I'm running a NodeJS app on GAE and I want to connect to a mongodb cluster on Atlas.
I have white-listed my IP on atlas and established a connection. All work fine on my local machine.
When deployed my app on GAE it could not connect to Atlas since the IP is not white-listed. When I white-listed all IPs on Atlas I could make a connection and everything worked fine as on my local machine
I cannot assign a static-IP to a standard GAE app, therefore I must allow access from anywhere to my cluster on Atlas, which is probably a bad idea.
What would be best solution to work with mongoDB from a GAE standard app?
Any configuration I can make to Atlas? maybe switching to mLab? or any other ideas?
App Engine applications do not have fixed IP addresses. I'm not very familiar with MongoDB Atlas, but it does look like it offers an option to run on GCP and if that runs on a Compute Engine instance what you might be able to do is use the VPC Connector to enable access between your app and your MongoDB setup.
Related
The Problem
I am student assigned to a project to create a rudimentary social media app. We are planning to use Flutter to build the app and we are going to use MongoDB and Express for the database and API respectively. The goal is to be able to use continuous integration for our project through Fastlane and GitLab.
Initially, I thought to put the API and Flutter in separate Docker containers and to host the database on my desktop, but I realize that might not be the best solution.
The Question(s)
How should we setup the database and the server that we all have access to the same data in a database? Basically, how should we best set up our project environment to work as team, in terms of:
hosting the database?
setting up Express and Flutter for continuous integration?
If you are using MongoDB just set up a cluster on Atlas it's free as long as it's a relatively small application (up to 500MB). After you sign up, you will create a cluster, and then Atlas will give you instructions on how to connect to that cluster using node.js.
Basically all you do is throw in the link to your cluster with your configured password in your database connection link. This is all in the cloud so you can access it from anywhere after you whitelist the IP's that will be accessing it remotely. (alternatively you can whitelist all IP's which is the easier way of doing things it's just A LOT less secure.) but it's an okay option for a school project.
You can then use Heroku to host your app which allows for a custom server setup like you will have with Express.
You will need to use dotenv for heroku as well as securing your database link and password, so read up on that as well.
I'm deploying a Node/React app to DigitalOcean Apps(similar to Heroku) and a Database to MongoDB Atlas. DigitalOcean do not provide external fixed IP addresses.
I want to secure the connection between the Server and database. Obviously I can't use the whitelist feature, since my server doesn't have a fixed IP.
My questions are:
Can I allow the database to be accessed from anywhere if I put my app to production?
What can I do to fix this problem? -how can I secure the connection in my server-database setup?
I am a newbee to Google Cloud, however, I setup the project based on Standard App Engine based for my Node.JS application. I downloaded the code from GIT and able to deploy. In my code, it tries to make a Mongo connection to my Replication Server that is hosted at Atlas MongoDB (I guess it's on AWS EC2 instance). I have access control enabled so only server to server with known IPs can connect to my MongoDB.
Obviously I was expecting the connection from my freshly deployed app to fail. So to remediate I want to add the external IP of the instance from Google Cloud (whatever is the Public IP that is seen) to Mongo Network Access. I tried a few IP address I thought are the right ones but it's not working. I see the connection is trying to make to Atlas but it's failing because I am not sure what Public IP address is seen from AppEngine (Docker Instance?)where my app is running.
I tried 0.0.0.0/0 - open to all clients and my app works just fine, however I definitely don't want to open MongoDB access to entire world. If anybody knows more about Google Cloud please help.
Thanks in advance for replying if you have important info to share.
Google App Engine doesn't have an External/Static IP that you can refer. This can be achieved by using a VM on Google Compute Engine that has an External IP with proxy to your App Engine.
Besides that, there is a Feature Request open for this to be checked by Google that you can access here:
Provide static IP for outbound urlfetch requests
Besides that, you can access the documentation Static IP Addresses and App Engine apps, to find out more information on options already available on App Engine.
Please, let me know if the information helped you.
I am trying to connect to MongoDB atlas from elastic beanstalk using a Node.js app. on Mongo atlas, I opened the connection publicly for testing reasons (added 0.0.0.0/0 to the whitelist) and AWS security group allows all traffic.
I still can connect to MongoDB atlas from my localhost but not from AWS EBS.
Even I have faced the same issue and it solves by restart the aws elastic beanstalk instance.
Actually, we open do MongoClient.connect once when your app boots up
and reuse the db object. It's not a singleton connection pool each
.connect creates a new connection pool.
So for that purpose, we have to restart the instance and it will work but for the security purpose, we can try VPC Peering for MongoDB Atlas.
Hope this will help some one else..!!
So I am learning node.js,docker and mongodb.And I have a few doubts.
I have three tasks of a service(replicas) (node.js in docker services).The service is supposed to access a mongodb database.I have two options:
Use atlas-this sounds simple to me as I am a beginner.
Use mongodb containers-Which I believe could be a little more work.
So the question is if I use MongoDB atlas and connect to the database hosted on atlas is the transfer of data between node.js and atlas secure by default?what should be done to "secure" the transfer of data between the node.js container service and the Mongodb atlas?
If I choose the second option above should all three replicas/tasks communicate with only ONE mongodb container?
is the transfer of data between node.js and atlas secure by default?
Without knowing your application environment, I can't comment about security on your side of the network.
However for MongoDB Atlas, it's using TLS/SSL and authentication (SCRAM) enabled by default (and cannot be disabled).
Traffic from clients to Atlas is authenticated and encrypted in-transit, and traffic
between the customer’s internally managed MongoDB
nodes is also authenticated and encrypted in-transit using
TLS/SSL.
Also depending on which cloud provider you would choose in Atlas (AWS, GCP, or Azure) they each provides different encryption at rest features (transparent disk encryption).
Please note that there are other security features provided by MongoDB Atlas, i.e. IP Whitelisting. See also MongoDB Atlas: Security Features and Setup and MongoDB Atlas Security Controls.
If I choose the second option above should all three replicas/tasks communicate with only ONE mongodb container?
I'm not sure I understand this question. The purpose of having a replica set is to provide High Availability (in the case of a primary failover, the other will automatically take over). Having all three nodes of replica set deployed into a single Docker container will defeat this purpose.