I have MongoDB 3.2 installed on my Linux Red Hat server.
I am starting to access it and looking at the mongo Shell instructions.
For a Windows machine, the instructions want me to get to the command prompt and change dirs to the installation directory. The problem is, MongoDB is installed on my web server and not my local windows machine.
Question: does Mongo Shell apply to me then? How do I start using, connecting and accessing Mongo from my Windows and Mac machines?
[Note: I am a traditional MySQL / phpMyAdmin developer looking to advance to MongoDB]
Amendments:
(1) With the help of #AlexBlex I am progressing to trying to connect to my MongoDB on my server from Robomongo on my windows client. I get the following error when trying to setup my connection. I tried the address with just my server ip and with http://{my server ip}. Neither worked. See screen shot of error
(2) This is what I have in my current mongod.conf file:
#port=27017
bind_ip=127.0.0.1
(3) here is what my connection settings look like. Oddly, #AlexBlex's solution below shows an SSH tab on his Mac version. The Windows and Mac versions I just installed lacks that tab.
If you install MongoDB on your local machine, you can use the Mongo shell like below to connect to your remote server
mongo yourserver:27017/database
You will have to configure your Mongo server to allow remote connections. In order to achieve this you need to have the following line in your /etc/mongodb.conf file. You need to replace 10.0.0.2 with the ip address of your client machine.
bind_ip = 127.0.0.1,10.0.0.2
You need either ssh to the server where mongodb is installed, or install mongodb on local machine.
For robomongo to connect to remote host you need to ssh to the server, and check it listens on external interface:
lsof -i | grep 27017
In case it is bound to localhost only, you need to edit a line with bind_ip in /etc/mongodb.conf and restart the service.
I would recommend to keep it listening on the local interface only for security reasons, and use ssh tunnelling to connect:
I found the answer. #ShahNewasKhan is brilliant. See How to connect Robomongo to MongoDB
All you need to do is SSH to server and edit mongod.conf file:
uncomment #port=27017 to port=27017
comment bind_ip=127.0.0.1 to #bind_ip=127.0.0.1
restart mongodb via service mongod restart
Then create a mongo connection via your server ip in the address field and 27017 in the port field
Hope this helps mongo newbies and start-ups like me :) Good luck.
Now I just need to figure out how to make this secure. My concern is that anyone who knows my server ip can hack into my MongoDB
Related
So we've accumulated enough applications in our network that use MongoDB to justify building a dedicated server specifically for MongoDB. Unfortunately, I'm pretty new to mongodb (coming from SQL/MySQL derivatives). I have followed several guides on installing and configuring mongodb for my environment. None are perfect, but I think I'm close... I've have managed to get to a point that I can connect to the db server from the local server using the following command:
mongo -u user 127.0.0.1/admin
However, I'm NOT able to connect to the server using this from either the local OR a remote computer using it's network address, IE:
mongo -u user 192.168.24.102/admin
I've tried both with authentication enabled and disabled, and I've tried setting the bindIP to 192.168.24.102 and 0.0.0.0 with no love. Thinking it was a Firewall issue, I disabled the firewall entirely... same. no love...
so what's the secret sauce? how do I connect to a MongoDB server remotely?
Some notes to know: This server is on a local network only. There will be some NAT shenanigans at some point directing public traffic to it from remote application servers, but only specific ports (we will NOT be using 27017 when that happens) and it will sit behind a pretty robust firewall appliance, so I'm not worried about securing the server as I about securing MongoDB itself.
This answer assume a setup where a Linux server is completely remote and has MongoDB already installed.
Steps:
1. Connect to your remote server over SSH.
ssh <userName>#<server-IP-address>
2. Start Mongo shell and add users to MongoDB.
Add the admin;
use admin
db.createUser(
{
user: "AdminSammy",
pwd: "AdminSammy'sSecurePassword",
roles: [
{"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"}
]
}
)
Then add general user/users. Users are added to specific databases.
use some_db
db.createUser({
user: 'userName',
pwd: 'secretPassword',
roles: [{ role: 'readWrite', db:'some_db'}]
})
3. Edit your MongoDB config file, mongod.conf, that is found in etc directory.
sudo vim /etc/mongod.conf
Scroll down to the #security: section and add the following line. Make sure to un-comment the security: line.
security:
authorization: 'enabled'
After authorization has been enabled only those authenticated with password will access the database. In this case these are the ones added in step 2 above.
Note: Visual Studio code can also be used over SSH to edit the mongo.conf file.
4. Add remote server's IP address to mongod.conf file.
Look for the net line and add the IP address of the server that is hosting this MongoDB installation, example 178.45.55.88
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1, 178.45.55.88
5. Open port 27017 on your server instance.
This allows access to your MongoDB server from anywhere in the world to anyone who knows your remote server IP address. This is one reason to have authenticated users. More robust ways of handling security are really important! Consult MongoDB manual for that.
Check firewall status using ufw.
sudo ufw status
If its not active, activate it.
sudo ufw enable
Then,
sudo ufw allow 27017
Important: You also need to allow port 22 for your SSH communication with your remote server. Otherwise you will be locked out from your remote server. Assumption here is that SSH uses port 22 for communication, the default.
sudo ufw allow 22
6. Restart Mongo daemon (mongod)
sudo systemctl restart mongod
7. Connect to remote Mongo server using Mongo shell
You can now connect to the remote MongoDB server using the following command.
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port>
You can also connect to the remote MongoDB server with authentication:
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port> --authenticationDatabase <auth-db-name>
You can also connect to a specific remote MongoDB database with authentication:
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port>/<db-name> --authenticationDatabase <auth-db-name>
At this moment you can read and write within the some_db database from your local computer without ssh.
Important: Put into consideration the standard security measures for any database. Local security practices should guide what to do at any of the above steps.
I am using MongoDB v3.6.3 on macOS, installed via home-brew. I have used almost every possible way to make my MongoDB server accessible on local network, but to no avail. I have:
Turned off firewall on both machines
Edited \etc\mongod.conf file to add bindIP.
used options-> bind_ip, bind_ip_all (127.0.0.1, 0.0.0.0, other machine's address)
As a matter of fact, also, my redis-server is not accessible on network.
I believe there is a common issue in between this.
I have tried the above mentioned solutions on macOS High Sierra, Ubuntu 16, Windows 10.
I have been facing the same error.
You could allow external access using the following parameters when starting your server:
mongod --bind_ip_all // Allow any ip
or
mongod --bind_ip <your_ip_here>
Open MongoDB config file.
Add the below command in that file(mongod.conf) and save it.
Mac config file location is : /usr/local/etc/mongod.conf
net:
bindIp: 0.0.0.0
Important Note: Once saved please restart the MongoDB services then only it will work.
Apologize in front, maybe the situation here is a bit complicated. I searched everywhere online but couldn't find a perfect solution, plus I have tried almost all the solutions mentioned in other posts.
Situation:
So I have a postgreSQL database installed in a Ubuntu system. The system is actually a virtual machine on the VMware workstation 12, which is installed on Windows 7 professional. Now I am trying to remotely access the postgreSQL database through my MacBook pro 2013.
In the Mac terminal, the command line I tried is:
psql -U postgres -h xxx.xxx.xxx.xx
"xxx.xxx.xxx.xx" represents the IP address of the Windows 7 machine. The result is a failure:
psql: could not connect to server: Operation timed out
Is the server running on host "169.254.121.2" and accepting
TCP/IP connections on port 5432?
What I have done:
Edited the pg_hba.conf file to include
host all all 0.0.0.0/0 md5
Edited the postgresql.conf to include
listen_addresses='*'
Restarted postgres service.
Disabled firewall on the host.
I checked by running the psql command locally and it worked. Also, on the same VMware I have other Ubuntu systems. They are all fine to connect and access the data in this Ubuntu system.
Running Nmap, the output is
PORT STATE SERVICE
5432/TCP open postgresql
What's next? Anything else I can try? Any advice is highly appreciated and please let me know if anything above is ambiguous. I will clarify for better diagnosis. Thank you all!
Somehow managed to get it working..
So when I ran "Nmap" on the other Ubuntu system towards this one, it does shows
PORT STATE SERVICE
5432/TCP open postgresql
However, when I ran "Nmap" on my Mac, it's a different port, 3389, which is mainly used for Windows remote desktop. So what I did was to check the network configuration of this Ubuntu virtual machine from "bridged" to "NAT" and did a port forwarding to 5432. It is working fine now..
I read in some places saying that VMware favors bridged whereas VirtualBox favors NAT+port forwarding. I am quite confused as it is certain not the case in my situation. Maybe I am wrong.
I use Robo 3T as a UI tool for MongoDB on a Windows 8 machine. Now I've deployed the DB to production on a Ubuntu 14 server in Amazon EC2 cloud. When I try to connect from the Windows machine to the Ubuntu one via Robo 3T, I receive the following error:
Cannot connect to the MongoDB at [http://12.345.678.90]:27017.
Error: No unix socket support on windows
Is that a problem I need to fix on my computer by installing something? or it's an issue of Mongo 3T?
If it's an issue on my Windows, what do I have to install in order to make it work?
If it's a Mongo 3T issue, do you know another UI that does support connecting from Windows to Ubuntu?
Perhaps an EC2 solution?
Or maybe some settings I need to change in Robo 3T?
I've tried changing "http" to "mongodb" to no avail. I've also tried removing the protocol prefix as suggested here but I ended up with the error:
Cannot connect to the MongoDB at 12.345.678.90:27017.
Error: Network is unreachable.
Do you have a bindIP setting in your mongo configuration file? Probably that can cause the error.
Either remove the bindIp configuration or allow your IP to access mongo server.
(restart your service after changes the configuration).
i've got another question for you.
I have Amazon EC2 instance with mondodb installed.
It works great except one thing - i can't access (connect to) it from outside (my PC).
I think the problem with Security Groups. It's some sort of default firewall.
Does anyone know how to configure EC2 instance to have access to mongodb?
Thanks in advance.
Think carefully before doing this. If you open the ports, make sure you restrict the IP numbers that can access it, otherwise anyone will be able to access your database. You can enable authentication in MongoDB, but it's not particularly safe, just a username and password. You should not have your database open to the internet, it is not a good idea.
A better way than opening up ports in the EC2 firewall is to open an SSH tunnel an forward the port, this makes sure that only you can access the database, and only while the SSH tunnel is active.
Open up a new terminal and run this command (replacing user and host with the user you use when SSH'ing to your server and the name of the server):
ssh user#host -N -L 27017:127.0.0.1:27017
The command will forward the port 27017 on your computer to the same port on the server. To connect to the MongoDB instance simply run mongo in a terminal (if that doesn't work, try mongo --host 127.0.0.1 or even mongo --host 127.0.0.1 --port 27017).
If you run MongoDB on your local machine you will have to change the first port, since the local server is already using it. In that case run this command instead:
ssh user#host -N -L 27018:127.0.0.1:27017
and then connect with
mongo --port 27018
(possibly adding --host 127.0.0.1 if it doesn't work).
When you're done working with the database, exit mongo and press ctrl-C in the terminal with the SSH command.
You need to add a security group exception for the port 27017 if you are using default config for you to access it from outside. For security group configuration, please check the amazon EC2 documentation. And if you are using a different port on Mongo, change the security group port accordingly.
--Sai
Is your EC2 instance a Windows server by any chance? If so, in addition to EC2's Security Groups you also need to configure Windows Firewall to allow the incoming connection.
Go To Administrative Tools, Windows Firewall with Advanced Security, and configure a new Rule that allows incoming connections on port 27017 (the default mongo port) or whatever port you've chosen.