Dockerized MognoDB Security thoughts, also using subdomain instead of ip and port

Rollin
July 28, 2023
355 views
0 votes
2 Answers

Currently I have dockerized an authenticated MongoDB container inside VPS. I’ve done all the required docker setup and configured the DNS that would point to my subdomain (let’s say it’s mydb.test.com). Also I’ve added SSL for that subdomain.

What do you think about the security of this mongo db? It is enough or it is bad that it’s exposed to internet via DNS? What is better – a subdomain or a server ip:port type address.

Thinking a lot currently about that and can’t decide is it correct or not if I connect to my database using subdomain instead of host:port.

I would really really like to hear your opinion guys!

P.S When I try to reach that subdomain via browser I get:

It looks like you are trying to access MongoDB over HTTP on the native driver port.

Is that bad or it is common practice to see that?

Currently I have no plans to implement VPN.

Answers

Chosen as BEST ANSWER
- Rollin
- July 28, 2023 at 8:37 am
- 0 votes
0
Anyone please? :) would be really great.

(Edit)

- WernfriedDomscheit
- July 28, 2023 at 8:57 am
- 0 votes
0
A MongoDB is a database server, it is not a web server. You cannot connect to a MongoDB with a web browser, you must use a MonogDB client, e.g. Mongo Shell mongosh

From security point of view it makes absolutely no difference if you use the IP-Address or a host name. The only difference is: a host/domain name is easier to remember than an IP – that’s all!
- Use TLS/SSL server certificates to encrypt the connection
- If you want to limit the access to your MongoDB, then configure your firewall accordingly.
- Enable authentication, preferably use x.509 client certificates for authentication
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.