding a network parameter to the connection string. The network parameter can be:
• external: Force the use alternate addresses of Couchbase Server. Used when Sync Gateway should not share network used by Couchbase Server internally.
• default: Do not allow use of alternate addresses of Couchbase Server. Used when Sync Gateway and Couchbase Server are on the same network. Example: "server": "couchbases://my-cbs-server?network=default" Will force the connection to ignore any alternative external addresses configured on the Couchbase Server node. Lost Connections If the connection to Couchbase Server is lost during normal operations, Sync Gateway will automatically re-connect to another node in the cluster.

Allow empty server CA Cert Path without attempting to use system root pool

Enforces a secure or non-secure server scheme

Username for authenticating to server.

Cert path (public key) for X.509 bucket auth

Key path (private key) for X.509 bucket auth

A map of bucket names to credentials, that can be used instead of the bootstrap ones.

The configuration for the credentials set.

Password for authenticating to the bucket. This value is always redacted.

Username for authenticating to the bucket

Cert path (public key) for X.509 bucket auth

Key path (private key) for X.509 bucket auth

A map of database name to credentials, that can be used instead of the bootstrap ones.

The configuration for the credentials set.

Password for authenticating to the bucket. This value is always redacted.

Username for authenticating to the bucket

Cert path (public key) for X.509 bucket auth

Key path (private key) for X.509 bucket auth

Threshold in bytes for automatic collection of heap profiles. If not specified, defaults to 85% of the lesser of cgroup or system memory.

Disables automatic heap profile collection.

The configuration settings for modifying Sync Gateway logging.

The path to write audit log files to

Toggle for this log output

List of enabled global audit events.

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

The size of the log collation buffer. The default is 10 if the output is stderr, or 1000 if to a file.

Log with color for the console output

Toggle for this log output

Override the default stderr output, and write to the file specified instead

Log Keys for the console output

Log Level for the console output

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files. By default, there is no rotation, max_age=0.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Debug logging configuration.

The size of the log collation buffer

Toggle for this log output

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Error logging configuration.

The size of the log collation buffer.

Toggle for this log output

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Info logging configuration.

The size of the log collation buffer

Toggle for this log output

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Absolute or relative path on the filesystem to the log file directory. A relative path is from the directory that contains the Sync Gateway executable file.

Redaction level to apply to log output.

Trace logging configuration.

The size of the log collation buffer

Toggle for this log output

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Trace logging configuration.

The size of the log collation buffer

Toggle for this log output

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Warning logging configuration.

The size of the log collation buffer

Toggle for this log output

If true, it uses the computer's local time to format the backup timestamp.

The maximum number of days to retain old log files.

The maximum size in MB of the log file before it gets rotated.

Max Size (in mb) of log files before deletion

If set, the interval at which log files are rotated, even if max_size is not reached.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Max of open file descriptors (RLIMIT_NOFILE)

BLIP data compression level (0-9)

Maximum number of changes batches to process concurrently per replication (1-5)"

Maximum number of concurrent replication connections allowed. If set to 0 this limit will be ignored.

Maximum number of revs to process concurrently per replication (5-200)

Max heartbeat value for _changes request.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Settings that are not officially supported. It is highly recommended these are not used.

Can be set to false to skip environment variable expansion in database configs

Network interface to bind diagnotic API to.

By default, this API will not be run unless this string is specified.

Whether HTTP2 support is enabled

Configuration for when SG is running in serverless mode

Run SG in to serverless mode

How long database configs should be kept for in Sync Gateway before refreshing. Set to 0 to fetch configs everytime. This is used for requested databases that SG does not know about.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

How often should stats be written to stats logs.

This is a duration and therefore can be provided with units "h", "m", "s", "ms", "us", and "ns". For example, 5 hours, 20 minutes, and 30 seconds would be 5h20m30s.

Bypass the jsoniter package and use Go's stdlib instead

Store database configurations in system xattrs