Question 118145 in Mongodb Question posted in
The official documentation can be found here.

Unable to set remote access to MongoDB installed in Oracle Compute running Ubuntu

I am trying to set remote access for my fresh installed mongod service but it is turning impossible by now.

Database works just fine local but there is no way to make it works remote. These are the steps I have already tried it:

1- I set up Oracle subnet to allow 27017/tcp traffic.

2- Able 27017/tcp traffic in the Oracle Compute firewall.

3- Set up the mongod.conf bindIp property to 0.0.0.0

After that mongod service fails to startup.

Then I changed the bindIp property to my public Oracle Compute ip address and it fails as well.

After that I used the internal ip address of the Oracle Compute, bindIp: 10.0.0.151

$ ip a | grep "net"
Output:
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
    inet 10.0.0.151/24 brd 10.0.0.255 scope global enp0s3
    inet6 fe80::17ff:fe0c:78d6/64 scope link
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

The mongod service now startup properly but it is not possible to connect to the database from a remote system. I get the following error when trying to connect from my desktop system using mongosh on windows 11.

MongoServerSelectionError: connect ETIMEDOUT server_ip:27017

I would really appreciate any help. Thanks.

Tags:

2

Answers


  1. 0

    Do you have egress security rule? Is there an NSG in place? Do you have IG and proper routing?

    Can you create a network stack and post it?

    PS: Autonomous DB now comes with MongoDB API, you can try that as well.

    Login or Signup to reply.
  2. 0

    I don’t know if you still need help, but just in case if you do and for anyone in the future that may have a similar issue, I just got my remote connection to my OCI (Oracle Cloud instance) MongoDB server working.

    Here are the steps I took to get it working.
    You first need to have an Ingress Rule in the Default Security List for your OCI’s subnet to allow TCP connections from your remote computer IP (the computer that will connect remotely to your OCI) to port number 27017 (Mongo’s default port unless you changed it).

    1. To get to the page to setup an Ingress Rule follow this article from steps 1-7:

      • When you’ve reached step 7, the page should be similar to the image below.
        Oracle Cloud Add Ingress Rule GUI
      • In the input for "Source CIDR", type the public IP address of the computer that will connect to your OCI remotely. If you don’t know it’s public IP, then on the computer that will connect remotely to your OCI, go to this website. The public IP address will be next to IPV4. Back in the Source CIDR input, following the public IP address, add the IP subnet mask to determine the amount of IPs the rule is for. For example, 100.0.0.0/24 will cover the IPs 100.0.0.0 – 100.0.0.255 while 100.0.0.23/32 will only cover that one specific IP.
      • Under IP Protocol, select TCP if it’s not already selected.
      • Under Destination Port Range, type 27017 (or the port number your MongoDB server is using if you changed it from its default).
      • Under Description, you can write whatever you want or leave it blank.
      • To save the new rule, click on Add Ingress Rules.

    2. Inside of your OCI (aka you’ve SSH into it), setup Mongo’s config file.

      • Mongo’s configuration file should be located at /etc/mongod.conf
      • Open the file and under net, set the bindIp to 0.0.0.0
        Mongo Config File

    3. Restart Mongo Service and check that it’s running.

      • Restart command: sudo systemctl restart mongod
      • Status check command: sudo systemctl status mongod
      • (If not running) Start service command: sudo systemctl start mongod
      • You should see the service as active.
        Mongo Server actively running

    4. Lastly, we need to set up the firewall permissions.

      • I’ve made the mistake of spending hours on hours trying to figure out why my firewall rules weren’t working when I knew I had set things up correctly. Well, it turns out that using ufw is ineffective and that you should use firewalld instead.
      • Make sure that ufw is disabled by typing the command sudo ufw status. It should show it as inactive. If it’s active, you can disable it with the command sudo ufw disable. Then check the status of it again to make sure it’s disabled.
      • To install firewalld, enter the command sudo apt install firewalld
      • To open port 27017 (or the port you set your Mongo server to), type in the command sudo firewall-cmd --add-port PORT#/tcp --permanent while changing PORT# to the port of your Mongo server. The –permanent tag makes the rule exist even after the firewall is reloaded or if the OCI is rebooted. An example of the command using the default Mongo server port is sudo firewall-cmd --add-port 27017/tcp --permanent
        • If you need to undo the command, type the same command but change –add-port to –remove-port. An example of that is sudo firewall-cmd --remove-port 27017/tcp --permanent
      • Lastly, we just need to restart firewalld with the command sudo firewall-cmd --reload
      • To make sure that the port was added, type in sudo firewall-cmd --list-all and under ports, you should see the port you added. Now from your remote computer, you should be able to connect to the Mongo server on your OCI by using the public IP address of your OCI (the same address you used to connect to the OCI through SSH).
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search