Question

Trouble securing mongodb

So i’ve set up an ubuntu 16.04 droplet, that contains a keystonejs app. Apart from the obvious I’ve installed a mongodb to run on the droplet to contain the collections from the keystonejs app. Everything runs and works perfectly, however now i’m trying to secure it since I don’t ‘think’ it’s secure. So following the article at https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04

I’ve added a user and change the security to on (i did not have the mongod.conf file but i had the mongodb.conf file with a different bunch of settings)

At the moment my keystonejs app looks like this


    password = process.env.DB_PASS
    passworddev = process.env.DB_PASS_DEV
    
    keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/admin")
    // keystone.set("mongo","mongodb://:test1"+passworddev+"@localhost:27017/my-site")
    
    
    
        keystone.set('cloudinary config', process.env.CLOUDINARY_URL);
        keystone.set('cookie secret', process.env.COOKIE_SECRET);
    
    	keystone.import('models');
    
    
    	keystone.set('locals', {
    		_: require('lodash'),
    		env: keystone.get('env'),
    		utils: keystone.utils,
    		editable: keystone.content.editable,
    	});
    	keystone.set('routes', require('./routes'));
    	keystone.set('adminui custom styles', './public/styles/keystone.less');
    	keystone.set('nav', {
    		posts: ['posts', 'post-categories'],
    		galleries: ['galleries','mag','ophelia'],
    		images:'images',
    		enquiries: 'enquiries',
    		users: 'users',
    		pages:['ExtraPage','HomePage','AboutPage','ArtistPage','ContactPage','Blog_Page', 'ExhibitionPage'],
    		exhibitions:['Exhibition', 'ExhibitionCategory']
    	});
    	
    	keystone.set('cloudinary secure', true);
    
    
    
    keystone.init({
    	'name': 'My Site',
    	'brand': 'My Site',
    	'port':'3000',
    	'less': 'public',
    	'static': 'public',
    	'favicon': 'public/favicon.ico',
    	'views': 'templates/views',
    	'view engine': '.hbs',
    
    
    	'custom engine': ephbs.create({
    		layoutsDir: 'templates/views/layouts',
    		partialsDir: 'templates/views/partials',
    		defaultLayout: 'default',
    		helpers: new require('./templates/views/helpers')(),
    		extname: '.hbs',
    	}).engine,
    
    	'auto update': true,
    	'session': true,
    	'auth': true,
    	'user model': 'User',
    });

The important changes in my conf file

    bind_ip = 127.0.0.1
    #port = 27017

    # Turn on/off security.  Off is currently the default

    #noauth = true
    auth = true

I can get everything to work on my local instance of the same keystone app, but for some reason on the live version i get the following error. This is strange because I’ve created a user ‘admingreg’ and i have the password set as ‘test’ in the admin database and i’ve also tried change the mongo string to match a keystone user in the db ‘my-site’ as it is for the development string. I’ve console.log the process.env setting and it’s correct, so the problem is something to do with the settings with the mongodb on the droplet

    0|keystone |   name: 'MongoError',
    0|keystone |   message: 'auth failed',
    0|keystone |   ok: 0,
    0|keystone |   errmsg: 'auth failed',
    0|keystone |   code: 18 }

mongodb error log

2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.artists" }
  2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitions" }
  2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitioncategories" }
  2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.galleries" }
  2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.images" }
  2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000


Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!