Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question
blocked ip in spam Question Question

Question

Trouble securing mongodb

Posted May 17, 2019 1.4k views
Node.jsNoSQLUbuntu 16.04

So i’ve set up an ubuntu 16.04 droplet, that contains a keystonejs app. Apart from the obvious I’ve installed a mongodb to run on the droplet to contain the collections from the keystonejs app. Everything runs and works perfectly, however now i’m trying to secure it since I don’t ‘think’ it’s secure. So following the article at https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04

I’ve added a user and change the security to on (i did not have the mongod.conf file but i had the mongodb.conf file with a different bunch of settings)

At the moment my keystonejs app looks like this


    password = process.env.DB_PASS
    passworddev = process.env.DB_PASS_DEV

    keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/admin")
    // keystone.set("mongo","mongodb://:test1"+passworddev+"@localhost:27017/my-site")



        keystone.set('cloudinary config', process.env.CLOUDINARY_URL);
        keystone.set('cookie secret', process.env.COOKIE_SECRET);

        keystone.import('models');


        keystone.set('locals', {
            _: require('lodash'),
            env: keystone.get('env'),
            utils: keystone.utils,
            editable: keystone.content.editable,
        });
        keystone.set('routes', require('./routes'));
        keystone.set('adminui custom styles', './public/styles/keystone.less');
        keystone.set('nav', {
            posts: ['posts', 'post-categories'],
            galleries: ['galleries','mag','ophelia'],
            images:'images',
            enquiries: 'enquiries',
            users: 'users',
            pages:['ExtraPage','HomePage','AboutPage','ArtistPage','ContactPage','Blog_Page', 'ExhibitionPage'],
            exhibitions:['Exhibition', 'ExhibitionCategory']
        });

        keystone.set('cloudinary secure', true);



    keystone.init({
        'name': 'My Site',
        'brand': 'My Site',
        'port':'3000',
        'less': 'public',
        'static': 'public',
        'favicon': 'public/favicon.ico',
        'views': 'templates/views',
        'view engine': '.hbs',


        'custom engine': ephbs.create({
            layoutsDir: 'templates/views/layouts',
            partialsDir: 'templates/views/partials',
            defaultLayout: 'default',
            helpers: new require('./templates/views/helpers')(),
            extname: '.hbs',
        }).engine,

        'auto update': true,
        'session': true,
        'auth': true,
        'user model': 'User',
    });

The important changes in my conf file

    bind_ip = 127.0.0.1
    #port = 27017

    # Turn on/off security.  Off is currently the default

    #noauth = true
    auth = true

I can get everything to work on my local instance of the same keystone app, but for some reason on the live version i get the following error.
This is strange because I’ve created a user 'admingreg’ and i have the password set as 'test’ in the admin database and i’ve also tried change the mongo string to match a keystone user in the db 'my-site’ as it is for the development string.
I’ve console.log the process.env setting and it’s correct, so the problem is something to do with the settings with the mongodb on the droplet

    0|keystone |   name: 'MongoError',
    0|keystone |   message: 'auth failed',
    0|keystone |   ok: 0,
    0|keystone |   errmsg: 'auth failed',
    0|keystone |   code: 18 }

mongodb error log

  2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.artists" }
    2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitions" }
    2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitioncategories" }
    2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.galleries" }
    2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.images" }
    2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
Add a comment
yatesgregory92
By:
yatesgregory92

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question
blocked ip in spam Question Question
Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Related

Looking for something else?

Ask a new question Search for more help