Connecting to a Cluster Instance Over Public Networks

Scenarios

This section describes how to connect to a cluster instance using the MongoDB client and Robo 3T over public networks.

The MongoDB client and Robo 3T can connect to a DB instance with an unencrypted connection or an encrypted connection (SSL). To improve data transmission security, you are advised to connect to DB instances using the SSL connection.

Different OS scenarios: Examples include Linux and Windows clients.

Prerequisites

  1. Bind an EIP to the cluster instance and set security group rules to ensure that the EIP can be accessed with the DB client application.

  2. Install the MongoDB client or Robo 3T.

    MongoDB client

    1. For details on how to create and log in to an ECS, see "Creating and Logging In to a Windows ECS" or "Creating and Logging In to a Linux ECS" in the Elastic Cloud Server User Guide.

    2. Install the MongoDB client on the ECS.

      For details on how to install a MongoDB client, see How Can I Install a MongoDB Client?

      Note

      If you use a connection address to connect to a cluster instance, download the MongoDB client of version later than 3.4.

    Robo 3T

    For details on how to install Robo 3T, see How Do I Install Robo 3T?

  3. If SSL is enabled, download the SSL certificate on the DDS console.

    1. On the Instance Management page, click the target DB instance.

    2. In the navigation pane on the left, choose Connections.

    3. In the Basic Information area, click image1 next to the SSL field.

    Note

    The certificate can also be downloaded from the Node Information area on the Basic Information page.

Connecting to a DB Instance Using Robo 3T (SSL)

Important

If you connect to a DB instance using this method, enable the SSL connection. For details, see section Enabling SSL.

  1. Run the installed Robo 3T. On the displayed dialog box, click Create.

    **Figure 1** Connections

    Figure 1 Connections

  2. In the Connection Settings dialog box, set the parameters of the new connection.

    1. On the Connection tab, enter the name of the new connection in the Name text box and enter the EIP and database port that are bound to the DDS DB instance in the Address text box.

      **Figure 2** Connection

      Figure 2 Connection

    2. On the Authentication tab, set Database to admin, User Name to rwuser, and Password to the administrator password you set during the creation of the cluster instance.

      **Figure 3** Authentication

      Figure 3 Authentication

    3. On the SSL tab, upload the SSL certificate and select Allowed for Invalid Hostnames.

      **Figure 4** SSL

      Figure 4 SSL

    4. Click Save.

  3. On the MongoDB Connections page, click Connect to connect to the cluster instance.

    **Figure 5** Connections

    Figure 5 Connections

  4. If the cluster instance is successfully connected, the page shown in Figure 6 is displayed.

    **Figure 6** Connection succeeded

    Figure 6 Connection succeeded

Connecting to a DB Instance Using Robo 3T (Non-SSL)

Important

If you connect to a DB instance using this method, disable the SSL connection. For details, see section Disabling SSL.

  1. Run the installed Robo 3T. On the displayed dialog box, click Create.

    **Figure 7** Connections

    Figure 7 Connections

  2. In the Connection Settings dialog box, set the parameters of the new connection.

    1. On the Connection tab, enter the name of the new connection in the Name text box and enter the EIP and database port that are bound to the DDS DB instance in the Address text box.

      **Figure 8** Connection

      Figure 8 Connection

    2. On the Authentication tab, set Database to admin, User Name to rwuser, and Password to the administrator password you set during the creation of the cluster instance.

      **Figure 9** Authentication

      Figure 9 Authentication

    3. Click Save.

  3. On the MongoDB Connections page, click Connect to connect to the cluster instance.

    **Figure 10** Connections

    Figure 10 Connections

  4. If the cluster instance is successfully connected, the page shown in Figure 11 is displayed.

    **Figure 11** Connection succeeded

    Figure 11 Connection succeeded

Connecting to a DB Instance Using the MongoDB Client (SSL)

Important

If you connect to a DB instance using this method, enable the SSL connection. For details, see section Enabling SSL.

  1. On the Instance Management page, click the target DB instance.

  2. In the navigation pane on the left, choose Connections.

  3. In the Basic Information area, click image2 next to the SSL field.

  4. Upload the root certificate to the ECS to be connected to the DB instance.

    The following describes how to upload the certificate to a Linux and Window ECS:

    • In Linux, run the following command:

      scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>

      Note

      • IDENTITY_FILE indicates the directory where the root certificate resides. The file access permission is 600.

      • REMOTE_USER indicates the ECS OS user.

      • REMOTE_ADDRESS indicates the ECS address.

      • REMOTE_DIR indicates the directory of the ECS to which the root certificate is uploaded.

    • In Windows, upload the root certificate using the remote connection tool.

  5. Connect to the DB instance in the directory where the MongoDB client is located.

    • Method 1: Using standard parameters

      mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      Enter the database account password when prompted:

      Enter password:

    • Method 2: Using standard URI format

      mongo mongodb://rwuser:<password>@<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      To obtain the public connection address, click the instance name and choose Connections. The address is displayed in Public Network Connection Address field on the Public Connection tab.

    Note

    • A cluster instance uses the management IP address to generate SSL certificate. --sslAllowInvalidHostnames is needed for the SSL connection in a public network.

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the EIP column in the node list on the Connections page.

    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.

    • DB_HOST and DB_PORT can also be obtained from the Node Information area on the Basic Information page.

    • DB_USER indicates the database account name. The default value is rwuser.

    • <password> indicates the password of the database account. If the password contains at signs (@),exclamation marks (!), or percent signs (%), replace them with hexadecimal URL codes %40, %21, and %25 respectively.

    • If user inputs this command then the password will be stored in logfiles and can be found in linux history, and in process list. So please note that plaintext passwords are risky.

    • FILE_PATH indicates the path where the root certificate is stored.

    • Connect to the instance using standard parameters. The following is an example command:

      mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

    • Using standard URI format:

      mongo mongodb://rwuser:<password>@192.168.1.80:8635/test?authSource=admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

  6. Check the connection result. If the following information is displayed, the connection is successful.

    mongos>

Connecting to a DB Instance Using the MongoDB Client (Non-SSL)

Important

If you connect to a DB instance using this method, disable the SSL connection. For details, see section Disabling SSL.

  1. Connect to the DB instance in the directory where the MongoDB client is located.

    • Method 1: Using standard parameters

      mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

      Enter the database account password when prompted:

      Enter password:

    • Method 2: Using standard URI format

      ./mongo mongodb://rwuser:<password>@<DB_HOST>:<DB_PORT>/test?authSource=admin

      To obtain the public connection address, click the instance name and choose Connections. The address is displayed in Public Network Connection Address field on the Public Connection tab.

    Note

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the EIP column in the node list on the Connections page.

    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.

    • DB_HOST and DB_PORT can also be obtained from the Node Information area on the Basic Information page.

    • DB_USER indicates the database account name. The default value is rwuser.

    • <password> indicates the password of the database account. If the password contains at signs (@),exclamation marks (!), or percent signs (%), replace them with hexadecimal URL codes %40, %21, and %25 respectively.

    • If user inputs this command then the password will be stored in logfiles and can be found in linux history, and in process list. So please note that plaintext passwords are risky.

    • Connect to the instance using standard parameters. The following is an example command:

      mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

    • Using standard URI format:

      mongo mongodb://rwuser:<password>@192.168.1.80:8635/test?authSource=admin

  2. Check the connection result. If the following information is displayed, the connection is successful.

    mongos>
last updated: 2024-04-18 01:14