I have installed mogodb linode "mongodb-app" and its running .. created user and collections and able to access it from shell
now trying to connect to the server from my local but getting server timeout
'''
pymongo.errors.ServerSelectionTimeoutError: 170.187.248.15:27017: timed out, Timeout: 30s, Topology Description: <TopologyDescription id: 6218a8cccb94c35a2569ce55, topology_type: Single, servers: [<ServerDescription ('170.187.248.15', 27017) server_type: Unknown, rtt: None, error=NetworkTimeout('170.187.248.15:27017: timed out')>]>
default_config = {'MONGODB_SETTINGS': {
#Local DB
'db': 'test_db',
'host': 'localhost',
'port': 27017
#linode "mongodb-app"
'db': '<db name>',
'host': '<server ip>',
'port': 27017,
'username': '<db user>,
'password': '<db password>',
'authentication_source': 'admin'
}
'''
I have followed couple of steps :
'''
1. updated /etc/mongod.conf from the server
net:
port: 27017
bindIp:0.0.0.0
'''
2. sudo ufw status
sudo: unable to resolve host 170-187-248-15
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
27017 ALLOW 0.0.0.0
22 (v6) ALLOW Anywhere (v6)
but still facing the same error
On your linux server where mongodb is running, run these two commands:
iptables -A INPUT -s <ip-address-of-your-app> -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -d <ip-address-of-your-app> -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT
Taken from https://docs.mongodb.com/manual/tutorial/configure-linux-iptables-firewall/#traffic-to-and-from-mongod-instances
Related
I have an instance of postgresql running in a docker container.
I can connect to the database from the host that is running docker by:
docker exec -u root -it postgres bash
And then accessing the database from there by doing an su to user postgres.
If I use a client from a desktop pc / laptop to try and connect I get a connection refused:
psql -h 20.XXX.1XX.1XX -p 5432 -U <user>
psql: could not connect to server: Connection refused
Is the server running on host "20.XXX.1XX.1XX" and accepting
TCP/IP connections on port 5432?
I have edited the pg_hba.conf file in the docker instance and added the following:
host all all 0.0.0.0/0 md5
host all all ::/0 md5
If I run netstat, again within the container I get:
root#ee9dg39913cdc:/# netstat -na | grep 5432
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 52651 /var/run/postgresql/.s.PGSQL.5432
And when I run it on the machine hosting the docker instance:
root#VM01:~# netstat -na | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
I do not have ufw running at all, so, no firewall issues. The host is an Azure VM and port 5432 is open to the internet.
postgresql.conf is set as:
listen_addresses = '*'
Given all of the above, can anyone help me understand why I cannot connect to the postgres instance over the internet using:
psql -h 20.XXX.1XX.1XX -p 5432 -U <user>
Thanks.
I have postgres on docker container that I run using the following command:
docker run -d --name timescaledb -p 127.0.0.1:5433:5433 -e POSTGRES_PASSWORD=somepass timescale/timescaledb:latest-pg12
Meanwhile I also have postgres installed locally in my machine and port 5432 is listening:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
postgres 124 postgres 7u IPv6 0x38eef62419af50a3 0t0 TCP *:5432 (LISTEN)
postgres 124 postgres 8u IPv4 0x38eef624199e6d5b 0t0 TCP *:5432 (LISTEN)
com.docke 3520 alex 39u IPv4 0x38eef62428c6b7fb 0t0 TCP localhost:5433 (LISTEN)
com.docke 3520 alex 42u IPv4 0x38eef62428c3581b 0t0 TCP *:49816 (LISTEN)
I'm trying to set up a connection with psycopg2 using this command:
connection = psycopg2.connect(host=config.DB_HOST,database=config.DB_NAME,user=config.DB_USER,password=config.DB_PASS,port=config.DB_PORT)
of which config.xxx is :
DB_HOST = 'localhost'
DB_USER = 'postgres'
DB_PASS = 'somepass'
DB_NAME = 'etfdb'
DB_PORT = '5433'
but I'm getting the following error:
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
psycopg2.OperationalError: connection to server at "localhost" (::1), port 5433 failed: Connection refused
Is the server running on that host and accepting TCP/IP connections?
connection to server at "localhost" (127.0.0.1), port 5433 failed: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
It's worth noting that the command docker ps shows me port 5432 for some reason I don't know:
❯ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d2623bd4055 timescale/timescaledb:latest-pg12 "docker-entrypoint.s…" 6 days ago Up 17 minutes 5432/tcp, 127.0.0.1:5433->5433/tcp timescaledb
I have created new Instance on AWS ec2 and installed the mongodb 4.2.8 on server but I'm unable to connect with mongodb using local terminal of Ubuntu 18.0.2. I'm hitting a command which will import a mongodb dump database into the server database the command is given below
mongorestore --host IPv4_Public_IP --port 27017 --db db_name dump/dataDb/
The error I'm facing is
error connecting to host: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: IPv4_Public_IP:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : dial tcp IPv4_Public_IP:27017: connect: connection refused }, ] }
And how to set the Inboud rules for that instance. For now these are
SSH TCP 22 0.0.0.0/0 -
Custom TCP 27017 my_ip -
I have installed postgres, then I created new user and opened md5 authentication on 127.0.0.1 in pg_hba.conf
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
But now if I try to connect via psql with "-h" flag with "127.0.0.1" and this user psql doing nothing.
-bash-4.2$ psql -h 127.0.0.1 -U k4fntr
it is just freez
The problem was with iptables. I discovered that I had no something about postgres in iptables.
This command had fixed the problem
iptables -I INPUT -p tcp -m tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
I have two Vagrant VMs, one configured as a web server and the other a database server. When I try to run a psql command on the web server against my inventory database on the database server, the connection is refused:
psql -h db00 -U dsmith -d inventory -p 15432
psql: could not connect to server: Connection refused
Is the server running on the host "db00" (192.168.2.101) and accepting
TCP/IP connections on port 15432?
Here is my Vagrantfile:
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "debian/stretch64"
config.vm.synced_folder "./shared", "/vagrant", type: "virtualbox"
ENV['ANSIBLE_ROLES_PATH'] = "/Users/dsmith/playbooks/roles-debian9"
config.vm.define "db" do |db|
db.vm.hostname = "db00.example.com"
db.vm.network :private_network, ip: "192.168.2.101"
db.vm.network :forwarded_port, guest: 5432, host: 15432
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.compatibility_mode = "2.0"
ansible.become = true
end
end
config.vm.define "web" do |web|
web.vm.hostname = "web00.example.com"
web.vm.network :private_network, ip: "192.168.2.102"
web.ssh.forward_agent = true
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.compatibility_mode = "2.0"
ansible.become = true
end
end
end
The key line here is the network forwarded_port line. I think I'm telling Vagrant that if a request comes in to the database server VM on port 5432, forward it to port 15432 on the server itself which is the port I've configured PostgreSQL to listen to on that server. From my research, I think this is what I'm supposed to do but I'm not sure.
Here is my PostgreSQL configuration file:
# /etc/postgresql/9.6/main/postgresql.conf
data_directory = '/var/lib/postgresql/9.6/main'
hba_file = '/etc/postgresql/9.6/main/pg_hba.conf'
ident_file = '/etc/postgresql/9.6/main/pg_ident.conf'
external_pid_file = '/var/run/postgresql/9.6-main.pid'
listen_addresses = '*'
port = 15432
unix_socket_directories = '/var/run/postgresql'
Here is my authentication configuration file:
# /etc/postgresql/9.6/main/pg_hba.conf
local all postgres peer
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
host all all 0.0.0.0/0 trust
From my research, the "listen_addresses" line is important in the postgres config file and the "host all all..." line is important in the hba config file.
Here are the firewall rules running on the database server:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1037:93696]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -s 192.168.2.102/32 -d 192.168.2.101/32 -p tcp -m tcp --sport 1024:65535 --dport 15432 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -s 192.168.2.101/32 -d 192.168.2.102/32 -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
COMMIT
The important rule is the one that says that anything from 192.168.2.102 (web00) to 192.168.2.101 (db00) on port 15432 is accepted. But I really don't think the firewall is the problem since I get the same error if I flush all the rules.
What am I doing wrong here? I've tried to think it through but I'm missing something.