ip地址配置mongodb_【已解决】给MongoDB限制IP访问已经知道了,想要限制特定的IP去访问连接mongo的话,是去修改配置⽂件:
vi /f
修改其中的bindIP
但是此处,需要搞清楚:
翻译图片在线识别如何确定mongo的客户端的IP
mongo how check client ip
然后去本地去连接了远程的mongo了:
但是结果mongo shell中都还是⽆法打印出正在连接的ip[root@naturling-general-01 ~]# mongo
英语试题
MongoDB shell version: 3.2.19
connecting to: test
> db.currentOp().inprog
> db.currentOp().inprog
> db.currentOp(true).inprog
> db.currentOp(true).inprog
进去对应数据库,也不⾏:> u gridfs
switched to db gridfs
thunderbolt是什么
> db.currentOp(true).inprog
去看服务端mongod的log:2018-04-08T17:32:04.543+0800 I NETWORK [initandlisten] waiting for connections on port 27017
2018-04-08T17:32:12.235+0800 I NETWORK [initandlisten] connection accepted from 127.0.0.1:35930 #1 (1 connection now open)
2018-04-08T17:32:12.237+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" }
2018-04-08T17:32:12.239+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
服装设计效果图2018-04-08T17:32:38.469+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { currentOp: 1.0 }
2018-04-08T17:32:56.056+0800 I NETWORK [initandlisten] connection accepted from 112.4.64.141:49881 #2 (2 connections now open)
2018-04-08T17:32:56.208+0800 I ACCESS [conn2] Successfully authenticated as principal gridfs on gridfs
2018-04-08T17:32:56.289+0800 I NETWORK [initandlisten] connection accepted from 112.4.64.141:49882 #3 (3 connections now open)
2018-04-08T17:32:56.426+0800 I ACCESS [conn3] Successfully authenticated as principal gridfs on gridfs
2018-04-08T17:32:56.513+0800 I NETWORK [conn3] end connection 112.4.64.141:49882 (2 connections now open)
2018-04-08T17:32:56.513+0800 I NETWORK [conn2] end connection 112.4.64.141:49881 (1 connection now open)
2018-04-08T17:33:01.485+0800 I NETWORK [initandlisten] connection accepted from 112.4.64.141:49913 #4 (2 connections now open)
2018-04-08T17:33:01.588+0800 I ACCESS [conn4] Successfully authenticated as principal gridfs on gridfs
2018-04-08T17:33:01.669+0800 I NETWORK [initandlisten] connection accepted from 112.4.64.141:49914 #5 (3 connections now open)experiments
2018-04-08T17:33:01.765+0800 I ACCESS [conn5] Successfully authenticated as principal gridfs on gridfs
2018-04-08T17:33:01.864+0800 I NETWORK [conn4] end connection 112.4.64.141:49913 (2 connections now open)
2018-04-08T17:33:01.865+0800 I NETWORK [conn5] end connection 112.4.64.141:49914 (1 connection now open)
2018-04-08T17:33:05.178+0800 I NETWORK [initandlisten] connection accepted from 112.4.64.141:49936 #6 (2 connections now open)kers
2018-04-08T17:33:05.301+0800 I ACCESS [conn6] Successfully authenticated as principal gridfs on gridfs2019年12月四级真题第一套
2018-04-08T17:33:05.382+0800 I NETWORK [initandlisten] connection accepted from 112.4.64.141:49937 #7 (3 connections now open)
2018-04-08T17:33:05.473+0800 I ACCESS [conn7] Successfully authenticated as principal gridfs on gridfs
2018-04-08T17:33:07.218+0800 I NETWORK [conn7] end connection 112.4.64.141:49937 (2 connections now open)
2018-04-08T17:33:07.219+0800 I NETWORK [conn6] end connection 112.4.64.141:49936 (1 connection now open)
2018-04-08T17:33:09.472+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { currentOp: 1.0 }
2018-04-08T17:33:22.720+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { currentOp: 1.0, $all: true }
2018-04-08T17:34:11.478+0800 I NETWORK [initandlisten] connection accepted from 112.4.64.141:50339 #8 (2 connections now open)
2018-04-08T17:34:11.614+0800 I ACCESS [conn8] Successfully authenticated as principal gridfs on gridfs
2018-04-08T17:34:11.633+0800 I ACCESS [conn8] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" }
2018-04-08T17:34:11.713+0800 I ACCESS [conn8] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2018-04-08T17:34:23.127+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { currentOp: 1.0, $all: true }
2018-04-08T17:34:38.914+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { currentOp: 1.0, $all: true }
2018-04-08T17:36:42.435+0800 I NETWORK [conn1] end connection 127.0.0.1:35930 (1 connection now open)
可以看出,先后3次的client的连接,都显⽰出了对应的ip(和端⼝)了:
112.4.64.141:49882
112.4.64.141:49913
112.4.64.141:49937andover
->从⽽确定了,此处的client的IP是:
112.4.64.141
另外的要加的IP:
同事的公司的IP:
112.4.64.138
对于:
net.bindIp
好像就是IP的列表,逗号隔开即可
所以接着去添加IP的限制:vi /f
26 # network interfaces
27 net:
28 port: 12345
29 bindIp: 127.0.0.1, 112.4.64.141 # Listen to specific IP
结果竟然重启mongod出错:
【总结】
mongod的配置中的:bindIp:主要指的是,mongod去监听listen哪个IP(的哪个port)端⼝所以此处的IP都指的是:服务器本⾝的IP
典型的是:
127.0.0.1
等价于:localhost
新版mongo默认值就是127.0.0.1
豌豆的英文
服务器的内⽹/局域⽹/私有 IP
⽐如此处的:172.16.141.197
可以通过ifconfig或阿⾥云ECS服务器控制后台中找到
⽽不是外⽹的,作为mongo的client的IP的限制
这点很容易搞混淆
也有很多⼈,包括我,之前搞错了,以为是⽤来限制,只允许特定外⽹IP能访问mongo的呢如果有多个IP,⽤逗号隔开
⽐如:
bindIp: 127.0.0.1,172.16.141.197
要注意:逗号中间不能有空格,否则会报错:
getaddrinfo(” 112.4.64.141″) failed: Name or rvice not known
⽽想要实现:
限制外⽹访问mongo,只允许特定的IP进来访问mongo的话,则:
Mongo的配置中,是⽆法实现这个效果的。
只能换⽤其他办法,⽐如:
通过设置防⽕墙,添加:
只允许某些IP,⼊⽹⽅向,能够访问mongo的对应的端⼝
从⽽禁⽌掉其他的IP访问mongo
⽽此处的阿⾥云的ECS服务器中,可以通过设置安全组,实现和防⽕墙⼀样的效果。
具体设置办法:
进去阿⾥云控制后台-》云服务器 ECS-》安全组-〉你的ECS服务器所在的区域-》对应的ECS服务器-〉配置规则:增加2个规则:
(1)规则1: 允许特定的IP(单个IP,某个IP地址段(内的所有的IP),某⼏个IP)允许访问某端⼝
(2)规则2:禁⽌掉,其他的IP访问该端⼝
举例如下:授权策略协议类型端⼝范围授权类型授权对象描述优先级
允许⾃定义 TCP12345/12345地址段访问112.4.64.141允许外⽹特定IP访问MongoDB数据库1
postcode
拒绝⾃定义 TCP12345/12345地址段访问0.0.0.0/0禁⽌外⽹别的IP访问MongoDB数据库2
详见:
