So i’ve set up an ubuntu 16.04 droplet, that contains a keystonejs app. Apart from the obvious I’ve installed a mongodb to run on the droplet to contain the collections from the keystonejs app. Everything runs and works perfectly, however now i’m trying to secure it since I don’t ‘think’ it’s secure. So following the article at https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04
I’ve added a user and change the security to on (i did not have the mongod.conf file but i had the mongodb.conf file with a different bunch of settings)
At the moment my keystonejs app looks like this
password = process.env.DB_PASS
passworddev = process.env.DB_PASS_DEV
keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/admin")
// keystone.set("mongo","mongodb://:test1"+passworddev+"@localhost:27017/my-site")
keystone.set('cloudinary config', process.env.CLOUDINARY_URL);
keystone.set('cookie secret', process.env.COOKIE_SECRET);
keystone.import('models');
keystone.set('locals', {
_: require('lodash'),
env: keystone.get('env'),
utils: keystone.utils,
editable: keystone.content.editable,
});
keystone.set('routes', require('./routes'));
keystone.set('adminui custom styles', './public/styles/keystone.less');
keystone.set('nav', {
posts: ['posts', 'post-categories'],
galleries: ['galleries','mag','ophelia'],
images:'images',
enquiries: 'enquiries',
users: 'users',
pages:['ExtraPage','HomePage','AboutPage','ArtistPage','ContactPage','Blog_Page', 'ExhibitionPage'],
exhibitions:['Exhibition', 'ExhibitionCategory']
});
keystone.set('cloudinary secure', true);
keystone.init({
'name': 'My Site',
'brand': 'My Site',
'port':'3000',
'less': 'public',
'static': 'public',
'favicon': 'public/favicon.ico',
'views': 'templates/views',
'view engine': '.hbs',
'custom engine': ephbs.create({
layoutsDir: 'templates/views/layouts',
partialsDir: 'templates/views/partials',
defaultLayout: 'default',
helpers: new require('./templates/views/helpers')(),
extname: '.hbs',
}).engine,
'auto update': true,
'session': true,
'auth': true,
'user model': 'User',
});
The important changes in my conf file
bind_ip = 127.0.0.1
#port = 27017
# Turn on/off security. Off is currently the default
#noauth = true
auth = true
I can get everything to work on my local instance of the same keystone app, but for some reason on the live version i get the following error. This is strange because I’ve created a user ‘admingreg’ and i have the password set as ‘test’ in the admin database and i’ve also tried change the mongo string to match a keystone user in the db ‘my-site’ as it is for the development string. I’ve console.log the process.env setting and it’s correct, so the problem is something to do with the settings with the mongodb on the droplet
0|keystone | name: 'MongoError',
0|keystone | message: 'auth failed',
0|keystone | ok: 0,
0|keystone | errmsg: 'auth failed',
0|keystone | code: 18 }
mongodb error log
2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.artists" }
2019-05-17T23:43:40.423+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitions" }
2019-05-17T23:43:40.423+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitioncategories" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.galleries" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.images" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Based on the information provided, it looks like the user admingreg does not have the correct permissions to access the database my-site.
In MongoDB, permissions are granted on a per-database basis. If you’ve created the user admingreg in the admin database, that user might not have permissions to access the my-site database unless those permissions were explicitly granted.
Here’s how you can grant the admingreg user the readWrite role on the my-site database:
- Login to the mongo shell as an admin user:
- mongo -u admin -p --authenticationDatabase admin
- Switch to the
my-sitedatabase:
- use my-site
- Grant the
readWriterole to theadmingreguser:
db.grantRolesToUser('admingreg', [{ role: 'readWrite', db: 'my-site' }])
This command gives admingreg the ability to read and write data in the my-site database.
After doing this, you should be able to connect to MongoDB with the admingreg user and access the my-site database.
Another thing to note: The MongoDB connection string format when you’re using authentication is: mongodb://user:password@localhost/dbname.
Your current connection string points to the admin database. If your KeystoneJS app is using the my-site database, you should adjust your connection string to point to that database:
keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/my-site")
This will ensure that the admingreg user is authenticated against the correct database.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Start building today
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
