So I am learning node.js,docker and mongodb.And I have a few doubts.
I have three tasks of a service(replicas) (node.js in docker services).The service is supposed to access a mongodb database.I have two options:
Use atlas-this sounds simple to me as I am a beginner.
Use mongodb containers-Which I believe could be a little more work.
So the question is if I use MongoDB atlas and connect to the database hosted on atlas is the transfer of data between node.js and atlas secure by default?what should be done to "secure" the transfer of data between the node.js container service and the Mongodb atlas?
If I choose the second option above should all three replicas/tasks communicate with only ONE mongodb container?
is the transfer of data between node.js and atlas secure by default?
Without knowing your application environment, I can't comment about security on your side of the network.
However for MongoDB Atlas, it's using TLS/SSL and authentication (SCRAM) enabled by default (and cannot be disabled).
Traffic from clients to Atlas is authenticated and encrypted in-transit, and traffic
between the customer’s internally managed MongoDB
nodes is also authenticated and encrypted in-transit using
TLS/SSL.
Also depending on which cloud provider you would choose in Atlas (AWS, GCP, or Azure) they each provides different encryption at rest features (transparent disk encryption).
Please note that there are other security features provided by MongoDB Atlas, i.e. IP Whitelisting. See also MongoDB Atlas: Security Features and Setup and MongoDB Atlas Security Controls.
If I choose the second option above should all three replicas/tasks communicate with only ONE mongodb container?
I'm not sure I understand this question. The purpose of having a replica set is to provide High Availability (in the case of a primary failover, the other will automatically take over). Having all three nodes of replica set deployed into a single Docker container will defeat this purpose.
Related
The Problem
I am student assigned to a project to create a rudimentary social media app. We are planning to use Flutter to build the app and we are going to use MongoDB and Express for the database and API respectively. The goal is to be able to use continuous integration for our project through Fastlane and GitLab.
Initially, I thought to put the API and Flutter in separate Docker containers and to host the database on my desktop, but I realize that might not be the best solution.
The Question(s)
How should we setup the database and the server that we all have access to the same data in a database? Basically, how should we best set up our project environment to work as team, in terms of:
hosting the database?
setting up Express and Flutter for continuous integration?
If you are using MongoDB just set up a cluster on Atlas it's free as long as it's a relatively small application (up to 500MB). After you sign up, you will create a cluster, and then Atlas will give you instructions on how to connect to that cluster using node.js.
Basically all you do is throw in the link to your cluster with your configured password in your database connection link. This is all in the cloud so you can access it from anywhere after you whitelist the IP's that will be accessing it remotely. (alternatively you can whitelist all IP's which is the easier way of doing things it's just A LOT less secure.) but it's an okay option for a school project.
You can then use Heroku to host your app which allows for a custom server setup like you will have with Express.
You will need to use dotenv for heroku as well as securing your database link and password, so read up on that as well.
I have an application in mind that would be built using node, mongodb + other db, kubernetes , RabbitMQ, docker and react as a front end. The application will be built in a microservice architecture. We all know that for a monolith app all you need is one DB (MongoDB, MySQL etc etc) but for a micro one you can have multiple databases. My question would be, do I need to buy multiple, separate databases and connect each service to them ? or how does it work in a micro-services design.
At the moment a I have a sample microservices app that is running on my local machine using docker and its connected to multiple databases or database/service. I am just to trying to get an idea on how does this work with companies like DigitalOcean or AWS.
Any input on this would be great.
I am just trying to figure out how this going to work when it comes to production later so that I am ware of cost and deployments. I have done some research on Digital ocean, AWS etc etc but I still can figure out how do they work.
thanks in advance.
You don't need having multiple instances of DBMS running. You can easily use one VM with one MongoDB running on it.
When you scale you might want to have separate machines running DB instances for your services, but at start you may just separate it logically to ensure you do not communicate between services using DB.
Chris Richardson on his microservices.io website says:
There are a few different ways to keep a service’s
persistent data private. You do not need to
provision a database server for each service.
For example, if you are using a relational database
then the options are:
- Private-tables-per-service – each service owns a
set of tables that must only be accessed by that
service
- Schema-per-service – each service has a database
schema that’s private to that service
- Database-server-per-service – each service has
it’s own database server.
Source: https://microservices.io/patterns/data/database-per-service.html
I'm running a NodeJS app on GAE and I want to connect to a mongodb cluster on Atlas.
I have white-listed my IP on atlas and established a connection. All work fine on my local machine.
When deployed my app on GAE it could not connect to Atlas since the IP is not white-listed. When I white-listed all IPs on Atlas I could make a connection and everything worked fine as on my local machine
I cannot assign a static-IP to a standard GAE app, therefore I must allow access from anywhere to my cluster on Atlas, which is probably a bad idea.
What would be best solution to work with mongoDB from a GAE standard app?
Any configuration I can make to Atlas? maybe switching to mLab? or any other ideas?
App Engine applications do not have fixed IP addresses. I'm not very familiar with MongoDB Atlas, but it does look like it offers an option to run on GCP and if that runs on a Compute Engine instance what you might be able to do is use the VPC Connector to enable access between your app and your MongoDB setup.
I have a Node.js/JavaScript application deployed to Bluemix. I need my application to be able to connect to a DB2 datasource (connection string shown below).
The lexbz181112.cloud.dst.ibm.com is an IBM server running on premise.
What steps do I need to take to connect to this datasource from my application (which is running in Bluemix)? I don't want to change any of my application code in order to read/write from the database.
DRIVER={DB2};DATABASE=MYDB;HOSTNAME=lexbz181112.cloud.dst.ibm.com;UID=xxx;PWD=xxx;PORT=nnnnn;PROTOCOL=TCPIP
It is the same when you connect your application to remote database or cloud database, as long as you have hostname:port, database name and username/password.
If your application and database both on Bluemix, have you tried to bind this database service to your application directly?
The Bluemix Secure Gateway service is used in such cases. It establishes a secure, transparent bridge between your on-premises resource, in your case the DB2 server, and your cloud application. Because it is transparent to the application you don't need to change your application code. The secure connection is established from "on-prem" to the cloud, so that the on-prem administrators are in charge.
Some time I ago I wrote a sample application to walk through all the steps to create a scenario as described by you. You can find the instructions on GitHub.
If the host is reachable from the Internet you can simply access it from your application as you'd normally do, since a Bluemix application is able to connect to the Internet. The only improvement I'd do to this is to use a user provided service instance. It allows you to separate the DB connection parameters from the application code, avoiding to have those hard coded in the application.
Is it secure to have data be sent to free database at mongolab from heroku app.
Data could be like emails, and preferences.
Or do you need ssl, i've read about mongodb ssl.
I've asked around but couldn't find anything specific to mongolab.
From MongoLab's documentation:
Securing communications to your database
You should always try to place your application infrastructure and
your database in the same local network (i.e., datacenter / cloud
region), as it will be the most secure method of deployment and will
minimize latency between your application and database.
When you connect to your MongoLab database from within the same
datacenter/region, you communicate over your cloud hosting provider’s
internal network. All of our cloud hosting providers provide a good
deal of network security infrastructure to isolate tenants. The
hypervisors used do not allow VMs to read network traffic addressed to
other VMs and so no other tenant can “sniff” your traffic.
However, when you connect to your MongoLab database from a different
datacenter/region, your communications are less secure. While your
database does require username / password authentication (with
credentials that are always encrypted on the network), the rest of
your data is transmitted unencrypted over the open internet. As such
you are potentially vulnerable to others “sniffing” your traffic.
Using MongoDB with SSL connections
Available for Dedicated plans running MongoDB 2.6+ only
To further secure communications to your database, MongoLab offers
SSL-encrypted MongoDB connections on Dedicated plans running MongoDB
2.6 or later. Even when using SSL, we still recommend placing your application infrastructure and your database in the same
datacenter/region to minimize latency and add another layer of
security.
I did the same thing as you and sent email to ask mongolab for detail. I got the answer, sharing it with you and hope it can help you.
The below is the reply.
As long as your Heroku app and MongoLab database are in the same cloud
region, we consider it safe to communicate between Heroku and
MongoLab, as AWS' infrastructure prevents packet-sniffing within
regions. If you use the MongoLab addon on Heroku this is automatic,
but if you use a deployment provisioned directly at mongolab.com
you'll need to manually select the matching region.
It looks like the connection between heroku and mongolab is in the same region. Both are secured by AWS so I guesss you don't need SSL. If you need it to be very safe, you still need SSL for extra security.
Hope it can help