New in MongoDB 3.5.7: Localhost by default
95 views
Skip to first unread message
Spencer Jackson
May 17, 2017, 4:53:56 PM5/17/17
to mongo...@googlegroups.com, mongod...@googlegroups.com
Hi all,
MongoDB 3.5.7 introduces a new line of protection from unauthorized
access. Many applications run on the same host as their MongoDB
server. For these types of deployments, the application may need to be
exposed to the Internet, but MongoDB might not. As of this release,
MongoDB servers will listen to users and applications running on the
local host, but won't admit remote connections unless you ask it to.
If you run applications and databases on different servers, or you're
running MongoDB with sharding or replication, you probably need to
allow remote connections. Don't worry, it's easy.
But first, make sure you're following our security best practices,
especially if you're about to expose your servers to the Internet.
MongoDB has powerful security features, intended to protect data you'd
be sad about if you lost. We offer a Security Checklist[1] which will
help you turn them on.
Now, to make MongoDB accept connections from remote and local sources,
set the new '--bind_ip_all' flag on the command line, or enable the
equivalent parameter, net.bindIpAll, in your configuration file:
net:
bindIpAll: true
Alternatively, you can set '--bind_ip 0.0.0.0' on the command line, or
set the equivalent parameter, net.bindIp, in your configuration file:
net:
bindIp: 0.0.0.0
Advanced deployments running on hosts with multiple network interfaces
may find other values of 'net.bindIp' useful.
Note that when MongoDB is only listening to local users and
applications, remote clients will be unable to establish connections to
it. If one of these clients is yours, you may see error messages such
as "Connection refused". Think carefully about whether your server
really needs to be exposed to some broader network. If yes, follow the
directions above.
Cheers,
Spencer J
[1] https://docs.mongodb.com/manual/administration/security-checklist/
MongoDB 3.5.7 introduces a new line of protection from unauthorized
access. Many applications run on the same host as their MongoDB
server. For these types of deployments, the application may need to be
exposed to the Internet, but MongoDB might not. As of this release,
MongoDB servers will listen to users and applications running on the
local host, but won't admit remote connections unless you ask it to.
If you run applications and databases on different servers, or you're
running MongoDB with sharding or replication, you probably need to
allow remote connections. Don't worry, it's easy.
But first, make sure you're following our security best practices,
especially if you're about to expose your servers to the Internet.
MongoDB has powerful security features, intended to protect data you'd
be sad about if you lost. We offer a Security Checklist[1] which will
help you turn them on.
Now, to make MongoDB accept connections from remote and local sources,
set the new '--bind_ip_all' flag on the command line, or enable the
equivalent parameter, net.bindIpAll, in your configuration file:
net:
bindIpAll: true
Alternatively, you can set '--bind_ip 0.0.0.0' on the command line, or
set the equivalent parameter, net.bindIp, in your configuration file:
net:
bindIp: 0.0.0.0
Advanced deployments running on hosts with multiple network interfaces
may find other values of 'net.bindIp' useful.
Note that when MongoDB is only listening to local users and
applications, remote clients will be unable to establish connections to
it. If one of these clients is yours, you may see error messages such
as "Connection refused". Think carefully about whether your server
really needs to be exposed to some broader network. If yes, follow the
directions above.
Cheers,
Spencer J
[1] https://docs.mongodb.com/manual/administration/security-checklist/
Reply all
Reply to author
Forward
0 new messages