infra/obsidian-sync/couchdb/local.ini

# =============================================================================
# 10-livesync.ini  —  CouchDB config overrides for Obsidian Self-hosted LiveSync
# Lands in /opt/couchdb/etc/local.d/ so it overrides base defaults.
# Reference: vrtmrz/obsidian-livesync "Setup your own server" docs.
# =============================================================================

[couchdb]
# Single machine, no clustering. Required for a standalone LiveSync server.
single_node = true
# Allow large notes/attachments (50 MB). Raise if you paste big PDFs/images.
max_document_size = 50000000

[chttpd]
# Listen on all interfaces inside the container (Traefik reaches it via the net).
bind_address = 0.0.0.0
# LiveSync streams revisions in big batches; default request cap is too small.
max_http_request_size = 4294967296
# Force every request to carry valid credentials — this is CouchDB's own auth,
# i.e. the reason we do NOT also put Traefik basicAuth in front of it.
require_valid_user = true

[chttpd_auth]
require_valid_user = true

[httpd]
WWW-Authenticate = Basic realm="couchdb"
# Required in CouchDB 3.x — without this the [cors] section below is ignored.
enable_cors = true

# --- CORS -------------------------------------------------------------------
# LiveSync runs inside browsers with DIFFERENT origins:
#   desktop Obsidian -> app://obsidian.md
#   mobile Obsidian  -> capacitor://localhost
#   Ignis            -> https://notes.manohargupta.com
# So we must allow cross-origin credentialed requests from all of them.
[cors]
origins = *
credentials = true
headers = accept, authorization, content-type, origin, referer
methods = GET, PUT, POST, HEAD, DELETE
max_age = 3600