Trouble securing mongodb

May 17, 2019 314 views
Node.js NoSQL Ubuntu 16.04

So i’ve set up an ubuntu 16.04 droplet, that contains a keystonejs app. Apart from the obvious I’ve installed a mongodb to run on the droplet to contain the collections from the keystonejs app. Everything runs and works perfectly, however now i’m trying to secure it since I don’t ‘think’ it’s secure. So following the article at https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04

I’ve added a user and change the security to on (i did not have the mongod.conf file but i had the mongodb.conf file with a different bunch of settings)

At the moment my keystonejs app looks like this


    password = process.env.DB_PASS
    passworddev = process.env.DB_PASS_DEV

    keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/admin")
    // keystone.set("mongo","mongodb://:test1"+passworddev+"@localhost:27017/my-site")



        keystone.set('cloudinary config', process.env.CLOUDINARY_URL);
        keystone.set('cookie secret', process.env.COOKIE_SECRET);

        keystone.import('models');


        keystone.set('locals', {
            _: require('lodash'),
            env: keystone.get('env'),
            utils: keystone.utils,
            editable: keystone.content.editable,
        });
        keystone.set('routes', require('./routes'));
        keystone.set('adminui custom styles', './public/styles/keystone.less');
        keystone.set('nav', {
            posts: ['posts', 'post-categories'],
            galleries: ['galleries','mag','ophelia'],
            images:'images',
            enquiries: 'enquiries',
            users: 'users',
            pages:['ExtraPage','HomePage','AboutPage','ArtistPage','ContactPage','Blog_Page', 'ExhibitionPage'],
            exhibitions:['Exhibition', 'ExhibitionCategory']
        });

        keystone.set('cloudinary secure', true);



    keystone.init({
        'name': 'My Site',
        'brand': 'My Site',
        'port':'3000',
        'less': 'public',
        'static': 'public',
        'favicon': 'public/favicon.ico',
        'views': 'templates/views',
        'view engine': '.hbs',


        'custom engine': ephbs.create({
            layoutsDir: 'templates/views/layouts',
            partialsDir: 'templates/views/partials',
            defaultLayout: 'default',
            helpers: new require('./templates/views/helpers')(),
            extname: '.hbs',
        }).engine,

        'auto update': true,
        'session': true,
        'auth': true,
        'user model': 'User',
    });

The important changes in my conf file

    bind_ip = 127.0.0.1
    #port = 27017

    # Turn on/off security.  Off is currently the default

    #noauth = true
    auth = true

I can get everything to work on my local instance of the same keystone app, but for some reason on the live version i get the following error.
This is strange because I’ve created a user 'admingreg’ and i have the password set as 'test’ in the admin database and i’ve also tried change the mongo string to match a keystone user in the db 'my-site’ as it is for the development string.
I’ve console.log the process.env setting and it’s correct, so the problem is something to do with the settings with the mongodb on the droplet

    0|keystone |   name: 'MongoError',
    0|keystone |   message: 'auth failed',
    0|keystone |   ok: 0,
    0|keystone |   errmsg: 'auth failed',
    0|keystone |   code: 18 }

mongodb error log

  2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.artists" }
    2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitions" }
    2019-05-17T23:43:40.423+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitioncategories" }
    2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.galleries" }
    2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000
    2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.images" }
    2019-05-17T23:43:40.424+0000 [conn84]  ntoskip:0 ntoreturn:1000


Be the first one to answer this question.