Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Trouble securing mongodb

So i’ve set up an ubuntu 16.04 droplet, that contains a keystonejs app. Apart from the obvious I’ve installed a mongodb to run on the droplet to contain the collections from the keystonejs app. Everything runs and works perfectly, however now i’m trying to secure it since I don’t ‘think’ it’s secure. So following the article at https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04

I’ve added a user and change the security to on (i did not have the mongod.conf file but i had the mongodb.conf file with a different bunch of settings)

At the moment my keystonejs app looks like this


    password = process.env.DB_PASS
    passworddev = process.env.DB_PASS_DEV
    
    keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/admin")
    // keystone.set("mongo","mongodb://:test1"+passworddev+"@localhost:27017/my-site")
    
    
    
        keystone.set('cloudinary config', process.env.CLOUDINARY_URL);
        keystone.set('cookie secret', process.env.COOKIE_SECRET);
    
    	keystone.import('models');
    
    
    	keystone.set('locals', {
    		_: require('lodash'),
    		env: keystone.get('env'),
    		utils: keystone.utils,
    		editable: keystone.content.editable,
    	});
    	keystone.set('routes', require('./routes'));
    	keystone.set('adminui custom styles', './public/styles/keystone.less');
    	keystone.set('nav', {
    		posts: ['posts', 'post-categories'],
    		galleries: ['galleries','mag','ophelia'],
    		images:'images',
    		enquiries: 'enquiries',
    		users: 'users',
    		pages:['ExtraPage','HomePage','AboutPage','ArtistPage','ContactPage','Blog_Page', 'ExhibitionPage'],
    		exhibitions:['Exhibition', 'ExhibitionCategory']
    	});
    	
    	keystone.set('cloudinary secure', true);
    
    
    
    keystone.init({
    	'name': 'My Site',
    	'brand': 'My Site',
    	'port':'3000',
    	'less': 'public',
    	'static': 'public',
    	'favicon': 'public/favicon.ico',
    	'views': 'templates/views',
    	'view engine': '.hbs',
    
    
    	'custom engine': ephbs.create({
    		layoutsDir: 'templates/views/layouts',
    		partialsDir: 'templates/views/partials',
    		defaultLayout: 'default',
    		helpers: new require('./templates/views/helpers')(),
    		extname: '.hbs',
    	}).engine,
    
    	'auto update': true,
    	'session': true,
    	'auth': true,
    	'user model': 'User',
    });

The important changes in my conf file

    bind_ip = 127.0.0.1
    #port = 27017

    # Turn on/off security.  Off is currently the default

    #noauth = true
    auth = true

I can get everything to work on my local instance of the same keystone app, but for some reason on the live version i get the following error. This is strange because I’ve created a user ‘admingreg’ and i have the password set as ‘test’ in the admin database and i’ve also tried change the mongo string to match a keystone user in the db ‘my-site’ as it is for the development string. I’ve console.log the process.env setting and it’s correct, so the problem is something to do with the settings with the mongodb on the droplet

    0|keystone |   name: 'MongoError',
    0|keystone |   message: 'auth failed',
    0|keystone |   ok: 0,
    0|keystone |   errmsg: 'auth failed',
    0|keystone |   code: 18 }

mongodb error log

2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.artists" }
  2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitions" }
  2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitioncategories" }
  2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.galleries" }
  2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
  2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.images" }
  2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up