How to install Mongodb on Linode and access from another Linode?
After I install mongodb on Linode how to configure mongodb so that its only accessible by localhost (by apps running on same Linode) or that specific remote Linode only?
Also is there a way to install Mongodb Compass (GUI app) for ubuntu Linode?
1 Reply
After I install mongodb on Linode how to configure mongodb so that its only accessible by localhost (by apps running on same Linode) or that specific remote Linode only?
If you only bind mongo to the local interface 127.0.0.1
it won't be accessible outside your Linode. This will get you step one(apps only on the same linode), but your remote linode still won't be able to connect.
If you bind mongo to all interfaces 0.0.0.0
this will allow your remote linode to connect but then any remote process can connect to that socket.
To get both you can use a firewall configuration. This would imply that your bind mongo to port 27017
on the IP of the server. This is done in the /etc/mongod.conf
file.
net:
port: 27017
bindIp: 127.0.0.1,<public bind IP>
Then you just configure your firewall to DROP
incoming from everyone on that port and an ACCEPT
rule just for your privileged remote linodes.
This can be a bit hairy in iptables syntax so for those of us that are not netfilter gurus there is another option. Linode provides a great intro to a tool called "Uncomplicated Firewall" here. It has packages on most popular distros and lets you create/publish simple iptables rules with ease. Just be careful not to firewall off your ssh port or you'll lose access to to the machine :)
The TL;DR is you should end up running something that looks like the following from your shell…
sudo ufw default deny incoming 27017
sudo ufw allow from <your remote linode> to any port 27017
I just wrote these off the cuff so make sure you test your firewall configurations to make sure they work they way you want.
Also is there a way to install Mongodb Compass (GUI app) for ubuntu Linode?
You wouldn't install this on your linode. You'd install it on your laptop or desktop and connect it to the mongo process on your Linode. As with your remote linode you'll need to punch a hole in your firewall configuration that allows your client to connect. Same deal as before…
sudo ufw allow from <your laptop/deskpop IP> to any port 27017
Now you can just fire up Compass and you'll see this screen. Punch in the hostname or IP of your linode in the "Host" box and the port in the port box and you are off to the races. You'll want to make sure you setup to communicate over a secure channel or your traffic will be in plain text.