neiljny
By:
neiljny

How do I properly secure mongodb?

April 6, 2015 2.6k views
NoSQL MongoDB One-Click Install Apps

I have taken the steps provided by many of the pages over at mongodb's official site.
I still cannot seem to make it work. I posted a question on stack over flow too, because I don't know where this really belongs. I used DO's One Click installer, so I will post the question here as well:
http://stackoverflow.com/questions/29465358/unable-to-authenticate-mongodb-remotely

I am unable to authenticate mongodb remotely. I'm running Mongoid 3.0.0 provided by the DigitalOcean One-Click installer, and I can't seem to set up authentication properly.

I have 1 database called wbio_production. I followed mongodb docs tutorials as best as I could. When I execute:

> db.auth("siteUserAdmin","MYPASSWORD")
1
> db.getUsers()

The output of that is:

{
    "_id" : "admin.siteUserAdmin",
    "user" : "siteUserAdmin",
    "db" : "admin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
} 

And when I switch to the wbio_production database and perform the same getUsers():

> use wbio_production
switched to db wbio_production
> db.getUsers()
[
    {
        "_id" : "wbio_production.herokuUser",
        "user" : "herokuUser",
        "db" : "wbio_production",
        "roles" : [
            {
                "role" : "userAdmin",
                "db" : "wbio_production"
            },
            {
                "role" : "readWrite",
                "db" : "wbio_production"
            }
        ]
    }
]

When I fill out the connection form in Robomongo however, it cannot successfully connect to the database. Authorization always fails, however it does successfully connect to the database.

I have tried the following combinations of using the users above:

DB: Admin, User: siteUserAdmin
DB: Admin, User: herokuUser
DB: wbioproduction, User: siteUserAdmin
DB: wbio
production, User: herokuUser
All of them wind up with some output coming back in the heroku logs similar:

failed with error 13: "not authorized for query on wbio_production.mongoid_forums_forums"

I have tried reinstalling mongodb, recreating users based off different tutorials, and just trying different peoples explanations. I've spent about 5 hours now looking for a solution to my issue, and now I must turn to SO for your advice. I'm sure this is a simple error on my part that I am not understanding from the docs or something I am continuously missing in the set up.

What must I do to get a secured and functional MongoDB server? Thanks!

1 Answer

When this question was first asked, Robomongo did not support the MongoDB 3.x series. The good news is that support has been added more recently. Check out their blog post on the topic.

More generally for users of the DigitalOcean MongoDB One-Click, you can find more information about how it is configured in this tutorial:

By default, connections are restricted to localhost. In order to enable access over the internet, modify the value of bind_ip in /etc/mongod.conf Before doing so, make sure to check out the security checklist from the MongoDB documentation.

Robomongo RC8 (release notes) recently added support for making connections via an SSH tunnel. This allows for leaving MongoDB bound to localhost while still being able to make a secure remote connection.

MongoDB is a highly-scalable NoSQL database with a document-based data model and an expressive query language. DigitalOcean's MongoDB One-Click application allows you to quickly spin up a droplet with MongoDB pre-installed. It aims to help get your application off the ground quickly.
Have another answer? Share your knowledge.