MongoDB based on Docker implements the method of authorization access
- 2020-06-12 11:13:06
- OfStack
Based on Docker deploy a database instance is usually more simple than directly installed on the server database, Gevin in a development environment often use, based on the database service docker docker is also becoming a Gevin in Linux MongoDB installed on the preferred way, because the MongoDB default is not through the certification can be connected directly, for security reasons, on the public network deployment MongoDB, be sure to set authentication mechanism, in order to avoid the happening of similar ransom "hackers" problem.
So, how does MongoDB pull up based on Docker achieve access to the specified database via username and password? The approach is simple, but only if you understand the mechanism by which MongoDB authorizes access. See the following resources:
Enable Auth
Authentication
Role-Based Access Control
Once you understand the MongoDB authorization access mechanism, simply follow step 1 below.
1. Create MongoDB instance
To write fewer commands, Gevin USES Docker Compose to create an instance of MongoDB:
version: '2'
services:
mongo:
# restart: always
image: mongo:3.2
command: [--auth]
ports:
- "37017:27017"
volumes:
- /data/dbRun the following command:
docker-compose up -d
#----------
# Result :
#----------
# Creating mongodb_mongo_1
docker-compose ps
#----------
# Result :
#----------
# Name Command State Ports
# --------------------------------------------------------------------------
# mongodb_mongo_1 /entrypoint.sh --auth Up 0.0.0.0:37017->27017/tcp2. Create user administrators
The first step is to enter the MongoDB container, connect to MongoDB, and switch to the admin database by following the command:
docker exec -it mongodb_mongo_1 mongo admin
#----------
# Result :
#----------
# MongoDB shell version: 3.2.12
# connecting to: admin
# Welcome to the MongoDB shell.
# For interactive help, type "help".
# For more comprehensive documentation, see
# http://docs.mongodb.org/
# Questions? Try the support group
# http://groups.google.com/group/mongodb-userThen create 1 user administrator:
db.createUser({
user: 'mongo-admin',
pwd: 'admin-initial-password',
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] });
#----------
# Result :
#----------
Successfully added user: {
"user" : "mongo-admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}Create a user to access the specified database
After creating user administrator, you need to exit mongodb and reconnect, then use user administrator to access the admin database and create the target user for the target database. The specific steps are as follows:
(1) Reconnect to MongoDB database
Exit the container and re-enter the container with the following command:
docker exec -it mongodb_mongo_1 mongo admin
#----------
# Result :
#----------
MongoDB shell version: 3.2.12
connecting to: admin(2) Authorize login to admin
db.auth("mongo-admin","admin-initial-password")(3) Create a user to access the specified database
# Step1: switch to the specified database:
use octblog
# Step2: create a user
db.createUser(
{
user: "gevin",
pwd: "gevin",
roles: [ { role: "readWrite", db: "octblog" },
{ role: "readWrite", db: "octblog-log" } ]
}
)
#----------
# Result :
#----------
#Successfully added user: {
# "user" : "gevin",
# "roles" : [
# {
# "role" : "readWrite",
# "db" : "octblog"
# },
# {
# "role" : "readWrite",
# "db" : "octblog-log"
# }
# ]
#}The goal of this step is to create an authorized access user for the octblog database by first switching from the admin database to the octblog database before adding authorized access users for octblog
Note:
So above operations are user administrator execution, namely step 2 to create mongo - admin user administrator role is to manage users, MongoDB under each database, users around the world by its management, in addition, it nearly no more authority to do other things MongoDB no meaning of the concept of the super user, usually octblog authorized users can only be user administrator created, and user administrator can land admin database, So there is the above (2), (3) two steps of trouble.