Binding specific ips with Mongodb

Question

I am using Mongodb 3.6.3 on Centos 7.

I am running the below command:

sudo mongod --storageEngine wiredTiger --dbpath /data --bind_ip_all --logpath /var/log/mongodb/mongod.log --fork

and everything will work just fine. Except, binding all is not secure enough.

I used to received a logging error when I tried --bind_ip 127.0.0.1,privateIP but discovered that the error would disappear when I did bind_ip [127.0.0.1,privateIP].

However, when I tried to connect to mongo locally it would fail and through a my site, it would sit there until it timed out. I checked sudo netstat -plnt | egrep mongodand then nothing showed up, which although it successfully forked the mongod process, it did not bind to any of the specified ips.

For reference, when I tried the same command on on the --bind_ip_all version it returned tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 1645/mongod.

My question is, why did --bind_ip ips fail to bind to the specified ips?

Side Note - when binding ips, should I bind my elastic ip or my private one?

Answer 1

I am running the below command:

sudo mongod --storageEngine wiredTiger --dbpath /data --bind_ip_all --logpath /var/log/mongodb/mongod.log --fork

and everything will work just fine. Except, binding all is not secure enough.

As per MongoDB BOL here there is Warning: Before you bind to other ip addresses, consider enabling access control and other security measures listed in Security Checklist to prevent unauthorized access.

I used to received a logging error when I tried --bind_ip 127.0.0.1,privateIP but discovered that the error would disappear when I did bind_ip [127.0.0.1,privateIP].

As here i would like to say that if you are going to bind multiple ips then as per MongoDB documentation here To bind to multiple addresses, enter a list of comma-separated values.

EXAMPLE

localhost,/tmp/mongod.sock

Or 

localhost,192.168.103.100

In the above example , let's say i have bind multiple ips. One external ip (192.168.103.100) and another localhost or (in place of localhost, that is 127.0.0.1).

net.bindIp

Type : string

Default: localhost

Starting in MongoDB 3.6, mongos and mongod bind to localhost (127.0.0.1) by default.

However, when I tried to connect to mongo locally it would fail and through a my site, it would sit there until it timed out. I checked sudo netstat -plnt | egrep mongodand there nothing showed up, which although it successfully fork the mongod process, it did not bind to any of the specified ips.

The "--fork" is a flag to tell mongod to run as a background process, rather than as an active process which blocks the shell. The "--fork" is a flag to tell mongod to run as a background process, rather than as an active process which blocks the shell.

Most of time when we shall not configure mongd.conf properly ( i mean to say that bindIp, port, and authorization restriction) then get the timed out error.

For reference, when I tried the same command on on the --bind_ip_all version it returned tcp 0 0 0.0.0.0:27017
0.0.0.0:* LISTEN 1645/mongod.

net.bindIpAll

Type: boolean

Default: False

New in version 3.6.

If true, the mongos and mongod instance binds to all ip addresses. When attaching mongos and mongod to a publicly accessible interface, ensure that you have implemented proper authentication and firewall restrictions to protect the integrity of your database.

set the net.bindIp setting to 0.0.0.0,:: to bind to all IP addresses.

As here in the above mongo shell ouput the mongod server returns the pid of localhost with by default port number 27017.

Note: net.bindIp and net.bindIpAll are mutually exclusive. That is, you can specify one or the other, but not both.

My question is, why did --bind_ip ips fail to bind to the specified ips?

Side Note - when binding ips, should I bind my elastic ip or my private one?

May be your mongod.conf configuration file is not configure properly. That's why you are unable to start mongod server file to that specific ip.

As MongoDB configuration files use the YAML format.

The sample configuration file of mongod settings , you can find here

For example I am also write down the mongod.conf sample configuration file in "YAML" format.

storage:
  dbPath: /var/mongodb/db/node1   -- this is the dbPath location 
net:
  bindIp: 192.168.103.100,localhost  -- here there is multiple ip binding
  port: 27011
security:
  authorization: enabled    -- here Authorization is enabled
systemLog:
  destination: file
  path: /var/mongodb/db/node1/mongod.log  -- this is log path 
  logAppend: true
processManagement:
  fork: true    -- here fork is true

Untill unless you are not able to run mongod server through your mongod.conf file , That means there is some error in your YAML configuration file.

Note: YAML does not support tab characters for indentation: use spaces instead.

Hope this will be help out to you.