So i’ve set up an ubuntu 16.04 droplet, that contains a keystonejs app. Apart from the obvious I’ve installed a mongodb to run on the droplet to contain the collections from the keystonejs app. Everything runs and works perfectly, however now i’m trying to secure it since I don’t ‘think’ it’s secure. So following the article at https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04
I’ve added a user and change the security to on (i did not have the mongod.conf file but i had the mongodb.conf file with a different bunch of settings)
At the moment my keystonejs app looks like this
password = process.env.DB_PASS
passworddev = process.env.DB_PASS_DEV
keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/admin")
// keystone.set("mongo","mongodb://:test1"+passworddev+"@localhost:27017/my-site")
keystone.set('cloudinary config', process.env.CLOUDINARY_URL);
keystone.set('cookie secret', process.env.COOKIE_SECRET);
keystone.import('models');
keystone.set('locals', {
_: require('lodash'),
env: keystone.get('env'),
utils: keystone.utils,
editable: keystone.content.editable,
});
keystone.set('routes', require('./routes'));
keystone.set('adminui custom styles', './public/styles/keystone.less');
keystone.set('nav', {
posts: ['posts', 'post-categories'],
galleries: ['galleries','mag','ophelia'],
images:'images',
enquiries: 'enquiries',
users: 'users',
pages:['ExtraPage','HomePage','AboutPage','ArtistPage','ContactPage','Blog_Page', 'ExhibitionPage'],
exhibitions:['Exhibition', 'ExhibitionCategory']
});
keystone.set('cloudinary secure', true);
keystone.init({
'name': 'My Site',
'brand': 'My Site',
'port':'3000',
'less': 'public',
'static': 'public',
'favicon': 'public/favicon.ico',
'views': 'templates/views',
'view engine': '.hbs',
'custom engine': ephbs.create({
layoutsDir: 'templates/views/layouts',
partialsDir: 'templates/views/partials',
defaultLayout: 'default',
helpers: new require('./templates/views/helpers')(),
extname: '.hbs',
}).engine,
'auto update': true,
'session': true,
'auth': true,
'user model': 'User',
});
The important changes in my conf file
bind_ip = 127.0.0.1
#port = 27017
# Turn on/off security. Off is currently the default
#noauth = true
auth = true
I can get everything to work on my local instance of the same keystone app, but for some reason on the live version i get the following error. This is strange because I’ve created a user ‘admingreg’ and i have the password set as ‘test’ in the admin database and i’ve also tried change the mongo string to match a keystone user in the db ‘my-site’ as it is for the development string. I’ve console.log the process.env setting and it’s correct, so the problem is something to do with the settings with the mongodb on the droplet
0|keystone | name: 'MongoError',
0|keystone | message: 'auth failed',
0|keystone | ok: 0,
0|keystone | errmsg: 'auth failed',
0|keystone | code: 18 }
mongodb error log
2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.artists" }
2019-05-17T23:43:40.423+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.423+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitions" }
2019-05-17T23:43:40.423+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.exhibitioncategories" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.galleries" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
2019-05-17T23:43:40.424+0000 [conn84] assertion 13 not authorized for query on my-site.system.indexes ns:my-site.system.indexes query:{ ns: "my-site.images" }
2019-05-17T23:43:40.424+0000 [conn84] ntoskip:0 ntoreturn:1000
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Based on the information provided, it looks like the user admingreg does not have the correct permissions to access the database my-site.
In MongoDB, permissions are granted on a per-database basis. If you’ve created the user admingreg in the admin database, that user might not have permissions to access the my-site database unless those permissions were explicitly granted.
Here’s how you can grant the admingreg user the readWrite role on the my-site database:
- Login to the mongo shell as an admin user:
- mongo -u admin -p --authenticationDatabase admin
- Switch to the
my-sitedatabase:
- use my-site
- Grant the
readWriterole to theadmingreguser:
db.grantRolesToUser('admingreg', [{ role: 'readWrite', db: 'my-site' }])
This command gives admingreg the ability to read and write data in the my-site database.
After doing this, you should be able to connect to MongoDB with the admingreg user and access the my-site database.
Another thing to note: The MongoDB connection string format when you’re using authentication is: mongodb://user:password@localhost/dbname.
Your current connection string points to the admin database. If your KeystoneJS app is using the my-site database, you should adjust your connection string to point to that database:
keystone.set("mongo","mongodb://admingreg:"+password+"@127.0.0.1:27017/my-site")
This will ensure that the admingreg user is authenticated against the correct database.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.