반응형
반응형
MongoDB 외부접속 허용하기에 대해 설명하기 위해 해당 포스팅을 작성하였습니다.
MongoDB를 처음 설치하면 설치된 서버의 로컬(127.0.0.1)에서만 접근할 수 있습니다.
이에 방화벽 이나 AWS를 사용한 경우에 보안설정을 통해 해당 포트를 열어 두었어도 원격에서 접속이 되지 않습니다.
그래서 오늘은 외부에서 MongoDB에 접속을 할때, 접속 허용 아이피를 변경하는 방법에 대해 알아보려고 합니다.
MongoDB 외부접속 허용하는 방법
1. MongoDB 설정 파일 vi 에디터로 열기
반응형
$vi /etc/mongod.conf
2. MongoDB 설정파일 수정하기
반응형
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# bindIp: 127.0.0.1
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
security:
authorization: 'enabled'
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
Mongodb 처음 설치 후, IP 허용 부분만 변경한 config 파일의 상태 입니다. 해당 config 파일 간 bindIp 부분이
127.0.0.1로 되어있을텐데, 해당 부분을 0.0.0.0 으로 설정 후 저장하면 모든 IP에 대해서 허용하게 됩니다.
참고로 접속할 port를 변경하고 싶을때는 바로 위에 있는 port 부분을 변경해 주시면 됩니다.
3. MongoDB 재 실행 하기
$ sudo systemctl restart mongod여기까지 완료 하셨다면, 정상적으로 외부에서 접근이 되는 상태입니다. 추가로 아래의 방법으로 상태를 확인할 수 있습니다.
4. MongoDB 현재 상태 확인 하기
반응형
$ sudo systemctl status mongod
● mongod.service - MongoDB Database Server
Loaded: loaded (/etc/systemd/system/mongod.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-08-26 13:49:37 UTC; 5min ago
Docs: https://docs.mongodb.org/manual
Main PID: 870 (mongod)
CGroup: /system.slice/mongod.service
└─870 /usr/bin/mongod --config /etc/mongod.conf
Aug 26 13:49:37 ip-XXX-XX-XX-XX systemd[1]: Started MongoDB Database Server.위에서 보시는 것 처럼 config를 저희가 수정하였던 /etc/mongod.conf 를 불러오는 것을 확인 할 수 있습니다.
5. 해당 IP 및 포트로 바인딩이 되고 있는지 확인 하기
반응형
ubuntu@ip-XXX-XXX-XXX-XXX:~$ sudo netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 870/mongodnetstat 명령어를 통해 위와 같이 0.0.0.0에 27017로 정상적으로 바인딩이 되고 있는것을 확인하실 수 있습니다.
마지막으로 MongoDB 실행시 parameter를 통해 외부접속 하는 방법과 추가 파라미터 정보들을 확인하는 방법에
대해 공유 드리면서 마무리 하도록 하겠습니다. 오늘도 즐거운 하루되세요 :)
MongoDB 실행시 parameter전달을 통해 외부접속 허용하는 방법
반응형
$mongod --bind_ip 0.0.0.0
MongoDB 추가 파라미터들에 대한 정보 확인 방법
반응형
$ mongod --help
Options:
General options:
-v [ --verbose ] [=arg(=v)] be more verbose (include multiple times
for more verbosity e.g. -vvvvv)
--quiet quieter output
--port arg specify port number - 27017 by default
--logpath arg log file to send write to instead of
stdout - has to be a file, not
directory
--syslog log to system's syslog facility instead
of file or stdout
--syslogFacility arg syslog facility used for mongodb syslog
message
--logappend append to logpath instead of
over-writing
--logRotate arg set the log rotation behavior
(rename|reopen)
--timeStampFormat arg Desired format for timestamps in log
messages. One of ctime, iso8601-utc or
iso8601-local
--setParameter arg Set a configurable parameter
-h [ --help ] show this usage information
--version show version information
-f [ --config ] arg configuration file specifying
additional options
--bind_ip arg comma separated list of ip addresses to
listen on - localhost by default
--bind_ip_all bind to all ip addresses
--ipv6 enable IPv6 support (disabled by
default)
--listenBacklog arg (=128) set socket listen backlog size
--maxConns arg max number of simultaneous connections
- 1000000 by default
--pidfilepath arg full path to pidfile (if not set, no
pidfile is created)
--timeZoneInfo arg full path to time zone info directory,
e.g. /usr/share/zoneinfo
--keyFile arg private key for cluster authentication
--noauth run without security
--transitionToAuth For rolling access control upgrade.
Attempt to authenticate over outgoing
connections and proceed regardless of
success. Accept incoming connections
with or without authentication.
--clusterAuthMode arg Authentication mode used for cluster
authentication. Alternatives are
(keyFile|sendKeyFile|sendX509|x509)
--nounixsocket disable listening on unix sockets
--unixSocketPrefix arg alternative directory for UNIX domain
sockets (defaults to /tmp)
--filePermissions arg permissions to set on UNIX domain
socket file - 0700 by default
--fork fork server process
--slowms arg (=100) value of slow for profile and console
log
--slowOpSampleRate arg (=1) fraction of slow ops to include in the
profile and console log
--networkMessageCompressors [=arg(=disabled)] (=snappy)
Comma-separated list of compressors to
use for network messages
--auth run with security
--clusterIpSourceWhitelist arg Network CIDR specification of permitted
origin for `__system` access.
--profile arg 0=off 1=slow, 2=all
--cpu periodically show cpu and iowait
utilization
--sysinfo print some diagnostic system
information
--noIndexBuildRetry don't retry any index builds that were
interrupted by shutdown
--noscripting disable scripting engine
--notablescan do not allow table scans
--shutdown kill a running server (for init
scripts)
Replication options:
--oplogSize arg size to use (in MB) for replication op
log. default is 5% of disk space (i.e.
large is good)
--master Master/slave replication no longer
supported
--slave Master/slave replication no longer
supported
Replica set options:
--replSet arg arg is <setname>[/<optionalseedhostlist
>]
--replIndexPrefetch arg specify index prefetching behavior (if
secondary) [none|_id_only|all]
--enableMajorityReadConcern [=arg(=1)] (=1)
enables majority readConcern
Sharding options:
--configsvr declare this is a config db of a
cluster; default port 27019; default
dir /data/configdb
--shardsvr declare this is a shard db of a
cluster; default port 27018
SSL options:
--sslOnNormalPorts use ssl on configured ports
--sslMode arg set the SSL operation mode
(disabled|allowSSL|preferSSL|requireSSL
)
--sslPEMKeyFile arg PEM file for ssl
--sslPEMKeyPassword arg PEM file password
--sslClusterFile arg Key file for internal SSL
authentication
--sslClusterPassword arg Internal authentication key file
password
--sslCAFile arg Certificate Authority file for SSL
--sslClusterCAFile arg CA used for verifying remotes during
outbound connections
--sslCRLFile arg Certificate Revocation List file for
SSL
--sslDisabledProtocols arg Comma separated list of TLS protocols
to disable [TLS1_0,TLS1_1,TLS1_2]
--sslWeakCertificateValidation allow client to connect without
presenting a certificate
--sslAllowConnectionsWithoutCertificates
allow client to connect without
presenting a certificate
--sslAllowInvalidHostnames Allow server certificates to provide
non-matching hostnames
--sslAllowInvalidCertificates allow connections to servers with
invalid certificates
--sslFIPSMode activate FIPS 140-2 mode at startup
Storage options:
--storageEngine arg what storage engine to use - defaults
to wiredTiger if no data files present
--dbpath arg directory for datafiles - defaults to
/data/db
--directoryperdb each database will be stored in a
separate directory
--noprealloc disable data file preallocation - will
often hurt performance
--nssize arg (=16) .ns file size (in MB) for new databases
--quota limits each database to a certain
number of files (8 default)
--quotaFiles arg number of files allowed per db, implies
--quota
--smallfiles use a smaller default file size
--syncdelay arg (=60) seconds between disk syncs (0=never,
but not recommended)
--upgrade upgrade db if needed
--repair run repair on all dbs
--repairpath arg root directory for repair files -
defaults to dbpath
--journal enable journaling
--nojournal disable journaling (journaling is on by
default for 64 bit)
--journalOptions arg journal diagnostic options
--journalCommitInterval arg how often to group/batch commit (ms)
WiredTiger options:
--wiredTigerCacheSizeGB arg maximum amount of memory to allocate
for cache; defaults to 1/2 of physical
RAM
--wiredTigerJournalCompressor arg (=snappy)
use a compressor for log records
[none|snappy|zlib]
--wiredTigerDirectoryForIndexes Put indexes and data in different
directories
--wiredTigerMaxCacheOverflowFileSizeGB arg (=0)
Maximum amount of disk space to use for
cache overflow; Defaults to 0
(unbounded)
--wiredTigerCollectionBlockCompressor arg (=snappy)
block compression algorithm for
collection data [none|snappy|zlib]
--wiredTigerIndexPrefixCompression arg (=1)
use prefix compression on row-store
leaf pages
Free Monitoring options:
--enableFreeMonitoring arg Enable Cloud Free Monitoring
(on|runtime|off)
--freeMonitoringTag arg Cloud Free Monitoring Tags반응형
'IT Tech > MongoDB' 카테고리의 다른 글
| Mac에서 HomeBrew를 이용한 MongoDB 설치하기 (1) | 2020.09.22 |
|---|---|
| MongoDB TTL(Time To Live) 설정하기 (0) | 2020.04.21 |
| MongoDB 컬렉션 및 필드명 변경하기 (0) | 2020.04.20 |
댓글