I just installed MongoDB 4.4 on Ubuntu 20.04. Now, I want one user with a password to have full access (create database, write to it, delete it, etc.) over TCP port 27017. How can I do this?
First, I changed 127.0.0.1 to 0.0.0.0 in /etc/mongodb.conf.
Then, I created a new user:
$ mongo
use admin
db.createUser({user:"admin",pwd:"foo",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})
Then, added these lines to /etc/mongod.conf:
security:
authorization: enabled
Then, restarted it:
$ sudo service mongod restart
Finally, I was able to connect to it both from the server and remotely (after adding TCP port 27017 to the list of inbound rules of my AWS EC2 security group):
$ mongo localhost:27017 -u admin -p foo
Related
I've successfully installed MongoDB on Windows (on a local machine) as a service, but now I want to move MongoDb to a separate server. So I extracted the tarball to a virtual server on network (running linux).
When I connected to the server ("testmongoserver") using PuTTY from my local machine, I started the mongod server and it told me that it was listening to the default 28017 port. The mongo console is also working and allowed me to create a new database (testdb) and add users to it.
However, I could not access the server from remote. When I type testmongoserver:28017 it doesn't open the HTTP console as localhost:28017 on my local machine does. I also can't connect using official drivers and providing a connectionstring.
What are the neccesarry steps to install MongoDB on Linux, so that I could access it from a remote machine with a connectionstring and use its HTTP console via testmongoserver:28017
Thanks!
1. Bind IP option
Bind IP is a MongoDB option that restricts connections to specifics IPs.
Have a look at your mongod configuration file, most of the time bind_ip is set to 127.0.0.1 for obvious security reasons. You can:
Add your desired IP by concatenating a list of comma separated values to bind MongoDB to multiple IP addresses.
Remove or comment (with # character) the bind_ip line. But be aware that all remote connection will be able to connect your MongoDB server!
More about bind_ip configuration option: https://docs.mongodb.com/manual/reference/configuration-options/#net.bindIp
Bind IP can also be set as a command argument: http://docs.mongodb.org/manual/reference/program/mongod/#cmdoption--bind_ip
2. Firewall
Check that you are not running behind a firewall
Make sure in your /etc/mongodb.conf file you have the following line,
bind_ip = 0.0.0.0
http://jitu-blog.blogspot.com.br/2013/06/allow-mongo-to-connect-from-remote-ip.html
Run netstat -a on mongo server and check a port.
Check DNS settings and check that linux server allows external connections.
Check that mongodb can accept external/remote connection.
Default port for mongo is 27017.
28017 - port for webstats.
See http://www.mongodb.org/display/DOCS/Security+and+Authentication#SecurityandAuthentication-Ports
Just had this issue and this fixed it:
Edit /etc/mongod.conf with sudo nano /etc/mongod.conf ensure that the net section looks like below (localhost binding by default doesn't allow for remote access):
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
Make sure to restart mongod when you are done with above with below (assuming systemd ubuntu 16.04+ etc.):
sudo service mongod restart
Obviously from a security perspective if you are going to be opening up mongo to your network/the world be aware of the implications of this (if any)
Another problem may be that the mongodb port is not enabled. Check, from another host, the ports enabled on your server. For that you can use the command:
sudo nmap -P0 your_server_ip
You can get an answer like this:
Host is up (0.052s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
If you use a virtual server in the cloud, as AWS, you need to add a new rule to add mongodb port (27017 by default).
Important: Note that with this configuration anyone can have access to your database
I fixed by below reference :
https://medium.com/founding-ithaka/setting-up-and-connecting-to-a-remote-mongodb-database-5df754a4da89
Actually, first i changed my bindIp from 127.0.0.1 to 0.0.0.0 in mongod.conf,
and enable security:
security:
authorization: "enabled"
then i restarted mongod using sudo service mongod restart.(because of new changes in mongod.conf), after that set firewall to open mongod running port (by iptables) and create a new user in admin db with new access (based on this link : https://medium.com/mongoaudit/how-to-enable-authentication-on-mongodb-b9e8a924efac), finally test open ports in my server from outside with (https://www.yougetsignal.com/tools/open-ports/) and connected successfully to remote mongod using mongocompass.exe.
I've successfully installed MongoDB on Windows (on a local machine) as a service, but now I want to move MongoDb to a separate server. So I extracted the tarball to a virtual server on network (running linux).
When I connected to the server ("testmongoserver") using PuTTY from my local machine, I started the mongod server and it told me that it was listening to the default 28017 port. The mongo console is also working and allowed me to create a new database (testdb) and add users to it.
However, I could not access the server from remote. When I type testmongoserver:28017 it doesn't open the HTTP console as localhost:28017 on my local machine does. I also can't connect using official drivers and providing a connectionstring.
What are the neccesarry steps to install MongoDB on Linux, so that I could access it from a remote machine with a connectionstring and use its HTTP console via testmongoserver:28017
Thanks!
1. Bind IP option
Bind IP is a MongoDB option that restricts connections to specifics IPs.
Have a look at your mongod configuration file, most of the time bind_ip is set to 127.0.0.1 for obvious security reasons. You can:
Add your desired IP by concatenating a list of comma separated values to bind MongoDB to multiple IP addresses.
Remove or comment (with # character) the bind_ip line. But be aware that all remote connection will be able to connect your MongoDB server!
More about bind_ip configuration option: https://docs.mongodb.com/manual/reference/configuration-options/#net.bindIp
Bind IP can also be set as a command argument: http://docs.mongodb.org/manual/reference/program/mongod/#cmdoption--bind_ip
2. Firewall
Check that you are not running behind a firewall
Make sure in your /etc/mongodb.conf file you have the following line,
bind_ip = 0.0.0.0
http://jitu-blog.blogspot.com.br/2013/06/allow-mongo-to-connect-from-remote-ip.html
Run netstat -a on mongo server and check a port.
Check DNS settings and check that linux server allows external connections.
Check that mongodb can accept external/remote connection.
Default port for mongo is 27017.
28017 - port for webstats.
See http://www.mongodb.org/display/DOCS/Security+and+Authentication#SecurityandAuthentication-Ports
Just had this issue and this fixed it:
Edit /etc/mongod.conf with sudo nano /etc/mongod.conf ensure that the net section looks like below (localhost binding by default doesn't allow for remote access):
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
Make sure to restart mongod when you are done with above with below (assuming systemd ubuntu 16.04+ etc.):
sudo service mongod restart
Obviously from a security perspective if you are going to be opening up mongo to your network/the world be aware of the implications of this (if any)
Another problem may be that the mongodb port is not enabled. Check, from another host, the ports enabled on your server. For that you can use the command:
sudo nmap -P0 your_server_ip
You can get an answer like this:
Host is up (0.052s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
If you use a virtual server in the cloud, as AWS, you need to add a new rule to add mongodb port (27017 by default).
Important: Note that with this configuration anyone can have access to your database
I fixed by below reference :
https://medium.com/founding-ithaka/setting-up-and-connecting-to-a-remote-mongodb-database-5df754a4da89
Actually, first i changed my bindIp from 127.0.0.1 to 0.0.0.0 in mongod.conf,
and enable security:
security:
authorization: "enabled"
then i restarted mongod using sudo service mongod restart.(because of new changes in mongod.conf), after that set firewall to open mongod running port (by iptables) and create a new user in admin db with new access (based on this link : https://medium.com/mongoaudit/how-to-enable-authentication-on-mongodb-b9e8a924efac), finally test open ports in my server from outside with (https://www.yougetsignal.com/tools/open-ports/) and connected successfully to remote mongod using mongocompass.exe.
I have setup mongodb to listen on 27017 on 127.0.0.1 only. I need to keep it this way to have security on my database. Though i need to be able to connect to mongodb remotely using the Robo 3T. Is there any way to connect using the ssh connection to tunnel the connection to the localhost listening mongodb using my ssh credentials?
P.S. I kinda beginner to the mongoDB. Thanks in advance...
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
On Ubuntu server, to open mongo shell run:
$ mongo
Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser({user:"admin", pwd:"password", roles:[{ role: "root", db: "admin" }]});
By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1
Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabled
Save and exit the mongod.conf file and restart mongodb server.
$ sudo service mongod restart
Download and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
Yes, you can use SSH tunnel.
Go to: MongoDB Connections (Ctrl + N) > Create / Edit > SSH tab
Just achieved that
No need to change nothing in your mongodb settings
In robomongo use localhost:27017 as you db address
In SSH tab add your login details.
UPDATED:
I just start to deal with a new VPS and i am trying to connect its port 27017 (mongodb database) from localhost (using robomongo).
It's working on my localhost machine and with another remote server, but i can't connect mongodb on this VPS, what could cause this issue ?
I start it this way:
mongod --setParameter enableLocalhostAuthBypass=0 --config /etc/mongodb.conf --fork
with the auth = true uncommented in the /etc/mongodb.conf file (but it looks like the issue is not that i can't auth but mongodb is not responding at all).
When i start mongo admin -u root -p root by being connected with SSH, it works great (i can connect my database) and i can see that mongodb is well listenning on the port 27017.
But when i try to access it from my local machine, it can't establish the connection, and if i try to connect it with my browser, i am supposed to get a mongodb error message: You are trying to access MongoDB on the native driver port. For http diagnostic access, add 1000 to the port number but i don't, i just have a failure page with Chrome (and the port 28017 is not responding either).
How to solve this ? My VPS is brand new and i could need to install more packages but i really don't see what could be need for this, it also looks like a firewall issue, like something prevent mongodb and response before the request could reach it, i have juste installed apache2 and nginx and they are not running so i really don't see...
Ok, I have found the issue!
There is a line bind_ip 127.0.0.1 in the /etc/mongod.conf file.
It provides access only to the specified IP address to mongodb.
You should create an array of IPs and edit the config file as:
bind_ip [127.0.0.1, x.x.x.x, ...]
Where x.x.x.x is your IP.
i resolved this issue with file(/etc/mongod.conf)
commenting out as follows:
#bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
we have an EC2 MongoDB 2.4 instance from Amazon MarketPlace.
when i try to access it from my computer using the mongo command like so:
mongo xx-xx-xx-xx-xx.compute-1.amazonaws.com
i get the following error
Error: couldn't connect to server xx-xx-xx-xx-xx.compute-1.amazonaws.com:27017 at src/mongo/shell/mongo.js:147
exception: connect failed
i can connect to the remote instance using ssh so it is reachable.
the port is the default port 27017.
mongod is running and working on the remote instance.
any suggestions on how to fix this?
As frisky said, you have to open the port 27017 at the EC2 Security Group Console.
(To know more about how to do that: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html)
But you also need to change the bind_ip variable at the /etc/mongodb.conf file. You need to comment the line or assign the ip that will be able to connect the DB to it.
The following two steps enabled the remote connection for me:
Opening the inbound rould for my VPC at port 27017
VPC -> Security -> Security Groups -> choose your instance's TCP roule -> click "Edit Rules" -> add a rule with Type: "Custom TCP Rule", Protocol: TCP, Port Range: 27017, Source: Custom 0.0.0.0/0 -> save
SSH into your instance -> sudo vi /etc/mongod.conf -> set bindIp: 0.0.0.0 -> save -> sudo service mongod restart
After that you will be able to connect into you remote mongo instance with mongo --host YOUR_INSTANCE_IP
Since mongod is running and working on the remote instance, you can access your MongoDB content via
mongo xx-xx-xx-xx-xx.compute-1.amazonaws.com or
mongo machine_elastic_IP
Before that you need to open Inbound port for that machine.By-default port 27017 is closed for external world.
For more info refer : http://docs.aws.amazon.com/gettingstarted/latest/wah/getting-started-security-group.html
Amazon created mongo security group without 27017 open.
opening port 27017 to my pc fixed the issue.
Try to access xx-xx-xx-xx-xx.compute-1.amazonaws.com:27017 from browser, if it works then ssh into the instance.
Stop the mongodb server
Remove the file /var/lib/mongodb/mongod.lock
start the mongodb server again, and check if typing mongo takes into a mongo shell or gives any error.
If the error is present, exit from the instance and again ssh to check for $mongo, if it opens a mongo shell. Try a reboot after this changes if the error still exists after the above changes.
The only concern here is, before accessing it from any application. Mongodb should work independently in the terminal.
EC2 controls access using security group, so make sure that box accessing mongo db host is in the security group allowed to access this box and port is enabled for the same security group.
Another problem can be iptables. Check sudo service iptables status on the mongodb box and see what are the rules there.
Make sure there you enable appropriate ports as per security requirement of the box.