My question, to be more clear, it is to create a server with mongodb on a cloud hosting (for example) and access it through another server.
Example:
I have a mobile app.
I hosted my mongoDB a cloud hosting (ubuntu).
I want to connect my app to the db on the server cloud.
Is it possible? How?
I'm joining this learning and my question was exactly MongoDB to create a server in a way that I could access it remotely.
Out of "localhost"? Different from all the tutorials I've seen.
From what you are describing, I think you want to implement a 2-Tier-Architecture. For practically all use cases, don't do it!
It's definitely possible, yes. You can open up the MongoDB port in your firewall. Let's say your computer has a fixed IP or a fixed name like mymongo.example.com. You can then connect to mongodb://mymongo.example.com:27017 (if you use the default port). But beware:
Security You need to make sure that clients can only perform those operations that you want to allow, e.g. using MongoDB integrated authentication, otherwise some random script kiddie will steal you database, delete it, or fill it with random data. Many servers, even if they don't host a well-known service, get attacked thousands of times per day. Also, you probably want to encrypt the connection so people can't spy on the connection. And to make it all worse, you will have to store the database credentials in your client app, which is practically impossible to do in a truly secure way.
Software architecture There is a ton of arguments against this architecture, but 1) alone should be enough. You never want to couple your client to the database, be it because of data migrations, software updates, security considerations, etc.
3-Tier
So what to do instead? Use a 3-Tier-Architecture: Host a server of some kind on mymongo.example.com that then connects to the database. That server could be implemented in nginx/node.js, iis/asp.net, apache/php, or whatever. It could even be a plain old C application (like many game servers).
The mongodb can still reside on yet a different machine, but when you use a server, the database credentials are only known to the server, not to all the clients.
Yes, it is possible. You would connect to MongoDB using the ip address of your host, or preferably using it's fully qualified hostname rather than "localhost". If you do that, you should secure your MongoDB installation otherwise anyone would be able to connect to your MongoDB instance. At an absolute minimum, enable MongoDB authentication. You should read up on MongoDB Security.
For a mobile application, you would probably have some sort of application server in front of MongoDB, e.g. your mobile application would not be connecting to MongoDB directly. In that case only your application server would be connecting to MongoDB, and you would secure MongoDB accordingly.
Related
I'm learning the concepts of a NoSQL database, especially CouchDB. But I have a doubt that may sound stupid, but I have not found answers on the internet. Where does CouchDB work? On a regular web hosting service or on my local network? Ex: My computer and my localhost.
CouchDB can be installed as single-node on any computer, including your local machine. CouchDB may also be used in clustered mode.
HTTP is used to write data (documents) and request information from the database. Therefore, the database may be hosted along with your website but it doesn't have to. All depends on your use case. The only important thing is that your web application knows about the host name, port number and credentials allowing it to access CouchDB over HTTP.
I was using Galaxy to host my meteor app and recently decided to host my app with Amazon Cloudfront serving static webpage (angular client) and connect that to my meteor app running on an EC2 container.
I have the static page working and I have the meteor app on the EC2 container, which points to a remote mongo server, working as well. I am using the meteor-client-bundler package to attempt to connect the client (static cloudfront) to the Meteor server via DDP URL. Here is where I am stuck.
The DDP Url should be my meteor server correct? Hosted at ec2....amazonaws.com)? I feel like it has to be because I have publications and methods on the server I will need to hit constantly. If that is correct, then what if I also want to have two EC2 containers running the same Meteor app? Just like in Galaxy, in case 1 is getting maintenance work done or goes down, I want the backup to take over. How can I set up two different DDP urls?
You should use a custom domain for the server, and use that custom domain in the DDP URL. While using the EC2 address will work, it's better to use a different address, especially if you ever want to move to another provider.
You can use NGINX as a reverse proxy to have 2 or more Meteor apps on the one box. It's not too difficult to set up.
You can also use Meteor up (aka mup) to do multiple deployments to the same box. http://meteor-up.com/ Meteor up will give you a very simple way to deploy, it will even revert to the previous version if something goes wrong automatically. You can even configure it to run letsencrypt to give you https security, and automatically renew the certs.
For anyone who is new to this stuff like I am, I figured out to buy another domain name, use dns (route 53) to a load balancer (elastic beanstalk) which handles multiple ec2s for 1 domain, and then point your ddp from the client to the domain. Boom. Thanks for the help #Mikkel
Is it ok to host both a web app and db server on different cloud providers? Traditionally you really needed to host both on the same network - but I'm wondering if, with modern networks, this is less of a necessity.
I have a web app (Aurelia/ASP.Net Core) hosted on Linode and I need to add a mongo db server. I really don't want to have to manage the db servers - so would prefer to use a cloud service like MongoAtlas or mLab etc but my concern is latency. I'm hoping that I could use either of these if I chose a data center in the same country/location as my Linodes are hosted.
My app should be ok with not-so-real-time responses - but lags of a few seconds won't work.
Can anyone comment on experiences with this?
I am currently looking at possible development models for a device that will be in a clients home. I need the device to run a local copy of Meteor while also being able to get and insert information from a central server in a secure/reactive way.
All sensitive information has not been included in this image
I am required to make a local server as I need to run shell commands on the device. While the device could make HTTP webhook calls, it would be slow due to packet travel time and does not meet requirements.
I know that the local server could connect to the Central Server mongodb which would be ideal, however as this local server is physically located in a clients house, this means that the mongodb password would be exposed (big security problem). Also I would be unable to control what information is sent to the local server. I was unable to find a way to subscribe to an external server, which would be a great solution.
Another way could be that the local server simply use HTTP requests, however another requirement is that Audit requests appear almost as soon as they are issued which is ideal for a reactive mongodb item. A heartbeat wouldn't really fit due to the data/processing overheads and slowness.
The summary the question is: How to make a device to run a local copy of Meteor while also being able to get and insert information from a central server in a secure/reactive way.
Well in the end, I found that you can use cross-server and even CORS connections with https://docs.meteor.com/api/connections.html
So now any aspiring developer can use the DDP framework.
I am setting up two computers to run a web application. web-host hosts a MongoDB database and NodeJS web server, while worker runs some more demanding processes and populates the database. Using an SSH tunnel from worker, web-host:27017 is accessible using localhost:9999 from worker. web-host:80 has been set up to be accessible on http://our.corporate.site/my_site/.
At the moment MongoDB has no authentication on it - anything that can contact web-host:27017 can read or write anything to the database.
With this setup, how paranoid should I be about authenticating requests to MongoDB? The answers to this question seemed to suggest not very. Considering access is only possible from localhost it seems about as secure as the local file system. In MySQL I usually have a special 'web' user with limited privileges to limit the damage of an injection attack in case I make a mistake sanitizing input, however MongoDB seems less vulnerable to injection (or at least easier to sanitize) compared with MySQL.
Here's the issue: If you do set-up Mongo authentication, you are going to need to store the keys on the machine that accesses it.
So assuming that web-host:80 is compromised, the keys are also vulnerable.
There are some mitigation processes you can use to secure your environment, but there is no silver bullet if an attacker gains root access to your environment.
First I would consider putting mongodb on a separate machine on a private internal network that can only be accessed by machines in a DMZ (the part of the network where machines can communicate with your internal network and the outside world).
Next, assuming you are running a Linux-based system, you should be able to use AppArmor or SELinux to limit which processes are allowed to make outbound network requests. In this case only your webapp process should be able to initiate network requests such as connecting to your Mongo database.
If an attacker was able to get non-root access on your machine, the SELinux/AppArmor system policy would prevent them from initiating a connection to your database from their own script.
Using this architecture, you should be more secure than simply augmenting your current architecture with authentication. In a choice between the SELinux/AppArmor, I would use SELinux, since it is was much more mature and had much more granular control the last time I checked.