So we've accumulated enough applications in our network that use MongoDB to justify building a dedicated server specifically for MongoDB. Unfortunately, I'm pretty new to mongodb (coming from SQL/MySQL derivatives). I have followed several guides on installing and configuring mongodb for my environment. None are perfect, but I think I'm close... I've have managed to get to a point that I can connect to the db server from the local server using the following command:
mongo -u user 127.0.0.1/admin
However, I'm NOT able to connect to the server using this from either the local OR a remote computer using it's network address, IE:
mongo -u user 192.168.24.102/admin
I've tried both with authentication enabled and disabled, and I've tried setting the bindIP to 192.168.24.102 and 0.0.0.0 with no love. Thinking it was a Firewall issue, I disabled the firewall entirely... same. no love...
so what's the secret sauce? how do I connect to a MongoDB server remotely?
Some notes to know: This server is on a local network only. There will be some NAT shenanigans at some point directing public traffic to it from remote application servers, but only specific ports (we will NOT be using 27017 when that happens) and it will sit behind a pretty robust firewall appliance, so I'm not worried about securing the server as I about securing MongoDB itself.
This answer assume a setup where a Linux server is completely remote and has MongoDB already installed.
Steps:
1. Connect to your remote server over SSH.
ssh <userName>#<server-IP-address>
2. Start Mongo shell and add users to MongoDB.
Add the admin;
use admin
db.createUser(
{
user: "AdminSammy",
pwd: "AdminSammy'sSecurePassword",
roles: [
{"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"}
]
}
)
Then add general user/users. Users are added to specific databases.
use some_db
db.createUser({
user: 'userName',
pwd: 'secretPassword',
roles: [{ role: 'readWrite', db:'some_db'}]
})
3. Edit your MongoDB config file, mongod.conf, that is found in etc directory.
sudo vim /etc/mongod.conf
Scroll down to the #security: section and add the following line. Make sure to un-comment the security: line.
security:
authorization: 'enabled'
After authorization has been enabled only those authenticated with password will access the database. In this case these are the ones added in step 2 above.
Note: Visual Studio code can also be used over SSH to edit the mongo.conf file.
4. Add remote server's IP address to mongod.conf file.
Look for the net line and add the IP address of the server that is hosting this MongoDB installation, example 178.45.55.88
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1, 178.45.55.88
5. Open port 27017 on your server instance.
This allows access to your MongoDB server from anywhere in the world to anyone who knows your remote server IP address. This is one reason to have authenticated users. More robust ways of handling security are really important! Consult MongoDB manual for that.
Check firewall status using ufw.
sudo ufw status
If its not active, activate it.
sudo ufw enable
Then,
sudo ufw allow 27017
Important: You also need to allow port 22 for your SSH communication with your remote server. Otherwise you will be locked out from your remote server. Assumption here is that SSH uses port 22 for communication, the default.
sudo ufw allow 22
6. Restart Mongo daemon (mongod)
sudo systemctl restart mongod
7. Connect to remote Mongo server using Mongo shell
You can now connect to the remote MongoDB server using the following command.
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port>
You can also connect to the remote MongoDB server with authentication:
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port> --authenticationDatabase <auth-db-name>
You can also connect to a specific remote MongoDB database with authentication:
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port>/<db-name> --authenticationDatabase <auth-db-name>
At this moment you can read and write within the some_db database from your local computer without ssh.
Important: Put into consideration the standard security measures for any database. Local security practices should guide what to do at any of the above steps.
Related
I have back-end created in nodejs hosted on Debian server using postgres 14.
the Nodejs listenning on port 5000, and when I try to connect to postgres using port 5432, I am getting the following reponse from Postman:
"Password is invalid".
I was trying the postgres role, and to create a new role, and problem is the same.
I was installing postgres on my Windows 10 computer, and all works fine in my localhost, but on the remote server not.
My Nodejs back-end, and postgres are on the same computer, but each role I've tryed won't connect to the database.
There is pg_hba.conf in /etc/postgres/14 on your server you have to add:
host username database 0.0.0.0/0 md5
This would allow connection to database from any host to username using password authentication.
Also there is a pg.conf or postgres conf
There is line allow_connections the value should be '*'
allow_connections='*'
This would generally allow connections to postgres running on that server
Guide https://coderwall.com/p/cr2a1a/allowing-remote-connections-to-your-postgresql-vps-installation
don’t forget you have to reload postgres after config change:
systemctl reload postgres
Configuration: Server: Ubuntu server 16.04 LTS using webmin
Terminal: Windows 7 Using PgAmin III
I was unable to establish the connection between my terminal and my server through pgAdmin III on port 5432.
On my server I added:
in file postgresql.conf I edited
in #Connection Settings
listen_addresses = '*'
in file pg_hba.conf I added
in #IPv4 local connections
host all all 172.x.x.x/32 md5 //this is IP Terminal (Hidden x)
I checked the port, this is 5432 default and user is postgres
When I try to establish the connection on PgAdmin III:
Host: //My Server IP (Ping console successful)
Port: 5432
username: postgres
password: //My password
Show me the following message:
Server doesn't listen
The server doesn't accept connections: the connection library reports
could not connect to server: Connection refused (0x0000274D/10061) Is the server running on host "Mi SERVER IP Hidden" and accepting TCP/IP connections on port 5432?
If you encounter this message, please check if the server you're trying to contact is actually running PostgreSQL on the given port. Test if you have network connectivity from your client to the server host using ping or equivalent tools. Is your network / VPN / SSH tunnel / firewall configured correctly?
For security reasons, PostgreSQL does not listen on all available IP addresses on the server machine initially. In order to access the server over the network, you need to enable listening on the address first.
For PostgreSQL servers starting with version 8.0, this is controlled using the "listen_addresses" parameter in the postgresql.conf file. Here, you can enter a list of IP addresses the server should listen on, or simply use '*' to listen on all available IP addresses. For earlier servers (Version 7.3 or 7.4), you'll need to set the "tcpip_socket" parameter to 'true'.
You can use the postgresql.conf editor that is built into pgAdmin III to edit the postgresql.conf configuration file. After changing this file, you need to restart the server process to make the setting effective.
If you double-checked your configuration but still get this error message, it's still unlikely that you encounter a fatal PostgreSQL misbehaviour. You probably have some low level network connectivity problems (e.g. firewall configuration). Please check this thoroughly before reporting a bug to the PostgreSQL community.
I have MongoDB 3.2 installed on my Linux Red Hat server.
I am starting to access it and looking at the mongo Shell instructions.
For a Windows machine, the instructions want me to get to the command prompt and change dirs to the installation directory. The problem is, MongoDB is installed on my web server and not my local windows machine.
Question: does Mongo Shell apply to me then? How do I start using, connecting and accessing Mongo from my Windows and Mac machines?
[Note: I am a traditional MySQL / phpMyAdmin developer looking to advance to MongoDB]
Amendments:
(1) With the help of #AlexBlex I am progressing to trying to connect to my MongoDB on my server from Robomongo on my windows client. I get the following error when trying to setup my connection. I tried the address with just my server ip and with http://{my server ip}. Neither worked. See screen shot of error
(2) This is what I have in my current mongod.conf file:
#port=27017
bind_ip=127.0.0.1
(3) here is what my connection settings look like. Oddly, #AlexBlex's solution below shows an SSH tab on his Mac version. The Windows and Mac versions I just installed lacks that tab.
If you install MongoDB on your local machine, you can use the Mongo shell like below to connect to your remote server
mongo yourserver:27017/database
You will have to configure your Mongo server to allow remote connections. In order to achieve this you need to have the following line in your /etc/mongodb.conf file. You need to replace 10.0.0.2 with the ip address of your client machine.
bind_ip = 127.0.0.1,10.0.0.2
You need either ssh to the server where mongodb is installed, or install mongodb on local machine.
For robomongo to connect to remote host you need to ssh to the server, and check it listens on external interface:
lsof -i | grep 27017
In case it is bound to localhost only, you need to edit a line with bind_ip in /etc/mongodb.conf and restart the service.
I would recommend to keep it listening on the local interface only for security reasons, and use ssh tunnelling to connect:
I found the answer. #ShahNewasKhan is brilliant. See How to connect Robomongo to MongoDB
All you need to do is SSH to server and edit mongod.conf file:
uncomment #port=27017 to port=27017
comment bind_ip=127.0.0.1 to #bind_ip=127.0.0.1
restart mongodb via service mongod restart
Then create a mongo connection via your server ip in the address field and 27017 in the port field
Hope this helps mongo newbies and start-ups like me :) Good luck.
Now I just need to figure out how to make this secure. My concern is that anyone who knows my server ip can hack into my MongoDB
I'm having an issue with PostgreSQL
anytime I run
psql -h localhost
I get
psql: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
A. First make sure PostgreSQL server has been started to remote server.
# /etc/init.d/postgresql start
If it is running and you get above error, you need to add enable TCP/IP support. By default, the PostgreSQL server only allows connections to the database from the local machine or localhost. This is a security feature.
Step # 1: Allow remote IP address to access PostgreSQL
You need to open file called /var/lib/pgsql/data/pg_hba.conf. Login as postgres user using su command:
$ su - postgres
$ vi /var/lib/pgsql/data/pg_hba.conf
Now append following line. Let us say you would like to give access to 192.168.1.0/24 network:
host all all 192.168.1.0 255.255.255.0 trust
Please replace 192.168.1.0 and 255.255.255.0 to reflect the actual network IP address range of the clients system in your own network.
Save close the file.
Step # 2: Allow communication over TCP/IP
You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf
$ vi /var/lib/pgsql/data/postgresql.conf
Now bind and open TCP/IP port by setting tcpip_socket to true:
tcpip_socket = true
Save and close the file.
Step # 3: Restart PostgreSQL server
Restart the PostgreSQL server with the following command
# /etc/init.d/postgresql restart
This will open default port 5432.
Step # 4: Test your setup
Use psql command from client system as follows:
psql -h PostgreSQL-IP-ADDRESS -U USERNAME -d DATABASENAME
Connect to remote server by IP address 192.168.1.5 and login using vivek user to connect to sales database, use:
$ psql -h 192.168.1.5 -U vivek -d sales
Where,
-h 192.168.1.5 : Specifies the host name of the machine or IP address (192.168.1.5) on which the server is running.
-U vivek : Connect to the database as the vivek username instead of the default. You must have account and permission to connect as vivek user.
-d sales : Specifies the name of the database (sales) to connect to.
For anyone reading this and using Postgres.app, you may need host: localhost in your database.yml. http://postgresapp.com/documentation#toc_3
i've got another question for you.
I have Amazon EC2 instance with mondodb installed.
It works great except one thing - i can't access (connect to) it from outside (my PC).
I think the problem with Security Groups. It's some sort of default firewall.
Does anyone know how to configure EC2 instance to have access to mongodb?
Thanks in advance.
Think carefully before doing this. If you open the ports, make sure you restrict the IP numbers that can access it, otherwise anyone will be able to access your database. You can enable authentication in MongoDB, but it's not particularly safe, just a username and password. You should not have your database open to the internet, it is not a good idea.
A better way than opening up ports in the EC2 firewall is to open an SSH tunnel an forward the port, this makes sure that only you can access the database, and only while the SSH tunnel is active.
Open up a new terminal and run this command (replacing user and host with the user you use when SSH'ing to your server and the name of the server):
ssh user#host -N -L 27017:127.0.0.1:27017
The command will forward the port 27017 on your computer to the same port on the server. To connect to the MongoDB instance simply run mongo in a terminal (if that doesn't work, try mongo --host 127.0.0.1 or even mongo --host 127.0.0.1 --port 27017).
If you run MongoDB on your local machine you will have to change the first port, since the local server is already using it. In that case run this command instead:
ssh user#host -N -L 27018:127.0.0.1:27017
and then connect with
mongo --port 27018
(possibly adding --host 127.0.0.1 if it doesn't work).
When you're done working with the database, exit mongo and press ctrl-C in the terminal with the SSH command.
You need to add a security group exception for the port 27017 if you are using default config for you to access it from outside. For security group configuration, please check the amazon EC2 documentation. And if you are using a different port on Mongo, change the security group port accordingly.
--Sai
Is your EC2 instance a Windows server by any chance? If so, in addition to EC2's Security Groups you also need to configure Windows Firewall to allow the incoming connection.
Go To Administrative Tools, Windows Firewall with Advanced Security, and configure a new Rule that allows incoming connections on port 27017 (the default mongo port) or whatever port you've chosen.