更新於 2022/08/31閱讀時間約 3 分鐘

DDNS & TLS/SSL for MongoDB

    DNS

    After you set the DNS record on your domain name registrar, change the bindIp from your IP to your domain in mongod.cfg. Then you can access your database by the domain name.

    DDNS

    About how to set up DDNS, you can check my previous article: .

    After DDNS setting up, change the bindIp settings to bindIpAll: true .

    TLS/SSL

    To secure the data when the transmission, we can use TLS/SSL in MongoDB.

    obtain certificate

    I use to obtain the certificate. You can see the detail in this article: .

    mongo.pem

    We need to cat the private key and the fullchain file into one pem file. Let’s call it mongo.pem .

    sudo cat /etc/letsencrypt/archive/’+[db_domain]+’/{fullchain1.pem,privkey1.pem} | sudo tee /etc/letsencrypt/live/’+[db_domain]+’/mongo.pem

    mongod.cfg

    Since TLS is more secure than SSL, let’s use TLS.

    In MongoDB config file, set TLS mode and the certificate file.

    auto renew mongo.pem and restart MongoDB

    Due to the certificate obtained from Let’s Encript would be expired after 90 days, I write a script to auto renew mongo.pem and restart MongoDB.

    client connect

    To use URI connect, add ?tls=true&tlsAllowInvalidCertificate=true after your normal URL to connect MongoDB.

    mongodump

    To bake-up your data, you can use  . Since we use TLS/SSL now, we need to add--ssl --tlsInsecure options for mongodump.

    分享至
    成為作者繼續創作的動力吧!
    © 2024 vocus All rights reserved.