remark: I am using win10.
My goal is when windows boot mongodb as a service with authentication start( you can not enter the database without authenticate) but I can not manage to do it on a windows machine ( in linux it worked)
I write here the steps I tried:
dowlnload MongoDB
change conf from default to the following
# mongod.conf
http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: C:\MongoDB\Server\4.0\data
journal:
enabled: true
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: C:\MongoDB\Server\4.0\log\mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
security:
authorization: enabled
setParameter:
enableLocalhostAuthBypass: false
create a Admin user in the Admin collection.
db.createUser(
{
user: "....",
pwd: "...",
roles:
[
{ role: "root", db: "admin" }
]
}
)
Made it a service:
sc.exe create MongoDB
binPath=“\”C:\MongoDB\Server\4.0\bin\mongod.exe\”
–service
config=\”C:\MongoDB\Server\4.0\bin\mongod.cfg\”” DisplayName= “MongoDB” start= “auto”
getting feedback Successful.
but when i restart the computer, mongod is not starting and if i dont specify mongod --auth i can still enter without a authentication
How can I run Mongod as service with authentication? what am i doing wrong?
When i am trying to activate the service manually I get the following error
Error photo
The issue with the security tag. I have the same issue when I wanted to start the service in Windows 10. I copy the command from Windows service properties and then run on the command prompt.
The prompt shows me the error:
Unrecognized category : security
I found the solution and it is to write the security tag with options properly.
YAML need some specific input I guess. Here it is the solution.
security:
authorization: enabled
I had the same issue.
In your mongodb.cfg, use 2 spaces (instead of TAB) to indent authorization: enabled
Related
I'm having some issues with configuring keycloak to run on our server.
Locally it works great but on on our test environment, after login, on any call using the received access token, we get "Invalid token issuer. Expected "http://keycloak:8080/auth/realms/{realmnName}" but was "http://{our-test-server-IP}/auth/realms/{realmName}""
So basically, our backend connects to the internal keycloak docker image but when the request comes it expects that the issuer is the configured external IP so even though the issuers are basically the same service keycloak sees them as being different and responds with a 401.
docker-compose.yml:
keycloak:
image: jboss/keycloak:12.0.4
restart: on-failure
environment:
PROXY_ADDRESS_FORWARDING: "true"
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: password
KEYCLOAK_LOGLEVEL: DEBUG
KEYCLOAK_IMPORT: /etc/settings/realm.json -Dkeycloak.profile.feature.upload_scripts=enabled
TZ: Europe/Bucharest
DB_VENDOR: POSTGRES
DB_ADDR: db
DB_DATABASE: user
DB_SCHEMA: keycloak
DB_USER: user
DB_PASSWORD: user
ports:
- 8090:8080
volumes:
- ./settings:/etc/settings
depends_on:
- db
Spring application.yml:
keycloak:
cors: true
realm: Realm-Name
resource: back-office
auth-server-url: http://keycloak:8080/auth/
public-client: false
credentials:
secret: 8401b642-0ae9-4dc8-87a6-2f494b388a49
keycloak-client:
id: bcc94ed5-0099-40e0-b460-572eba3f0214
If we change the backend properties auth-server-url to connect to the exposed endpoint and no to the internal docker container we get a timeout, seems like it doesn't want to connect to it. I understand that the main issue is that we are running both the keycloak instance and our backend application on the same server but I don't see why it shouldn't work and why they can not connect to each other.
We tried setting up the FRONTEND_URL in the environment when running the container and in Keycloak admin console but nothing has changed. We've also tried to set forceBackendUrlToFrontendUrl to true in standalone.xml/standalone-ha.xml(./jboss-cli.sh --connect "/subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=properties.forceBackendUrlToFrontendUrl, value=true)") files and reset the keycloak instance inside the docker container using ./jboss-cli.sh --connect command=:reload but nothing has changed.
I understand that basically by setting up the FRONTEND_URL all tokens should be signed by the keycloak instance and we would not have this issue but I've tried everything I've found so far on this issue regarding the keycloak configuration and nothing seems to change things. How can I make sure that the issuer that signs the access token and the one that the backend service expects are the same(hopefully the frontend)? And how can I configure this, is there some property I'm missing or was there something I did wrong while configuring it?
Might be related to this answer on here: https://stackoverflow.com/a/64095482/13494285
You could set Host header value to be the expected url.
To override this behavior, you might try to set KEYCLOAK_HOSTNAME environment variable to be the expected url.
Seems like documentation might not be up-to-date (it suggests KEYCLOAK_FRONTEND_URL variable on here), but instead KEYCLOAK_HOSTNAME is used to set fixed provider, as seen on here.
On this context, also the KEYCLOAK_HTTP_PORT is required to set the port to be 8080
Setting the KEYCLOAK_HOSTNAME to the external hostname (as defined in the KEYCLOAK_FRONTEND_URL) definitly worked for my case (eclipse che installation on a vanilla kubernetes cluster)
I have a ubuntu remote machine which I access using ssh and I have installed mongodb on it, and I wish to access it remotely using the uri of the mongodb which is
mongodb://<machine_ip_address>:27017/<database_name>
I have also tried to change the /etc/mongod.conf and the edited file is this:
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: true
processManagement:
fork: true
net:
bindIp: 127.0.0.1,my_ip
port: 27017
setParameter:
enableLocalhostAuthBypass: false
Is there a way I can give my local machine access to the remote server db by entering the uri of the remote server mongodb in my spring boot application?
I have installed MongoDB: mongodb-win32-x86_64-2012plus-4.2.5 as a service so I can use it with WAMP.
I am following this: http://blog.tejaspmehta.com/setup-mongodb-with-wamp/
Funny thing is: mongod is starting up looking for its default data position which is /data/db. Of which I dont have bc I installed it as a service. But I have specified in my install as a service to use the configuration file
My configuration file is this so far:
systemLog:
destination: file
path: "C:/wamp64/bin/mongodb/mongodb-win32-x86_64-2012plus-4.2.5/logs/mongodb.log"
logAppend: true
timeStampFormat: iso8601-local
net:
bindIp: 127.0.0.1
port: 27017
storage:
dbPath: "C:/wamp64/bin/mongodb/mongodb-win32-x86_64-2012plus-4.2.5/data/db"
directoryPerDB: true
When I manually created the data/db/ directory, the mongod runs fine.
When I delete the data/db/ directory the mongod shutsdown from the following error:
...
options: {}
exception in initAndListen: NonExistentPath: Data directory C:\data\db\ not found., terminating
...
seems like the config file isnt working.
Hi~~ I'm doing the official tutorial from the follwoing link.
My system is windows 10, I'm using VirtualBox 6.0 and downloaded the latest sandbox.
The following are what I did step by setp:
(1) Boot up: I cannot upload image but the information on boot up are as follow:
Hostname: gpdb-sandbox.localdomain
IP: 192.168.5.138
GPDB Admin: gpadmin
GPDB Password: pivotal
Tutorial User: gpuser
Tutorial User Password: pivotal
(2) Navigate to pg_hba.conf and add "host all all 0.0.0.0/0 md5" to the last of it
(3) Navigate to postgresql.conf and add "listen_addresses = '*'" to it
(4) Then I loged in the OS and run the following commmand
./start_all.sh
(5) Then I opened a cmd.exe from my windows and run
psql -U gpadmin -h 192.168.5.138 -p 5432 postgres
(6) The program replies with request for password, then I typed in "pivotal"
And then the program replies with an authentication failure. Can anyone help me with that so that I can start the first step of the tutorial??
Thanks a lot!
No need to type all the parameters if you are connecting to database from the sand box terminal.
just do psql and press enter you will be connected to gpadmin database.
if you changeor add any entries in pg_hba.conf please relode the configurations by running below command.
gpstop -u
This question already has answers here:
MongoDB: Server has startup warnings ''Access control is not enabled for the database''
(4 answers)
Closed 2 years ago.
I firstly installed MongoDB 3.2.5 today. But when I start it and use MongoDB shell, it gave me these warnings below:
C:\Windows\system32>mongo
MongoDB shell version: 3.2.5
connecting to: test
Server has startup warnings:
2016-04-16T11:06:17.943+0800 I CONTROL [initandlisten]
2016-04-16T11:06:17.943+0800 I CONTROL [initandlisten] ** WARNING: Insecure configuration, access control is not enabled and no --bind_ip has been specified.
2016-04-16T11:06:17.943+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted,
2016-04-16T11:06:17.943+0800 I CONTROL [initandlisten] ** and the server listens on all available network interfaces.
2016-04-16T11:06:17.943+0800 I CONTROL [initandlisten]
>
my OS is Microsoft Windows [version 10.0.10586].
You haven't configure the security features in Mongodb like authorization and authentication. Use this link for more details. You can ignore this if you are going to learn Mongodb. But when the product is going to production level. you should concern them.
You can enable access control by using mongod --auth.
For example you can run mongod --auth --port 27017 --dbpath /data/db1. After that you can secure your database with username and password.
you can add user in database using following command.
use admin
db.auth("myUserAdmin", "abc123" )
After that you can use mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin" to connect to the database.
You can add bind_ip in mongod.conf as follows,
`bind_ip = 127.0.0.1,192.168.161.100`
You can define many if you need. This bind_ip option tells MongoDB to accept connections from which local network interfaces, not which “remote IP address”.
And run mongod --config <file path to your mongod.conf>
Altogether you can run mongod --auth --port 27017 --dbpath /data/db1 --config <file path to your mongod.conf>
Run mongod --auth to enable access control. Detailed information can be found here.
Select the target DB (Exp : use admin)
Create user in the selected DB
Select the required DB (exp use admin)
db.createUser(
{
user: "root",
pwd: "root",
roles: [ "readWrite", "dbAdmin" ]
}
)
The above command will create the root user with roles readWrite and dbAdmin in the admin DB. more info about roles
Now, run the server in authentication mode using mongod --auth
Run client and provide username and password to login using db.auth("root","root")