K
K
Konstantin Prishvin2017-05-11 00:12:35
MongoDB
Konstantin Prishvin, 2017-05-11 00:12:35

How to close access from outside to mongodb?

Good day. I'm trying to close access from outside to mongodb, but nothing happens.
Config:

# mongodb.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb.log

# Where and how to store data.
storage:
  dbPath: /var/db/mongodb
  journal:
    enabled: true

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1

Logs:
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten] MongoDB starting : pid=56378 port=27017 dbpath=/var/db/mongodb 64-bit host=xxx
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten] db version v3.2.11
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten] git version: 009580ad490190ba33d1c6253ebd8d91808923e4
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.2j-freebsd  26 Sep 2016
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten] allocator: system
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten] modules: none
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten] build environment:
2017-05-11T00:06:18.090+0300 I CONTROL  [initandlisten]     distarch: x86_64
2017-05-11T00:06:18.091+0300 I CONTROL  [initandlisten]     target_arch: x86_64
2017-05-11T00:06:18.091+0300 I CONTROL  [initandlisten] options: { config: "/usr/local/etc/mongodb.conf", net: { bindIp: "127.0.0.1", port: 27017 }, storage: { dbPath: "/var/db/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb.log" } }
2017-05-11T00:06:18.091+0300 I -        [initandlisten] Detected data files in /var/db/mongodb created by the 'mmapv1' storage engine, so setting the active storage engine to 'mmapv1'.
2017-05-11T00:06:18.099+0300 I JOURNAL  [initandlisten] journal dir=/var/db/mongodb/journal
2017-05-11T00:06:18.100+0300 I JOURNAL  [initandlisten] recover : no journal files present, no recovery needed
2017-05-11T00:06:19.067+0300 I JOURNAL  [durability] Durability thread started
2017-05-11T00:06:19.068+0300 I JOURNAL  [journal writer] Journal writer thread started
2017-05-11T00:06:19.072+0300 I CONTROL  [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 10328 processes, 200000 files. Number of processes should be at least 100000 : 0.5 times number of files.
2017-05-11T00:06:19.074+0300 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/db/mongodb/diagnostic.data'
2017-05-11T00:06:19.074+0300 I NETWORK  [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-05-11T00:06:19.085+0300 I NETWORK  [initandlisten] waiting for connections on port 27017
2017-05-11T00:08:04.322+0300 I NETWORK  [initandlisten] connection accepted from xxx.xxx.xxx.xxx:58529 #1 (1 connection now open)
2017-05-11T00:08:04.331+0300 I NETWORK  [initandlisten] connection accepted from xxx.xxx.xxx.xxx:58530 #2 (2 connections now open)
2017-05-11T00:08:05.783+0300 I NETWORK  [initandlisten] connection accepted from xxx.xxx.xxx.xxx:58531 #3 (3 connections now open)

However connections from outside go. On another server with Debian, this configuration worked, connections came only from the localhost.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
K
Konstantin Prishvin, 2017-06-03
@kostya-php

The problem was that the local interface was not assigned an IP address. After he appointed, Monga began to listen to requests only from him. Thank you all for your help.

E
Eugene, 2017-05-11
@Nc_Soft

I have only 1 line in /usr/local/etc/mongodb.conf
bind_ip = 127.0.0.1
And the command
ps ax | grep LISTEN
gives
LISTEN
tcp4 0 0 127.0.0.1.27017 *.*

A
athacker, 2017-05-11
@athacker

Make sure you have spaces before bindIp and not tabs.
And after starting mongi, the output of the ipconfig and sockstat -4l commands to the studio

P
Philipp, 2017-05-14
@zoonman

You are doing some nonsense. There is nothing wrong with MongoDB listening to some interface.
Usually this is solved by setting the firewall.
What you need to pay attention to is the authorization options
https://docs.mongodb.com/manual/reference/configur...
Sooner or later you will have to go beyond the localhost and have to configure authorization.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question