I have a Linode server running Ubuntu 12.04 LTS and MongoDB instance (service is running and CAN connect locally) that I can't connect to from an outside source.
I have added these two rules to my IP tables, where < ip address > is the server I want to connect FROM (as outlined in this MongoDB reference):
iptables -A INPUT -s < ip-address > -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -d < ip-address > -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT
And I see the rule in my IP table allowing connections on 27017 to and from < ip address > however when I try to connect from , < ip address > to my mongo database using a command like this:
mongo databasedomain/databasename -u username -p password
I get this error:
2014-07-22T23:54:03.093+0000 warning: Failed to connect to databaseserverip:27017, reason: errno:111 Connection refused
2014-07-22T23:54:03.094+0000 Error: couldn't connect to server < ip address >:27017 (databaseserverip), connection attempt failed at src/mongo/shell/mongo.js:148
exception: connect failed
Any help is VERY APPRECIATED!!!! Thanks!!!
Thanks for the help everyone!
Turns out that it was an iptable conflict. Two rules listing the port open (which resulted in a closed port).
However, one of the comments by aka and another by manu2013 were problems that I would have run into, if not for the conflict.
So! Always remember to edit the /etc/mongod.conf file and set your bind_ip = 0.0.0.0 in order to make connections externally.
Also, make sure that you don't have conflicting rules in your iptable for the port mongo wants (see link on mongodb's site to set up your iptables properly).
Try the following:
sudo rm /var/lib/mongodb/mongod.lock
sudo service mongodb restart
These commands fixed the issue for me,
sudo rm /var/lib/mongodb/mongod.lock
sudo mongod --repair
sudo service mongod start
sudo service mongod status
If you are behind proxy, use:-
export http_proxy="http://username:password#company.com:port/"
export https_proxy="http://username:password#company.com:port/"
Reference: https://stackoverflow.com/a/24410282/4359237
For Ubuntu Server 15.04 and 16.04 you need execute only this command
sudo apt-get install --reinstall mongodb
I Didn't have a /data/db directory. I created one and gave a chmod 777 permission and it worked for me
For me, changing the ownership of /var/lib/mongodb and /tmp/mongodb-27017.sock to mongodb was the way to go.
Just do:
sudo chown -R mongodb:mongodb /var/lib/mongodb
and then:
sudo chown mongodb:mongodb /tmp/mongodb-27017.sock
and then start or restart the mongodb server:
sudo systemctl start mongod
or
sudo systemctl restart mongod
and check the status
sudo systemctl status mongod
One other option is to just repair your database like so (note: db0 directory should be pre-created first):
mongod --dbpath /var/lib/mongodb/ --repairpath /var/lib/mongodb/db0
This is also an acceptable option in production environments...
I also had the same issue.Make a directory in dbpath.In my case there wasn't a directory in /data/db .So i created one.Now its working.Make sure to give permission to that directory.
In my case previous version was 3.2. I have upgraded to 3.6 but data files was not compatible to new version so I removed all data files as it was not usable for me and its works.
You can check logs using /var/log/mongodb
I follow this tutorial's instructions for installation
How to Install MongoDB on Ubuntu 16.04
I had the same mistake. Finally, I found out that I needed to set the port number
The default port number for the mongo command is 27017
But the default port number in mongo.conf is 29999
This done the trick for me
sudo service mongod restart
Even though the port is open, MongoDB is currently only listening on the local address 127.0.0.1. To allow remote connections, add your server’s publicly-routable IP address to the mongod.conf file.
Open the MongoDB configuration file in your editor:
sudo nano /etc/mongodb.conf
Add your server’s IP address to the bindIP value:
...
logappend=true
bind_ip = 127.0.0.1,your_server_ip
#port = 27017
...
Note that now everybody who has the username and password can login to your DB and you want to avoid this by restrict the connection only for specific IP's. This can be done using Firewall (read about UFW service at Google). But in short this should be something like this:
sudo ufw allow from YOUR_IP to any port 27017
Related
I try to access my node.js server running on Ubuntu. My PC is connected with TP-link router. Now, I want to access node services from other IP(not from my local host or local IPs). What can I do? I used following code.
Note: This server works fine and accessible from local IP but can't access from my public IP
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
You have to use :-
iptables -A OUTPUT -p tcp --sport 8080 -j ACCEPT
for the outgoing rule (not dport). Apart from that, maybe there's an earlier rule that blocks the traffic? Try iptables -L.
Ubuntu have very good firewall and default system is not allow to external IP to response
In express and node js or any server like that
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
It will work on your IP, localhost and public IP
but on external IP can't access it
first of all replace
localhost -> 0.0.0.0
when you want to run frontend and backend simultaneously
then it is better to use public IP directly instead of 0.0.0.0
If you are using ubuntu then we need to change in firewall settings using ufw
UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with apt-get:
sudo apt-get install ufw
then
sudo nano /etc/default/ufw
check this line and make it yes
IPV6=yes
save file using Ctrl-X to exit the file, then shift + y to save the changes that you made, then ENTER
At any time, you can check the status of UFW with this command:
sudo ufw status verbose
By default, UFW is disabled so you should see something like this:
Output:
Status: inactive
Not most important point
sudo ufw allow portNumber // here portNumber is port-number in integer
in your case
sudo ufw allow 6000
and allow
sudo ufw allow http
for more rules and firewall on ubuntu click here
I was struggling to get connected to the Docker API running on a RedHat 7.1 VM, the docker API is running on both a TCP port and a UNIX socket.
To configure this I set -H OPTIONS as follows:
OPTIONS='--selinux-enabled -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock'
in the file:
/etc/sysconfig/docker
Running the docker client on the same box, it connected OK to the docker daemon via either communication path:
docker images
or
docker -H=tcp://127.0.0.1:2375 images
both work equally well.
I was unable to get any sense out of it from another box, I figured the first thing to do would be to prove I can connect to port 2375 from elsewhere. I was having no joy when I tried:
telnet 10.30.144.66 2375
I figured it must be a firewall problem but it took a while longer before I realised it was the firewall built into Linux.
To make 2375 accessable:
Use one of the following depending on your distro
sudo firewall-cmd --zone=public --add-port=2375/tcp --permanent
sudo firewall-cmd --reload
OR
sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 2375 -j ACCEPT
sudo /sbin/service iptables save
I was facing similar problem when my IntelliJ IDE was not able to connect docker engine API installed on RHEL.
It got resolved with following:
firewall-cmd --add-port=2376/tcp --permanent
firewall-cmd --reload
systemctl restart docker
I've downloaded MMS by using this command
curl -OL https://mms.mongodb.com/download/agent/monitoring/mongodb-mms-monitoring-agent_latest_amd64.deb
Installed it by using sudo
sudo dpkg -i mongodb-mms-monitoring-agent_latest_amd64.deb
And edited /monitoring-agent.config file which located in
/etc/mongodb-mms
It was working Just fine Until I've started my mongod rplSet by adding --Fork flag, and by using this command
sudo mongod --fork --port 27017 --dbpath /mydbpath --logpath /mylogpath/mongodb.log --replSet Rplname
After starting the services using the above command, my MMS started showing that the host is Unreachable, and that following msg, in all of the members.
Task failure `hostIpAddr`. Err: `Failure determining IPv4 address for `myDnsAdd.cloudapp.net`. Err: `myDnsAdd.cloudapp.net: no such host` at monitoring-agent/components/task.go:221 at monitoring-agent/components/worker.go:153 at monitoring-agent/components/worker.go:224 at monitoring-agent/components/worker.go:236 at pkg/runtime/proc.c:1445`
I've edited the hosts file, and added the hosts ips and hostnames.
Opened the 443 port, and tried to start mmms with --system flag like this
sudo start mongodb-mms-monitoring-agent --system
But still, Host is Unreachable. I got access list on the mongoport (:27017) is it beacuse of this? if so what IP should I add to that access list?
Best,
If your OS is Ubuntu 14.04, then this link should be interesting for you:
https://jira.mongodb.org/browse/MMS-2202
Basically it says that it is a bug in glibc and the solution for this guy was to update Ubuntu to version 14.10.
I have a standard MySQL Server running on Red hat 5.7. I have edited /etc/my.cnf to specify the bind address as my server's public IP address.
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks ;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
bind-address=171.67.88.25
port=3306
And I have also restarted my firewall
sudo /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
/sbin/service iptables save
When connecting from a remote computer, I issue
mysql -u jeffrey -p --host=171.67.88.25 --port=3306 --socket=/var/lib/mysql/mysql.sock
but receive an error:
ERROR 2003 (HY000): Can't connect to MySQL server on '171.67.88.25' (113).
Does anyone know why this is? I have also asked the network administrator to open port 3306 for this box
I'm using the npm package express version 2.5.2 with node version .0.6.5. I appear to be running bash version 4.1.5 on Debian 4.4.5.
I'm trying to run my server in production mode but it still runs in development mode.
I run these commands in my bash shell:
$ export NODE_ENV=production
$ echo $NODE_ENV
production
$ sudo echo $NODE_ENV
production
$ sudo node bootstrap.js
I have this code inside bootstrap.js:
var bootstrap_app = module.exports = express.createServer();
//...
console.log(bootstrap_app.settings.env);
and here's what I see printed to standard out:
development
Is this a problem with my usage, or my system?
EDIT:
Thanks to ThiefMaster for his properly identifying that this issue stems from my running node as root. ThiefMaster suggested using iptables to forward from port 80 to an unprivileged port, but my system gives me an error. Moving this discussion to superuser.com or serverfault.com (link to follow)
Most environment variables are unset when using sudo for security reasons. So you cannot pass that environment variable to node without modifying your sudoers file to allow that variable to passt through.
However, you shouldn't run node as root anyway. So here's a good workaround:
If you just need it for port 80, run node on an unprivileged port and setup an iptables forward to map port 80 to that port:
iptables -A PREROUTING -d 1.2.3.4/32 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 2.3.4.5:1234
Replace 1.2.3.4 with your public IP, 2.3.4.5 with the IP node runs on (could be the public one or 127.0.0.1) and 1234 with the port node runs on.
With a sufficiently recent kernel that has capability support you could also grant the node executable the CAP_NET_BIND_SERVICE privilege using the following command as root:
setcap 'cap_net_bind_service=+ep' /usr/bin/node
Note that this will allow any user on your system to open privileged ports using node!
sudo NODE_ENV=production /usr/local/bin/node /usr/local/apps/test/app.js