How do I access a remote aws lightsail mongodb over ssh tunnel - mongodb

I have a Lightsail AWS instance up and running with a MEAN stack. I have an existing MEAN stack running on a different network. At the moment the node server.js connects to localhost for the mongo bit (on same machine) and all I want to do is replace the localhost with a connection to my mongo running on my AWS remote server.
I understand, that for security reasons, it is best to ssh tunnel this connection, which I think I am familiar with.
What I have done so far is this:
In a console on the machine hosting the node server (remote to the db) I have run:
ssh -L 8181:127.0.0.1:80 -i ~/LightsailDefaultPrivateKey-eu-west-2.pem bitnami#31.16.56.125 -N
I can then browse to the RockMongo UI from the local machine using localhost:8181/rockmongo ...yay.
If I then run the following:
ssh -L 8181:127.0.0.1:27017 -i ~/LightsailDefaultPrivateKey-eu-west-2.pem bitnami#31.16.56.125 -N
(27017 being the mongo port)
Then try and access the db from my remote machine using:
mongo --username XXXXXX --password XXXXXX 31.16.56.125:8181/testdata
I get the following error:
~]
2017-12-28T22:11:09.791+0000 Error: couldn't connect to server 31.16.56.125:8181 (31.16.56.125), connection attempt failed at src/mongo/shell/mongo.js:148
exception: connect failed
Am I doing this wrong? i.e. is the tunnel only for http connections and not mongo command line use? Do I need to test the connection some other way?
I've Googled all over the place for this and not had much luck (a lot of the AWS docs suggest punching a hole in the firewall - which one can no longer do!)

OK I've (partially) solved this, there were a few things wrong.
1) The mongo client was 2.6 and mongo running on AWS was 3.4. Upgrading this solved some issues - in that I was getting a more meaningful error message.
One thing I did have trouble with is that apt-get seemed to perform an update, yet the version reported when issuing the mongo command was still 2.6.
To solve this I had to run sudo apt-get purge mongodb-org* (note the asterisk). Then perform the update.... If you need to do this then follow these instructions:
https://docs.mongodb.com/v3.2/tutorial/install-mongodb-on-ubuntu/
2) This command
mongo --username XXXXXX --password XXXXXX 31.16.56.125:8181/testdata
won't work as I've omitted 'admin' from it and not specified localhost!
but
mongo admin --username XXXXXX --password XXXXXX localhost:8181/testdata
doesn't work either and gives the following output.
2018-01-03T22:00:42.380+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: errno:111 Connection refused
2018-01-03T22:00:42.380+0000 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:229:14
#(connect):1:6
The only command I could get to work is:
mongo admin --username XXXXXX --password XXXXXX --port 8181
The default host is localhost, so in this case it uses the tunnel, this will also just connect to the test db, you can then admin from there.
What I haven't got to the bottom of is the specification of the host:port/db as an argument as per the output from running mongo --help
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
foo foo database on local machine
192.169.0.5/foo foo database on 192.168.0.5 machine
192.169.0.5:9999/foo foo database on 192.168.0.5 machine on port 9999

Related

Atlas MongoDB SSH Tunnel hostname mismatch

I am trying to setup an SSH tunnel to a mongoDB cluster hosted In Atlas. I setup the tunnel with the below command
ssh -i <key_file> -N -L <localport>:<atlas_node_hostname>:<atlas_port> <remote_user>#<remote_ip>
And added the atlas_node_hostname in
/etc/hosts
From the machine where I created the SSH tunnel, I can connect to atlas db with the atlas_node_hostname mentioned in the string.
mongo --ssl "mongodb://<username>:<password>#<atlas_node_hostname>:<ssh_tunnel_local_port>/<db_name>?authSource=admin"
But I want to connect using 127.0.0.1 instead of the atlas_node_hostname, this is so that I can give devs access only to the machine where the tunnel is running and they can connect to the DB.
mongo --ssl "mongodb://<username>:<password>#<127.0.0.1:<ssh_tunnel_local_port>/<db_name>?authSource=admin"
But with the above attempt I get the below error
Error: couldn't connect to server 127.0.0.1:27779, connection attempt failed: SSLHandshakeFailed: The server certificate does not match the host name. Hostname: 127.0.0.1 does not match SAN(s): *.345ed5412fd76fb84cd13794.utkqs.mongodb.net, *.utkqs.mesh.mongodb.net, *.utkqs.mongodb.net, CN: *.utkqs.mongodb.net :
Is there any way I can get it working with the 127.0.0.1 instead of giving the atlas_node_hostname? Or any tool that can proxy Atlas MongoDB?

Unable to access mongodb running in a docker from local machine

I am trying to access the mongodb running in a docker from my local machine however I am seeing this error message:
Error: couldnt connect to server localhost:27017, connection attempt failed: SocketException: Error connecting to localhost:27017 (127.0.0.1:27017) :: caused by :: No connection could be made because the target machine actively refused it.
commands tried to used to access mongo on my local machine:
mongo localhost:27017
mongo 172.17.0.2:27017(container's ip)
command used to run mongodb on docker
docker run -d -p 27017:27017 mongo:latest
Please advice. Thank you.

Programmatically connect to remote MongoDB with SSH

I need to use terminal to connect to MongoDB. I have almost precisely same issue as this StackExchange question.
In my case I can correctly use Robo3T to connect. As well as use command
mongo --host 111.111.111.111 --port 111 --authenticationDatabase DB --username USER --password PASS locally. With same command executed remotely I receive following error:
No connection could be made because the target machine actively refused it.
I wanted to precisely recreate my Robo3T connection setup to see if SSH tunnel solves my issue

i'm getting following error while connecting to mongodb server

$ mongo
MongoDB shell version v3.6.3
connecting to: mongodb://127.0.0.1:27017
2018-10-18T17:09:03.003+0530 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: Connection refused
2018-10-18T17:09:03.004+0530 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:251:13
#(connect):1:6
exception: connect failed
what OS are you using? In ubuntu you need to check your version:
service mongod status, mongod --version.
If mongod is off then just restart and write the error if possible.
service mongod restart
if you are using linux, try this command
$ sudo mongod
you are getting that because you are running
$ mongo
First go to your mongoDB directory and in that directory go to bin directory and open terminal in that directory(bin), then run the following command:
mongod.exe
After that open another terminal in same directory and run the following command.
mongo.exe
It will resolve this issue.
first you check it mongodb proper installed or not and also check it version compatibility
I am saying windows os setup,
set environment variable is path C:\Program Files\MongoDB\Server\3.6\bin;
then open your command prompt and type
mongod
after open another command prompt and type
mongo
A connection refused failure to connect reason may just be a matter of your network configuration and firewall or more specifically, your operating system's port restrictions. While you may be connecting to a mongoDB server on localhost (127.0.0.1) which can't be blocked by a firewall, it is possible for a firewall to block access to specific ports on a localhost.
If you're on a linux-based system, this can be addressed by using iptables as described here with the applicable commands shown below:
iptables -A INPUT -s 127.0.0.1 -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1 -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT
However, in reading the comments on another answer, it may be that you aren't able to connect because the server isn't being launched and ran properly due to a lack of of the /data/db directory. But, a presumption based on the lack of reply to other answers suggesting to check your server is running properly, tells me you're sure that it is. In which case, try changing your hostname to localhost instead of 127.0.0.1 when connecting, as in:
mongoose.connect('mongodb://localhost:27017');
# or as more applicable for connecting to a deployment:
mongosh "mongodb://localhost:27017"
# alternatively, by default, MongoDB Shell already connects to localhost
# so you could simply use the command line option --port such as:
mongosh --port 27017
You can also try specifying more parameters in the url as it applies.
For example, connecting to an instance and authenticate against the foobar database as user rohan:
mongosh "mongodb://localhost:27017" --username rohan --authenticationDatabase foobar
To provide a password with the command instead of using the masked prompt, simply add the --password command line option.
For Windows, you may also try the solutions offered on this page.

Connect to AWS over SSH portforward

I'd like to connect to my AWS instance and connect to my MongoDB database over localhost. The SSH tunnel seems to work, but when I try to connect with mongo I get a connection failed error.
SSH tunnel command:
ssh -i <path to key> -N -L 27017:++++++++++.us-west-2.compute.amazonaws.com:27017 ++++++#++++++++++.us-west-2.compute.amazonaws.com
Mongo client:
mongo -u +++++++ -p ++++++++++ mongodb://localhost:27017/+++++
MongoDB shell version v3.4.7
connecting to: mongodb://localhost:27017/++++++
2018-01-22T15:32:07.125+0100 E QUERY [thread1] Error: network error while attempting to run command 'isMaster' on host 'localhost:27017' :
connect#src/mongo/shell/mongo.js:237:13
#(connect):1:6
exception: connect failed
On the tunnel side I then get:
channel 2: open failed: connect failed: Connection refused
I have tried the mongo command directly on the server then there it works fine.
On my Robo T3 client there is an option to connect over SSH and there the connection works just fine.
Any suggestions are greatly appreciated.
EDIT
When I start the mongo client, no new lines are added to mongdb log file. This indicates that the tunnel is not doing it's job...
According to this documentation, this error happens when you try to connect to a MongoDB server without ssl.
The solution then would be to connect using SSL, which can be done by adding --ssl to your connection query (so that it looks like this: mongo --ssl -u +++++++ -p ++++++++++ mongodb://localhost:27017/+++++).
Let me know if this works for you!