I have been using rockmongo as my client for mongodb on localhost for testing.
For prodction i DONT want a client online as this might reduce security.
Is there a client which will allow me to connect SSH? kind of like MySql Workbench?
or
Can rockmongo stay on my local computer and i connect to EC2 instance which has mongodb for production viewing?
or
Is there a better alternative to all of this?
My setup is a standard LAMP stack. willing to make any changes necessary.
MongoHub has the option to connect over ssh, but the app kind of sucks. It crashes a lot.
A more generic approach would be to just create your own ssh tunnel to your production server, and then connect over that through whatever client you want. The client won't care as long as it can make the connection.
On OSX/Linux, creating an ssh tunnel might look like this:
ssh -L 8080:127.0.0.1:27017 -f -C -q -N username#domain.com
This would open a local port 8080 which will forward the traffic to the localhost interface at the mongodb default port 27017 on the remote side. You would point your client at 127.0.0.1:8080 as if mongodb were running there locally.
Check some of these out - http://www.mongodb.org/display/DOCS/Admin+UIs
One workaround would be to set that file in a separate folder and make a .htaccess file that restricts access to only your ip address. Any requests not from your ip address would get denied access...
Related
Ubuntu 16.04 LTS
I have followed the guides which all say the same thing; to enable remote connection to a postgres server, update the postgresql.conf file, update the pg_hba.conf file and make sure the port (5432) is open and firewall is not blocking.
When I attempt to connect to my server from the remote machine using the following command, I receive no response (for example, 'Connection refused...'). It hangs as if the firewall has DROP policy, but I checked and the host's firewall is ACCEPT all. Here is the command:
psql -h 45.67.82.123 -U postgres -p 5432 -d mydatabase
I have googled extensively and can't find anyone else who's psql request sits with no response from the host server.
Edit: I should mention I have been connecting locally on the host machine. I should also mention that the data directory on the host machine is in a non-default location. I have my cluster on a mounted drive, in case this could affect the remote connection.
Solution:
It is my first AWS instance and I didn't know they have their own firewall rules on the platform. So I was highly confused by the fact all my policies were ACCEPT on my server. Turns out you are behind AWS firewall and you have to go onto the platform to add/change security groups etc. In the past when I've used Digital Ocean droplets or Linodes, the firewall policy on the vps is all I need to change. AWS threw me another curveball there.
I am running openerp(odoo) application from amazon cloud server using putty and it is ubuntu Headless(NO GUI) server. PostgreSQL is the database used for this application. Right now I am only able to access it in command mode as there is no gui in Putty. In Windows, I have installed pgadmin3. Is it possible to access it from here by configuring?
You can configure your security group to open up the postgres port accessible from your IP address (I would highly recommend the access to be limited that way). After that you can just point your GUI client the external IP address of your instance using the port where the service is running on.
I suggest you to use pgadmin gui tool to access postgres database.
You can set up an SSH tunnel in putty and use that to access the remote database with your local pgadmin3. This is a very good and secure way to do things.
First, in Putty (Connection / SSH / Tunnels) add a source port of your choice, 5000 for example. Then enter localhost:5432 for Destination (providing postgres is running on port 5432 on the server). Press Add and save your session. Next time you open your ssh connection with Putty, the tunnel will be active.
After this, set up a new connection in pgadmin3, Host: localhost and Port: 5000 (and your username and pasword, of course). Now, if the putty session is active, you should be able to connect.
In postgresql.conf file, find a line called
listen_addresses = 'localhost' and change it to '*'
Next in pg_hba.conf add this line in IPV4 local connections,
host all all (Your external ip address in CIDR format) trust
Finally restart the database using this command,sudo service postgresql restart
I have a mongoDB container running on an instance built with docker-machine, maintained with docker-compose. The mongoDB process isn't exposed to external traffic.
I want to connect to the remote mongoDB server using a GUI tool installed locally and without exposing any ports on the remote machine.
What's the best way to do this? Is there any way I can tunnel the connection via ssh with the docker-machinie ssh command?
What's the best way to do this? Is there any way I can tunnel the
connection via ssh with the docker-machinie ssh command?
Yes. Per the docs, docker-machine invokes the standard OpenSSH client. You can use the same -L syntax that you'd normally use for SSH tunneling. The end of the doc has an example using port 8080.
I could not understand what bind_ip in mongodb is. I could make a remote connection from desktop to the EC2 machine by having bind_ip = 0.0.0.0, but could not make it work with bind_ip = 127.0.0.1.
Please explain me what bind_ip is and why it works for 0.0.0.0 and not for 127.0.0.1.
For reference from mongodb docs:
bind_ip
Default: All interfaces.
Set this option to configure the mongod or mongos process to bind to and listen for connections from applications on this address.
You may attach mongod or mongos instances to any interface; however,
if you attach the process to a publicly accessible interface,
implement proper authentication or firewall restrictions to protect
the integrity of your database.
You may concatenate a list of comma separated values to bind mongod to multiple IP addresses.
Everywhere it's written that you have to bind them like this
bindIp : 127.0.0.1,192.168.0.50
but it doesn't work.
how it works, in the version 3.2.0 is
bindIp : [127.0.0.1,192.168.0.50]
so try to add your ips inside the [ ]
example :
# network interfaces
net:
port: 27017
bindIp : [127.0.0.1,0.0.0.0] (read what is written below in BOLD!)
However 0.0.0.0 opens up the stuff. While this is ok for TESTING, for production you should know the security implications of this setting!
Before binding your server to 0.0.0.0, please be clear about the security implications of those changes: Your server will be publicly exposed to all IPs on the whole internet. Be sure to enable authentication on your server!
You can't access your machine when you bind it to 127.0.0.1 on EC2. That's not a bug, it's reasoned by the network interface bindings.
127.0.0.1 will only bind to the loopback interface (so you will only be able to access it locally), while 0.0.0.0 will bind it to all network interfaces that are available.
That's why you can access your mongodb on EC2 when you bind it to 0.0.0.0(as it's available through the internet now) and not via 127.0.0.1.
For local servers (like a WAMP or a local mongodb server) that won't look different to you, but for that case you should also thing that binding to 0.0.0.0 for local servers might make them available over all network interfaces (so it might be public for someone who knows your IP, if there is no firewall!)
Read on a similar question on Server Fault here.
It should be clear for anyone looking up this answer that binding your mongoDB to 0.0.0.0 could be your worst move ever.
Please read up on the following article and make sure that whenever you DO decide to go all public with your (and your customers) data, you consider the following:
Do you have additional firewall rules to decide who or what can
access your service
Understand that when using Amazon EC2, if you allow 'internal' traffic it should be considered the same as putting it wide open, you
are not alone at Amazon
Are your services password protected ? And what kind of authentication ? Is the data submitted in clear text or using
encryption
Are you using the default database names, or have you copy pasted an example?
For linking to local Mongo db installation (dev environment), I found following 3 step process much easier - and it worked.
docker run -d -p 27017-27019:27017-27019 --name mongodb mongo
docker exec -it mongodb bash
mongo (voilla - you are in i.e. connected to Mongo dab)
Source: https://www.thepolyglotdeveloper.com/2019/01/getting-started-mongodb-docker-container-deployment/
I have a Postgres database on a linux server. I have root access which in turn can give me access to the database. In Windows you get PGAdminIII, which I would love to use to connect to the Linux server. I heard that tunneling might be necessary. I am not sure if that is true, or what it is really. Can anyone shed some light on the easiest way to get access to the database?
Tunneling is not strictly necessary. As long as you have port 5432 not firewalled, you should be able to connect to your Linux PostgreSQL server without much trouble.
You can check this from your Windows box by using this command from cmd console:
telnet linuxbox 5432
If you get black screen (not an error), then everything looks good and port 5432 should be open. Note that on Windows 7 you may need to enable telnet client (it is disabled by default) using this command:
pkgmgr /iu:"TelnetClient"
If your server is not located in your local network, or if you are concerned about security like somebody using network sniffer to watch your traffic, you should configure SSL/TLS on your PostgreSQL server - it is not very difficult to do, and completely free when using self-signed certificate.
Note that by default Postgres on Linux does not listen on network interfaces, you may need to enable it by editing postgresql.conf.