After you set the DNS record on your domain name registrar, change the bindIp
from your IP to your domain in mongod.cfg
. Then you can access your database by the domain name.
About how to set up DDNS, you can check my previous article: .
After DDNS setting up, change the bindIp
settings to bindIpAll: true
.
To secure the data when the transmission, we can use TLS/SSL in MongoDB.
I use to obtain the certificate. You can see the detail in this article: .
We need to cat the private key and the fullchain
file into one pem
file. Let’s call it mongo.pem
.
sudo cat /etc/letsencrypt/archive/’+[db_domain]+’/{fullchain1.pem,privkey1.pem} | sudo tee /etc/letsencrypt/live/’+[db_domain]+’/mongo.pem
Since TLS is more secure than SSL, let’s use TLS.
In MongoDB config file, set TLS mode and the certificate file.
Due to the certificate obtained from Let’s Encript
would be expired after 90 days, I write a script to auto renew mongo.pem and restart MongoDB.
To use URI connect, add ?tls=true&tlsAllowInvalidCertificate=true
after your normal URL to connect MongoDB.
To bake-up your data, you can use . Since we use TLS/SSL now, we need to add
--ssl --tlsInsecure
options for mongodump
.