I have MongoDb 4 running fine as Service on win 10.
as soon as I set authorization: enabled
in the mongo config file:
C:\MongoDB4.0\bin\mongod.cfg
It was
#security:
I have set it to:
security:
authorization: enabled
The service will not start, and displaying Error 1053
I dont see anything in the server log or mongodb log
Any idea what I did wrong?
I had the same problem, but in my case what solved was replacing the tab for two spaces in the authorization: enabled line, like this:
# Configuration using TAB not working
security:
authorization: enabled
# Configuration using two spaces working
security:
authorization: enabled
C:\MongoDB4.0\bin\mongod.cfg
change
#snmp:
mp:
to
#snmp:
#mp:
it works for me.
In my case I first commented it, it caused 1053 error, so I had to remove comment and set -
security:
authorization: disabled
For me MongoDB 4.2, this thing works to run the service on Windows 10.
security:
authorization: enabled
Not sure exactly but I think there is issue related to space and colon.
Related
[SOLVED - answer in comments]
I've followed how-to from https://docs.rundeck.com/docs/administration/security/authentication.html#communicating-over-secure-ldap-ldaps
Authentication works great for LDAP, but when I change to LDAPS (I am only changing providerUrl="ldap://" to ldaps:// stanza in custom jaas conf), error is being returned:
ERROR jaas.JettyCachingLdapLogModule - Naming error
javax.naming.CommunicationException: simple bind failed: <AD IP>
AD is listening on port 636.
I suspect problem can be with authenticationMethod="simple" - but when I am trying to change it to "tls:simple" (per https://docs.oracle.com/cd/E53394_01/html/E54912/ldapsecure-75.html) Rundeck claims there's syntax issue.
Do you had similar problem?
How switch from simple auth to tls?
DedupeResponseHeader is not working for me in Spring Cloud Greenwich.SR3, I have added CORS configuration in application.yml, and downstream application is also sending Access-Control-Allow-Origin in response header, which in ending up with:
The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:4200, http://localhost:4200', but only one is allowed.
I have used DedupeResponseHeader but that is not working for me still seeing same error in browser console. Following is the config for CORS and DedupeResponseHeader:
spring:
cloud:
gateway:
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Origin, RETAIN_UNIQUE
globalcors:
add-to-simple-url-handler-mapping: true
corsConfigurations:
'[/**]':
allowedOrigins: "http://localhost:4200"
allowedMethods: "*"
allowedHeaders: "*"
Tried in filters also, but also didn't work
spring:
cloud:
gateway:
routes:
- id: dedupe_response_header_route
uri: http://localhost:4200
predicates:
- Method=OPTIONS
- Method=GET
filters:
- DedupeResponseHeader=Access-Control-Allow-Origin
Couldn't figure out the reason why its not working, double checked the spring cloud version. I appreciate, if someone could help to understand why DedupeResponseHeader not working.
You can use the latest version of the spring cloud i.e. 2020.0.2 --- it is working perfectly there.
My server configuration is a TYPO3 installation Vs. 6.2.31 combined with a reverse proxy. The system is running fine with http.
When we try to switch to https we geht this Error Message in the backend:
"Connection Problem
Sorry, but an error occurred while connecting to the server. Please check your network connection."
And the page tree is not loading.
When switching back to http all is working one again.
Our settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = last
[SYS][reverseProxySSL] = *
What i tried:
deactivate all extensions apart from the system extensions
no entry in syslog (error reporting is on development)
no entries in the server logs
lockSSL in install tool 3 results in never ending 302 redirects
lockSSL with option 2 results in this error message:
Fatal error: Uncaught exception 'RuntimeException' with message 'TYPO3 Backend not accessed via SSL: TYPO3 Backend is configured to only be accessible through SSL. Change the URL in your browser and try again.' in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php:897 Stack trace: #0 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/init.php(54): TYPO3\CMS\Core\Core\Bootstrap->checkSslBackendAndRedirectIfNeeded() #1 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/index.php(21): require('/srv/httpd/site...') #2 {main} thrown in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php on line 897
It seems that some requests e.g. for the page tree are made without ssl - ajax calls i presume - but i dont have a clue how to debug it.
Andy ideas?
Thanks!
I have the same version at a customer and with a load balancer / proxy.
The only difference is [SYS][reverseProxyHeaderMultiValue] = first.
Also, [BE][lockSSL] = 1 is set.
Maybe it helps?
This thread is quite old, but because many people do read until now i will try an answer. We could solve the problem (and once again in a different installation) with the following settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = firt
[SYS][reverseProxySSL] = *
AND - that is important - changes in the server config too:
RequestHeader set X-Forwarded-Proto "https"
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
I assume it was the first:
RequestHeader set X-Forwarded-Proto "https"
So in the end the problem was in the server config.
I am trying to configure mongodb for ssl. I have the two certs within a directory on Ubuntu, but when I try to restart the service with the mongodb.conf set up correctly, the service will not start. If I comment out the lines in the mongodb.conf file that I added, I can then start mongodb. I think the syntax is wrong, and not the certs them self.
#SSL options
sslMode = requireSSL
#Enable SSL on normal ports
#sslOnNormalPorts = true
# SSL Key file and password
sslPEMKeyFile = /path/to/cert
sslPEMKeyPassword = password
sslCAFile = /path/to/cert
I get this error when I try to start the server with these lines not commented out
stop: Unknown instance:
mongodb start/running, process 7725
If i try to get into mongo shell i get this(assuming this is because I could not restart the service properly)
Thu Jul 21 14:32:07.660 Error: couldn't connect to server 127.0.0.1:27017 at src/mongo/shell/mongo.js:145
exception: connect failed
The mongodb.conf file is a YAML file so you need to format it as such. Meaning you can't use tabs. Also it does look like the syntax you're using isn't correct.
Try this:
net:
#SSL options
ssl:
mode: requireSSL
# SSL Key file and password
PEMKeyFile: /path/to/cert
PEMKeyPassword: password
CAFile: /path/to/cert
Also, I know it's commented out but just wanted to mention, the sslOnNormal ports option is deprecated. See here: https://docs.mongodb.com/manual/reference/configuration-options/#net.ssl.sslOnNormalPorts
I run mongod.exe in server with this option in cmd.exe:
mongod.exe --dbpath=path --auth
And now, how can I do this in a config file?
my mongod.cfg:
dbpath=D:\Program Files\MongoDB 2.6 Standard\data
security=
authorization= enabled
I get this error :
Error parsing INI config file: unknown option security.
For mongod version 2.4 (ini config file)
auth = true
https://docs.mongodb.com/v2.4/reference/configuration-options/#auth
For mongod versions 2.6+ (yaml config file)
security:
authorization: enabled
https://docs.mongodb.com/v3.2/reference/configuration-options/#security.authorization
https://docs.mongodb.com/v3.0/reference/configuration-options/#security.authorization
https://docs.mongodb.com/v2.6/reference/configuration-options/#security.authorization
mongodb version 3.2
this is the correct config
security:
authorization: "enabled"
with quotes since the value is a string as per the documentation
security:
authorization: "enabled"
This is correct as stated above, one thing to note is if it still doesn't work make sure you didn't use a tab for the authorization line it won't work you need to just use spaces.
Just needs to say
auth=true
You don't need any of the other options!
If you are use YAML
security:
authorization: "enabled"
working for 2.6 or high.
But if you don't use YAML.
auth: true
I'm use mongodb v3.0.2, v3.6.5, v4.0.3, both files are working correctly.
INI CONFIG
# mongodb.conf
# Where to store the data.
dbpath=/var/lib/mongodb
#where to log
logpath=/var/log/mongodb/mongodb.log
logappend=true
bind_ip = 0.0.0.0
port = 27017
journal=true
auth = true
YAML CONFIG
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
security:
authorization: "enabled"
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
On DigitalOcean you get the 3.6.3 version but with 2.* style config files. Which makes it confusion when reading all the comments above.
So, instead of following the DigitalOcean Guide of installing MongoDB (this one), you'd better take the official MongoDB Guide (this one)
Really late to they party.
For me nothing of the above worked (on windows, on Linux "authorization: enabled" works fine as long as permissions are right).
Ended up creating a service of my own with --dbpath and --auth options using a third party service manager. Works like a charm.
I perfectly aware that this is not a direct answer but I hope, this will help someone.
Side note though, I could not use "C:\Program Files\MongoDB\4.2\Server\data" folder. No write permissions.
db.adminCommand(
{
setParameter: 1,
security.authorization: "enabled"
}
);
For me the key thing that was causing the fault/error was noted in Robert Walters response - Use of the TAB in the config file.
Changing this to 4 whitespaces fixed the issue whilst keeping the config file looking neat/readable.