Menu
I am deploying my first little app with MongoDB and Mongoid as a driver.
What is the right secure way to use MongoDB in production?
I mean in the development I have just started mongod and that's it - no username or password needed and that looks unsecure.
Also Mongoid sets default configurations
production:
host: <%= ENV['MONGOID_HOST'] %>
port: <%= ENV['MONGOID_PORT'] %>
username: <%= ENV['MONGOID_USERNAME'] %>
password: <%= ENV['MONGOID_PASSWORD'] %>
database: <%= ENV['MONGOID_DATABASE'] %>
How should I configure this options and entire MongoDB on my production server?
843
MongoDB 4.2 is now GA: Ready for your Production Apps.
Read More: How to install and use MongoDB with Rails 6Create a new rails application to use Ruby MongoDB. Make sure that you add –skip-active-record. If you notice, there is no database. yml and no sqlite3 gem is added automatically.
MongoDB is an AWS Partner. To launch a fully managed MongoDB cluster on AWS, try it for free from AWS Marketplace. AWS Service Catalog administrators can add this architecture to their own catalog.
To create a production environment where you need to use a username and password to connect:
In the mongo console:
// Add an Admin User (to the admin db)
use admin
db.addUser("theadmin", "anadminpassword")
// Use your database
use supercool
// Add a user (to your database)
db.addUser("joe", "passwordForJoe")
// show all users:
db.system.users.find()
// add readonly user (kinda cool)
db.addUser("readonly", "passwordForJoe", true)
Now, all connections to your mongodb will require authentication -- http://www.mongodb.org/display/DOCS/Security+and+Authentication
Also: you can consider using your linux firewall to only allow 27017 from your web server(s).
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
