Hello Steeve,
I finally got the time to try switching to TLS.
So, firstly what I did was editing the net settings in the config file like this:
tls:
mode: allowTLS
certificateKeyFile: PATH_TO_MONGO\bin\mongod-cert.pem
allowConnectionsWithoutCertificates: true
allowInvalidCertificates: true
allowInvalidHostnames: true
I use the minimum security settings and a self-signed certificate for now, for two reasons:
(i) I just want to test whether it works at the minimum settings, then, later on, increase the security level, again
(ii) I am connecting to the mongodb within a private network, and I am not planning to use it to serve external clients, just my own pc inside the network. Therefore, I guess, it is ok to use a self-signed certificate.
On my host pc for the mongodb, I managed to connect to the mongodb like this from python:
import pymongo
client = pymongo.MongoClient('mongodb://localhost:27017/',tls=True,tlsCAfile="PATH_TO_MONGO\\cert.pem")
I tested the connection and it worked fine.
Next, I tried to connect to my mongodb from another pc (the “client”) inside the same private router network. This always gives me the following error, when trying to request data from the host:
ServerSelectionTimeoutError: 192.168.X.XXX:27017: timed out, Timeout: 30s, Topology Description:
<TopologyDescription id: 62f22029b65b0358c6e03ca4, topology_type: Single, servers:
[<ServerDescription ('192.168.X.XXX', 27017) server_type: Unknown, rtt: None,
error=NetworkTimeout('192.168.X.XXX:27017: timed out')>]>
Apparently, the client cannot connect to the hosted mongo db in time. The remaining mongo conf settings that I use are:
# where and how to store data.
storage:
dbPath: D:\MongoDB\Server\5.0\data
journal:
enabled: true
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: PATH_TO_LOG\mongod.log
quiet: true
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1, localhost, 192.168.X.XXX
I tried different combinations of the IPs listed in bindip, including adding 0.0.0.0. Nothing prevents the error from occurring. There must be something I have done wrong.
Usually, as stated above, I connect to the db via SSH port forwarding. So, on my client ubuntu machine, I start a terminal forwarding the host’s 27017 port to the client’s 8000 port:
ssh -N -L 8000:192.168.X.XXX:27017 user@192.168.X.XXX
On the client, once the tunnel is up, I connect like this:
client = pymongo.MongoClient('mongodb://localhost:8000/')
This also now works with the tls option enabled, as in the python code above, but only when the SSH tunnel is up (of course). However, I think there is no point in using TLS via the SSH tunnel, because the speed of transfer will still be limited by the SSH tunnel, right? Therefore, I am trying to now connect directly without the SSH tunnel, which however gives the timeout error.
Can you help me with this? Any ideas?
Thank you!
Best, JZ