I have a mongoDB container running on an instance built with docker-machine, maintained with docker-compose. The mongoDB process isn't exposed to external traffic.
I want to connect to the remote mongoDB server using a GUI tool installed locally and without exposing any ports on the remote machine.
What's the best way to do this? Is there any way I can tunnel the connection via ssh with the docker-machinie ssh command?
What's the best way to do this? Is there any way I can tunnel the
connection via ssh with the docker-machinie ssh command?
Yes. Per the docs, docker-machine invokes the standard OpenSSH client. You can use the same -L syntax that you'd normally use for SSH tunneling. The end of the doc has an example using port 8080.
Related
I have a flask app with mongoDB running on a digital ocean's droplet, and now I need to see what's inside that database.
I'm trying to connect with mongoDBCompass, but no tutorial seems to help me.
If there's another easier way to access that data, it would be helpful too.
You have several options:
Connect MongoDB Compass via an SSH tunnel.
Or use SSH tunneling with e.g.:
ssh -L <local_port>:<mongodb_hostname>:<mongodb_port> <user>#<bastion_hostname> -fN
and connect MongoDB Compass via localhost:<local_port>.
Or use the mongo shell directly on your droplet.
Or open the mongo port (typically 27017) via an inbound firewall rule and connect your favorite client to your droplets public IP.
I'm a bit new to SQL and Docker. I've recently created a container for PostgreSQL on my Linux server that can be accessed by SSH. I am trying to manage it using the Entity Framework on .NET Core 2.2.
I'm trying to go by Npgsql's official documentation, but there isn't any provision for connection via SSH. The example they've provided for the connection string is:
optionsBuilder.UseNpgsql("Host=my_host;Database=my_db;Username=my_user;Password=my_pw")
Where:
my_host is set to the docker container's IP address.
my_db is the database name
my_user is the username on PostgreSQL
my_pw is the database password
I am also using this First EF Core Console Application as a tutorial. When I am attempting on the dotnet CLI:
dotnet ef database update
It keeps timing out, obviously because it can't connect to the server via SSH.
I've done my fair share of Googling with no luck. Can any of you please advise?
Edit FYI:
I am using a Windows 10 computer as a client
I am using Ubuntu Linux and connecting via OpenSSH
The Linux server has a Docker Container w/ PostgreSQL
I have successfully connected from my Windows 10 client using DBeaver
In principle, connecting to PostgreSQL isn't done over SSH - it's done directly via port 5432. You typically need to configure your container to expose that port (check the docker networking docs).
It is possible to use SSH tunneling to connect to PG (or any other service), but that's a pretty specialized mechanism to bypass firewalls and the like. You likely just need to expose port 5432 from your container.
I wrote a go program ( which is basically the code in this example, Simple SSH port forward in Golang ) that connects to a remote mongodb server by creating an ssh tunnel. I can query the server using mgo api. Now, instead of querying the server everytime, I want to copy a few collections of the database to my local machine and query locally. It is important to note that I cannot copy it directly to my local machine as there is port forwarding involved. How can I achieve this ?
You are reinventing the wheel. Use cron to create an ssh tunnel to the destination and then use a local mongodump to connect against your local tunnel endpoint
ssh -f user#mongodb.example.com -L 27017:mongodb.example.com:27017 -N
mongodump localhost:27017 <your opts here>
I've installed MongoDB on my Ubuntu 16.04 VPS and allowed connections through the firewall. When I run the server using the command (mongod), it starts without a problem and I can then connect to it (using RoboMongo as test application).
However, when I run the service automatically on startup (using systemctl), I cannot connect to it. I verified it was running, and could not run it myself as the address was already in use.
Does anyone have any experience with this, or any tips on how to solve the problem? The server will be running localhost only and I'm going to be using an SSH tunnel for testing purposes, so no authentication is necessary.
Anyone?
When you started mongod did you then provide a configuration file (using the --config or -f parameter)? If not then it defaults to listening on all interfaces.
The default configuration file which is used when starting the daemon with systemctl defaults to only listen on localhost preventing it from being available on the network. This is fine if you intend to connect to the server using a tunnel.
I have been using rockmongo as my client for mongodb on localhost for testing.
For prodction i DONT want a client online as this might reduce security.
Is there a client which will allow me to connect SSH? kind of like MySql Workbench?
or
Can rockmongo stay on my local computer and i connect to EC2 instance which has mongodb for production viewing?
or
Is there a better alternative to all of this?
My setup is a standard LAMP stack. willing to make any changes necessary.
MongoHub has the option to connect over ssh, but the app kind of sucks. It crashes a lot.
A more generic approach would be to just create your own ssh tunnel to your production server, and then connect over that through whatever client you want. The client won't care as long as it can make the connection.
On OSX/Linux, creating an ssh tunnel might look like this:
ssh -L 8080:127.0.0.1:27017 -f -C -q -N username#domain.com
This would open a local port 8080 which will forward the traffic to the localhost interface at the mongodb default port 27017 on the remote side. You would point your client at 127.0.0.1:8080 as if mongodb were running there locally.
Check some of these out - http://www.mongodb.org/display/DOCS/Admin+UIs
One workaround would be to set that file in a separate folder and make a .htaccess file that restricts access to only your ip address. Any requests not from your ip address would get denied access...