Question
Trouble securing mongodb
So i’ve set up an ubuntu 16.04 droplet, that contains a keystonejs app. Apart from the obvious I’ve installed a mongodb to run on the droplet to contain the collections from the keystonejs app. Everything runs and works perfectly, however now i’m trying to secure it since I don’t ‘think’ it’s secure. So following the article at https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04
I’ve added a user and change the security to on (i did not have the mongod.conf file but i had the mongodb.conf file with a different bunch of settings)
At the moment my keystonejs app looks like this
password = process.env.DB_PASS
passworddev = process.env.DB_PASS_DEV
keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/admin")
// keystone.set("mongo","mongodb://:test1"+passworddev+"@localhost:27017/my-site")
keystone.set('cloudinary config', process.env.CLOUDINARY_URL);
keystone.set('cookie secret', process.env.COOKIE_SECRET);
keystone.import('models');
keystone.set('locals', {
_: require('lodash'),
env: keystone.get('env'),
utils: keystone.utils,
editable: keystone.content.editable,
});
keystone.set('routes', require('./routes'));
keystone.set('adminui custom styles', './public/styles/keystone.less');
keystone.set('nav', {
posts: ['posts', 'post-categories'],
galleries: ['galleries','mag','ophelia'],
images:'images',
enquiries: 'enquiries',
users: 'users',
pages:['ExtraPage','HomePage','AboutPage','ArtistPage','ContactPage','Blog_Page', 'ExhibitionPage'],
exhibitions:['Exhibition', 'ExhibitionCategory']
});
keystone.set('cloudinary secure', true);
keystone.init({
'name': 'My Site',
'brand': 'My Site',
'port':'3000',
'less': 'public',
'static': 'public',
'favicon': 'public/favicon.ico',
'views': 'templates/views',
'view engine': '.hbs',
'custom engine': ephbs.create({
layoutsDir: 'templates/views/layouts',
partialsDir: 'templates/views/partials',
defaultLayout: 'default',
helpers: new require('./templates/views/helpers')(),
extname: '.hbs',
}).engine,
'auto update': true,
'session': true,
'auth': true,
'user model': 'User',
});
The important changes in my conf file
bind_ip = 127.0.0.1
#port = 27017
# Turn on/off security. Off is currently the default
#noauth = true
auth = true
I can get everything to work on my local instance of the same keystone app, but for some reason on the live version i get the following error.
This is strange because I’ve created a user 'admingreg’ and i have the password set as 'test’ in the admin database and i’ve also tried change the mongo string to match a keystone user in the db 'my-site’ as it is for the development string.
I’ve console.log the process.env setting and it’s correct, so the problem is something to do with the settings with the mongodb on the droplet
0|keystone | name: 'MongoError',
0|keystone | message: 'auth failed',
0|keystone | ok: 0,
0|keystone | errmsg: 'auth failed',
0|keystone | code: 18 }
mongodb error log
2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.artists" }
2019-05-17T23:43:40.423+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitions" }
2019-05-17T23:43:40.423+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitioncategories" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.galleries" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.images" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
