We Keep Coding

Connection attempt failed : Socket Exception - MongoDB TLS encryption on Ubuntu 16.04

I am facing this error on my ubuntu 16.04 machine while trying to encrypt data from the client to the server using TLS/SSL on Mongodb:
As requested, here is my command in text format :
mongo --tls --tlsCAFile rootCA.pem --tlsCertificateKeyFile mongodb.pem --host 127.0.0.1:27017
I have created a CA certificate which I have self-signed, and created the mongodb.pem file too as it is required for tls/ssl encryption.
Does anybody know how to fix it ? If you need more info I would gladly provide them.
This is my mongodb.conf file :
mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
tls :
mode : requireTLS
certificateKeyFile : /home/youssef/mongodb.pem
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
And I used this method to create a user :
db.createUser( { user: "accountAdmin01",
pwd: "password", // Or "<cleartext password>
roles: [ { role: "clusterAdmin", db: "admin" }])
This is the error I get from the logs :
"msg":"Error receiving request from client. Ending connection from remote","attr":{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"SSL handshake received but server is started without SSL support"},"remote":"127.0.0.1:34766","connectionId":4}}
And just in case you are wondering where I got the rootCA.pem and mongodb.pem files, I just went through this tutorial : https://rajanmaharjan.medium.com/secure-your-mongodb-connections-ssl-tls-92e2addb3c89

According to your config file and createUser you use the TLS/SSL certificate only to encrypt the connection. In this case skip --tlsCertificateKeyFile mongodb.pem option.
The MongoDB server provides the certificate (mongodb.pem), the client has to verify this certificate by using the CA rootCA.pem
If you like to use --tlsCertificateKeyFile, then you must specify the CAFile in mongodb.conf. Otherwise the MongoDB server cannot verify the certificate provided from the client:
net:
port: 27017
bindIp: 127.0.0.1
tls :
mode : requireTLS
certificateKeyFile : /home/youssef/mongodb.pem
CAFile: /etc/ssl/rootCA.pem
allowConnectionsWithoutCertificates: true # if you like to permit connections with and without certificate
Note, try openssl verify -CAfile rootCA.pem mongodb.pem in order to check if your certificate is working and valid.

Mongo auth fails to login when using mongod.conf

So this is the weirdest thing.
I have two centOS 7 servers running mongo. I now wanted to enforce authentication so I added the security.authorization: enabled to the mongod.conf file.
I already have a user on database "buzzztv".
So when I ran mongod --conf /etc/mongod.conf on the first server everything went fine.
Then I did the exact same thing on the second server and whenever I try to connect with one of the users I get the following error:
connecting to: mongodb://127.0.0.1:27017/?authSource=buzzztv&compressors=disabled&gssapiServiceName=mongodb
2020-02-20T13:02:35.166+0000 E QUERY [js] Error: Authentication failed. :
connect#src/mongo/shell/mongo.js:341:17
#(connect):2:6
2020-02-20T13:02:35.168+0000 F - [main] exception: connect failed
2020-02-20T13:02:35.168+0000 E - [main] exiting with code 1
Now if I run mongod --fork --logpath /var/log/mongodb/mongod.log --auth the login works perfectly fine.
So obiously I could just run this command, but I want to use the mongod.conf.
Here is my mongod.conf file, I checked and it is a perfect copy of the file from the server in which it does work.
Any ideas?
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # 127.0.0.1 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:

So after several hurtful hours of looking into it, I neede to change the
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
Apparently something was wrong with my /var/lib/mongo so I backed up the data, and created a new folder /var/lib/mongodb
Then edited the mongod.conf file to:
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
Then it all worked fine. Now I'll just re-create the users and re-insert all the data and I'm good to go.
Hope this saves someone the wasteful hours I've lost

Could not connect to replica set in MongoDB with pymongo

I am trying to connect to replica set in MongoDB with the following command:
client = MongoClient(
"PublicIP:27017,PublicIP:27017,PublicIP:27017,PublicIP:27017,PublicIP:27017",
replicaSet="rs0", readPreference='nearest',
localThresholdMS=500)
db = client.sampledb
# checks the connection to RS in Mongo
try:
db.command("serverStatus")
except Exception as e:
print(e)
else:
print("\n Connection established to the Replica Set!)
I have setup 5 nodes in AWS (1 master, 4 slaves) and the /etc/mongod.conf file in all nodes looks like this:
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
#bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
security:
authorization: "disabled"
#operationProfiling:
replication:
replSetName: rs0
When I try to connect from my local machine I get a timed out like this:
ip:27017: timed out,ip:27017: timed out,ip:27017: timed out,ip:27017:
timed out,ip:27017: timed out
Does anyone know why?

Starting 3.6 bindIp defaults to localhost only. So, assuming you are running 3.6 or later your configuration is not accessible from outside, since you commented out bindIp.
This post might be helpful to understand some of the nuances: https://www.mongodb.com/blog/post/enabling-ip-security-for-mongodb-36-on-ubuntu
Obviously, don't forget to make sure AWS Security Group on your instances allows Ingress connection on port 27017.

Mongoose connection error: MongoError: failed to connect to server

I was running mongo 3.4 on centOS. It was using authorization. I needed to upgrade it to mongo 3.6. I upgraded it and now I'm not able to connect it through any means remotely. Neither with the shell nor with the node server itself.
Here is the mongoose connection.
const uri = 'mongodb://admin:12345#host:27017/db?authSource=admin';
mongoose.connect(uri);
Here is mongod.conf
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
# bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:

Probably the upgrade was not successful, and the restart of the mongod service failed.
View the logs in /var/log/mongodb/mongod.log and check for any inconsistency in the mongod.conf.
Check if the service is up and if it is listening on port 27017.
service mongod status
netstat -tl | grep 27017 # or using the ss command
ss -tl | grep 27017
From the official documentation:
Starting in MongoDB 3.6, mongod and mongos instances bind to localhost by default. Remote clients cannot connect to an instance bound only to localhost. To override and bind to other ip addresses, use the net.bindIp configuration file setting or the --bind_ip command-line option to specify a list of ip addresses.
Try the following setting to enable the service to listen on all the interfaces
net:
port: 27017
bindIp: 0.0.0.0

Cannot connect remotely to mongodb installed on AWS instance

I have installed and started mongodb on my RHEL AWS instance. Now I want to connect to the mongodb server from my local machine but am not able to do so.
I have made changes to the bind_ip parameter in the mongodb.conf file and also have added rules to the security group for the AWS instance to allow connections on port 27017 for any inbound request. Am I missing anything ??
MongoDB Version - 3.4.14
AWS Instance - RHEL
Thanks in advance !!!
Adding the mongod.conf file
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /home/ec2-user/AutoMaTics/setup/dbData
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
# bindIpAll: true
# bindIp: 127.0.0.1,13.127.31.137 # Listen to local interface only, comment to listen on all interfaces.
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp: