Shulou(Shulou.com)06/01 Report--

This article mainly explains "Ubuntu how to open MongoDB IP Security", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's take you to learn "Ubuntu how to open MongoDB IP Security"!

The default configuration for Mongo DB 3.6 protects data from external threats by denying unauthorized links access to the public network. MongoDB will only listen for local links unless rules are added to allow listening on other addresses.

To see this tutorial, you need:

Install MongoDB 3.6 Multiple network interfaces on the server (this will use an AWS EC2 instance) Learn the basics of IP networking and configure private IP

I started an instance of AWS EC2 with Ubuntu 16.04 LTS installed and MongoDB 3.6 installed I want to allow some of my VPC IP addresses to connect to our MongoDB database. In this way, we can ensure that only our designated IP and local computer can connect to the database, while other unfamiliar addresses are prohibited from accessing the database.

Start the Ubuntu instance in the VPC public subnet first. Install mongodb3.6 according to the MongoDB official website documentation. You can check which network port the process occupies by using the following command:

ubuntu@ip-172-16-0-211:~$ sudo netstat -plant | egrep mongodtcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 2549/mongod

The command output shows that the user is only allowed to access the database through port 27017 of the host. If you want other systems to access the database, you need to bind IP. Run ifconfig command

ubuntu@ip-172-16-0-211:~$ ifconfigeth0 Link encap:Ethernet HWaddr 0e:5e:76:83:49:3einet addr:172.16.0.211 Bcast:172.16.0.255 Mask:255.255.255.0inet6 addr: fe80::c5e:76ff:fe83:493e/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1RX packets:65521 errors:0 dropped:0 overruns:0 frame:0TX packets:7358 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:94354063 (94.3 MB) TX bytes:611646 (611.6 KB)

Now that we know the network address we want to listen to, open the/etc/mongodb.conf file and edit it. The file is modified as follows:

# network interfacesnet:port: 27017bindIp: 127.0.0.1,172.16.0.211

Now add an IP address of 172.16.0.211 to the file and restart the mongod service.

ubuntu@ip-172-16-0-211:~$ sudo service mongod stopubuntu@ip-172-16-0-211:~$ sudo service mongod startubuntu@ip-172-16-0-211:~$ sudo netstat -plnt | egrep mongodtcp 0 0 172.16.0.211:27017 0.0.0.0:* LISTEN 2892/mongodtcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 2892/mongod

As you can see, the database can now accept requests for specified IPs in addition to native. Through local connections:

ubuntu@ip-172-16-0-211:~$ mongo localhostMongoDB shell version v3.6.0-rc2connecting to: mongodb://127.0.0.1:27017/localhost

Connect by specifying IP

ubuntu@ip-172-16-0-211:~$ mongo 172.16.0.211MongoDB shell version v3.6.0-rc2connecting to: mongodb://172.16.0.211:27017/test

The default native configuration has many advantages, but now you need to explicitly specify which networks can connect to the database to prevent untrusted networks from connecting to the system. It is important to ensure that MongoDB systems are not vulnerable to remote attacks, ensuring that only IPs on the security manifest can connect to the system.

At this point, I believe that everyone has a deeper understanding of "Ubuntu how to open MongoDB IP Security", so let's actually operate it! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.