mongoDB白名单IP

wkyowqbh  于 2023-02-03  发布在  Go
关注(0)|答案(4)|浏览(365)

我看到类似的帖子,但没有一个能帮助我解决我的问题。
在Udemy教程中,我从头开始构建MERN应用程序,但在mongoose连接上遇到了麻烦。
下面是我的index.js代码:

const express = require("express");
const mongoose = require("mongoose");

const app = express();

app.use(express.json());

app.listen(5000, () => console.log("Server started on port 5000"));

app.use("/snippet", require("./routers/snippetRouter"));

mongoose.connect("mongodb+srv://snippetUser:_password_@
  snippet-manager.sometext.mongodb.net/main?retryWrites=
  true&w=majority", {
    useNewUrlParser: true,
    useUnifiedTopology: true
}, (err) => {
  if (err) return console.log("error here " + err);
  console.log("Connected to MongoDB");
});

下面是我得到的错误:

Server started on port 5000
error here MongooseServerSelectionError: Could not connect to any 
servers in your MongoDB Atlas cluster. One common reason is 
that you're trying to access the database from an IP that isn't 
whitelisted. Make sure your current IP address is on your Atlas 
cluster's IP whitelist:
https://docs.atlas.mongodb.com/security-whitelist/

如上所述,我看到类似的错误有关的IP是不是白名单。
但是,在我的mongoDB帐户中,似乎我的IP已经被列入白名单:

在上面的截图中,空白部分是我的IP所在的位置(就在它说“包括您当前的IP地址”之前)。
既然我的IP列在那里,这是否意味着我的IP是白名单?
如果没有,如何将我的IP列入白名单?

jaql4c8m

jaql4c8m1#

经过几天的沮丧,我进入Mongo Atlas,然后进入网络访问,并将设置更改为“允许从任何地方访问”。它删除了我的IP地址,并将其更改为通用IP地址。
这与我在Udemy上遵循的教程有偏差,但它确实起作用了,我终于可以继续学习剩下的课程了。

cld4siwp

cld4siwp2#

这是我在别处留下的一个答案。希望它能帮助遇到这个问题的人:
此脚本将在my gist上保持最新
∮为什么∮
mongo atlas提供了一个价格合理的托管mongo数据库的访问。托管container的CSP对他们的托管mongo数据库收费太高。他们都建议设置一个不安全的CIDR(0.0.0.0/0)来允许container访问集群。这显然是荒谬的。
这个入口点脚本是外科手术,以保持最低的特权访问。2只有当前托管的IP地址的服务是白名单。

用法

  • 设置为Dockerfile的入口点
  • 如果不使用容器,则在云init / VM启动中运行(并删除最后一行exec "$@",因为这仅适用于容器

行为

使用蒙戈图集project IP access list endpoints

  • 我将检测容器的托管IP地址,并使用API将其加入集群的白名单
  • 如果服务没有白名单条目,则创建该服务
  • 如果服务具有与当前IP匹配的现有白名单条目,则无更改
  • 如果服务IP已更改,则删除旧条目并创建新条目

当创建白名单条目时,服务休眠60秒以等待atlas将访问传播到集群

环境

设置

  1. create API key for org
  2. add API key to project
    1.复制公钥(MONGO_ATLAS_API_PK)和私钥(MONGO_ATLAS_API_SK
    1.转到项目设置页面并复制项目ID(MONGO_ATLAS_API_PROJECT_ID
    在容器服务的env中提供以下值
  • SERVICE_NAME:用于创建/更新(删除旧)白名单条目的唯一名称
  • MONGO_ATLAS_API_PK:步骤3
  • MONGO_ATLAS_API_SK:步骤3
  • MONGO_ATLAS_API_PROJECT_ID:步骤4

深度

# alpine / apk
apk update \
  && apk add --no-cache \
     bash \
     curl \
     jq
     
# ubuntu / apt
export DEBIAN_FRONTEND=noninteractive \
  && apt-get update  \
  && apt-get -y install \
     bash \
     curl \
     jq

脚本

#!/usr/bin/env bash

# -- ENV -- #
# these must be available to the container service at runtime
#
# SERVICE_NAME
#
# MONGO_ATLAS_API_PK
# MONGO_ATLAS_API_SK
# MONGO_ATLAS_API_PROJECT_ID
#
# -- ENV -- #

set -e

mongo_api_base_url='https://cloud.mongodb.com/api/atlas/v1.0'

check_for_deps() {
  deps=(
    bash
    curl
    jq
  )

 for dep in "${deps[@]}"; do
   if [ ! "$(command -v $dep)" ]
   then
    echo "dependency [$dep] not found. exiting"
    exit 1
   fi
 done
}

make_mongo_api_request() {
  local request_method="$1"
  local request_url="$2"
  local data="$3"

  curl -s \
    --user "$MONGO_ATLAS_API_PK:$MONGO_ATLAS_API_SK" --digest \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --request "$request_method" "$request_url" \
    --data "$data"
}

get_access_list_endpoint() {
  echo -n "$mongo_api_base_url/groups/$MONGO_ATLAS_API_PROJECT_ID/accessList"
}

get_service_ip() {
  echo -n "$(curl https://ipinfo.io/ip -s)"
}

get_previous_service_ip() {
  local access_list_endpoint=`get_access_list_endpoint`

  local previous_ip=`make_mongo_api_request 'GET' "$access_list_endpoint" \
                    | jq --arg SERVICE_NAME "$SERVICE_NAME" -r \
                    '.results[]? as $results | $results.comment | if test("\\[\($SERVICE_NAME)\\]") then $results.ipAddress else empty end'`

  echo "$previous_ip"
}

whitelist_service_ip() {
  local current_service_ip="$1"
  local comment="Hosted IP of [$SERVICE_NAME] [set@$(date +%s)]"

  if (( "${#comment}" > 80 )); then
    echo "comment field value will be above 80 char limit: \"$comment\""
    echo "comment would be too long due to length of service name [$SERVICE_NAME] [${#SERVICE_NAME}]"
    echo "change comment format or service name then retry. exiting to avoid mongo API failure"
    exit 1
  fi
  
  echo "whitelisting service IP [$current_service_ip] with comment value: \"$comment\""

  response=`make_mongo_api_request \
            'POST' \
            "$(get_access_list_endpoint)?pretty=true" \
            "[
              {
                \"comment\" : \"$comment\",
                \"ipAddress\": \"$current_service_ip\"
              }
            ]" \
            | jq -r 'if .error then . else empty end'`

  if [[ -n "$response" ]];
  then
    echo 'API error whitelisting service'
    echo "$response"
    exit 1
  else
    echo "whitelist request successful"
    echo "waiting 60s for whitelist to propagate to cluster"
    sleep 60s
  fi 
}

delete_previous_service_ip() {
  local previous_service_ip="$1"

  echo "deleting previous service IP address of [$SERVICE_NAME]"

  make_mongo_api_request \
    'DELETE' \
    "$(get_access_list_endpoint)/$previous_service_ip"
}

set_mongo_whitelist_for_service_ip() {
  local current_service_ip=`get_service_ip`
  local previous_service_ip=`get_previous_service_ip`

  if [[ -z "$previous_service_ip" ]]; then
    echo "service [$SERVICE_NAME] has not yet been whitelisted"

    whitelist_service_ip "$current_service_ip"
  elif [[ "$current_service_ip" == "$previous_service_ip" ]]; then
    echo "service [$SERVICE_NAME] IP has not changed"
  else  
    echo "service [$SERVICE_NAME] IP has changed from [$previous_service_ip] to [$current_service_ip]"

    delete_previous_service_ip "$previous_service_ip"
    whitelist_service_ip "$current_service_ip"
  fi
}

check_for_deps
set_mongo_whitelist_for_service_ip

# run CMD
exec "$@"
snz8szmq

snz8szmq3#

如果使用免费的MongoDBAtlas

,请确保集群没有意外地暂停

wrrgggsh

wrrgggsh4#

删除当前IP地址并重新添加

相关问题