One place for hosting & domains

      Access

      How To Configure WebDAV Access with Apache on Ubuntu 20.04


      The author selected the Free and Open Source Fund to receive a donation as part of the Write for DOnations program.

      Introduction

      WebDAV is an extension of the HTTP protocol that allows users to manage files on remote servers. There are many ways to use a WebDAV server, you can, for example, share Word or Excel documents with your colleagues by uploading them to your WebDAV server. You can also share your music collection with your family and friends by simply giving them a URL. All of this can be achieved without them installing any additional software as everything is built right into their operating system.

      In this article, you’ll configure an Apache web server to enable WebDAV access from Windows, Mac, and Linux with SSL and password authentication.

      Prerequisites

      Before you begin this guide, you will need the following:

      WebDAV requires very few server resources, so any sized virtual machine will be enough to get your WebDAV server up and running.

      Log in to your server as the sudo-enabled, non-root user to start the first step.

      Step 1 — Enabling the WebDAV Apache Modules

      The Apache web server provides a lot of functionality as optional modules. You can enable and disable these modules to add and remove their functionality from Apache. Its WebDAV functionality is included in a module that you installed along with Apache, but is not enabled by default.
      You enable the WebDAV module for Apache using the a2enmod utility. The following two commands will enable the WebDAV modules:

      • sudo a2enmod dav
      • sudo a2enmod dav_fs

      Now, restart Apache to load the new modules:

      • sudo systemctl restart apache2.service

      The WebDAV module is now loaded and running. In the next step, you will configure Apache to serve your files via WebDAV.

      Step 2 — Configuring Apache

      In this step, you will create all the configurations that Apache needs to implement a WebDAV server.

      First, create the WebDAV root folder at /var/www/webdav that will hold the files you want to make available over WebDAV:

      • sudo mkdir /var/www/webdav

      Then, set Apache’s user, www-data, to be the owner of the WebDAV directory:

      • sudo chown www-data:www-data /var/www/webdav

      Next, you need to create a location for the database file that Apache uses to manage and lock the files that WebDAV users are accessing. This file needs to be readable and writable by Apache, but must not be available from the website as this can leak sensitive information.

      Create a new directory with the mkdir utility for the database file at /usr/local/apache/var/:

      • sudo mkdir -p /usr/local/apache/var/

      The -p option tells the mkdir utility to create all the directories in the path you specified if they don’t exist.

      Next, set the owner and group of the new directory to Apache’s user and group with the chown utility:

      • sudo chown www-data:www-data /usr/local/apache/var

      Now, you need to edit the VirtualHost file that holds the Apache configuration about your domain name. This file is located in /etc/apache2/sites-enabled/ and ends in le-ssl.conf if you used Certbot to register the SSL certificate.

      Open the VirtualHost file with a text editor:

      • sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      On the first line, add the DavLockDB directive:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      DavLockDB /usr/local/apache/var/DavLock
      . . .
      

      Next, add the following Alias and Directory directives inside the <VirtualHost> tags following all the other directives:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      . . .
      Alias /webdav /var/www/webdav
      
      <Directory /var/www/webdav>
          DAV On
      </Directory>
      

      The Alias directive maps requests to http://your.server/webdav to the /var/www/webdav folder.

      The Directory directive tells Apache to enable WebDAV for the /var/www/webdav folder. You can find out more about mod_dav from the Apache docs.

      Your final VirtualHost file will be as follows, which includes the DavLockDB, Alias, and Directory directives in the correct locations:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      DavLockDB /usr/local/apache/var/DavLock
      <IfModule mod_ssl.c>
      <VirtualHost *:443>
              ServerAdmin admin@your_domain
              ServerName your_domain
              ServerAlias your_domain
              DocumentRoot /var/www/your_domain
              ErrorLog ${APACHE_LOG_DIR}/error.log
              CustomLog ${APACHE_LOG_DIR}/access.log combined
      
              SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
              SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem
              Include /etc/letsencrypt/options-ssl-apache.conf
      
              Alias /webdav /var/www/webdav
      
              <Directory /var/www/webdav>
                  DAV On
              </Directory>
      
      </VirtualHost>
      </IfModule>
      

      If you make any syntax errors while you are editing Apache’s configuration it will refuse to start. It’s a good practice to check your Apache configuration before restarting Apache.

      Use the apachectl utility to check the configuration:

      • sudo apachectl configtest

      If your configuration is error free, apachectl will print Syntax OK. When you receive this, it is safe to restart Apache to load the new configuration:

      • sudo systemctl restart apache2.service

      You’ve now configured Apache as a WebDAV server to serve files from /var/www/webdav. However, you don’t yet have authentication configured or enabled so anyone that can access your server will be able to read, write, and edit your files. In the next section, you will enable and configure WebDAV authentication.

      Step 3 — Adding Authentication to WebDAV

      The authentication method that you will use is called digest authentication. Digest authentication is the more secure method of WebDAV authentication, especially when coupled with HTTPS.

      Digest authentication works with a file that stores the usernames and passwords of users that are allowed to access the WebDAV server. Just as with the DavLockDB the digest file needs to be stored in a location that Apache can read and write to and that cannot be served from your website.

      As you already created /usr/local/apache/var/ for this purpose, you will place the digest file there as well.

      First, create an empty file called users.password at /usr/local/apache/var/ with the touch utility:

      • sudo touch /usr/local/apache/var/users.password

      Then change the owner and group to www-data so Apache can read and write to it:

      • sudo chown www-data:www-data /usr/local/apache/var/users.password

      New users are added to WebDAV using the htdigest utility. The following command adds the user sammy:

      • sudo htdigest /usr/local/apache/var/users.password webdav sammy

      The webdav in this command is the realm and should be thought of as the group you are adding the new user to. It is also the text displayed to users as they enter their username and password when they access your WebDAV server. You can choose whatever realm best describes your use case.

      htdigest will prompt you to enter a password and confirm it when you run it:

      Output

      Adding user sammy in realm webdav New password: Re-type new password:

      Next, you’ll tell Apache to require authentication for WebDAV access and to use the users.password file.

      Open your VirtualHost file:

      • sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      Then, add the following lines inside the Directory directive block:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      AuthType Digest
      AuthName "webdav"
      AuthUserFile /usr/local/apache/var/users.password
      Require valid-user
      

      These directives do the following:

      • AuthType Digest: Use the digest authentication method.
      • AuthName "webdav": Only allow users from the webdav realm.
      • AuthUserFile /usr/local/apache/var/users.password: Use the usernames and passwords contained in /usr/local/apache/var/users.password.
      • Require valid-user: Allow access to any user listed in the users.password file that supplied the correct password.

      Your <Directory> directive will be as follows:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      <Directory /var/www/webdav>
        DAV On
        AuthType Digest
        AuthName "webdav"
        AuthUserFile /usr/local/apache/var/users.password
        Require valid-user
      </Directory>
      

      Next, enable the auth_digest Apache module so that Apache knows how to use the digest authentication method:

      Finally, restart Apache to load all the new configuration:

      • sudo systemctl restart apache2.service

      You’ve now configured your WebDAV server to use HTTPS and digest authentication. It is ready to start serving files to your users. In the next section, you’ll access a WebDAV server from either Windows, Linux, or macOS.

      Step 4 — Accessing WebDAV

      In this step, you’ll access a WebDAV server with the native file browsers of macOS, Windows, and Linux (KDE and GNOME).

      Before you get started accessing your WebDAV server you should put a file into the WebDAV folder, so you have a file to test.

      Open a new file with a text editor:

      • sudo nano /var/www/webdav/webdav-testfile.txt

      Add some text then save and exit. Now, set the owner and group of this file to www-data:

      • sudo chown www-data:www-data /var/www/webdav/webdav-testfile.txt

      You are now ready to start accessing and testing your WebDAV server.

      Linux KDE

      First, open the KDE Dolphin file manager. Then edit the address bar with a URL that has the following form:

      webdavs://your_domain/webdav
      

      image showing WebDAV link in the Dolphin address bar

      When you hit ENTER you will be prompted to enter a username and password.

      image showing the username and password dialog box

      Check the Remember password option if you want Dolphin to retain your password. Then click OK to continue. It will now present you with the contents of the /var/www/webdav/ directory, which you can manipulate as if they were on your local system.

      Bookmark your WebDAV server by grabbing the folder icon in the address bar and dragging it under the Remote section in the left-hand navigation panel.

      Image showing the WebDAV server in the Dolphin Remote locations

      Linux GNOME

      First, open the Files application by clicking on its icon on the right-hand side of the desktop.

      Image showing Finder icon

      When Files opens do the following:

      1. Click on + Other Locations.
      2. Enter the URL of your WebDAV instance with the following form:
      davs://your_domain/webdav
      

      Image showing the Files application

      Then, click on Connect. It will then prompt you with a username and password dialog box.

      Image showing the username and password dialog

      Enter your username and password then click Connect to log in to your WebDAV server. Check the Remember forever option if you do not want to enter your password every time you access your files.

      Your WebDAV folder will now be available in Files where you can manage your files:

      Image showing the WebDAV server in the Files application

      macOS

      First, open the Finder application. Next, click on the Go menu and then on Connect to server.

      Image showing the Go menu in the Finder application

      You will now find a new dialog box where you enter the URL of the WebDAV server. This URL must have the following form:

      https://your_domain/webdav
      

      Image showing the URL entry dialog box

      Click on the Connect button to continue. It will prompt you to enter a username and password.

      Image showing the username and password dialog

      Click on Connect to complete adding your WebDAV server to your system.

      You will now find your WebDAV server in Finder under the Locations section.

      Image showing the WebDAV share in Finder

      Windows

      First, from the Start Menu, open the File Explorer application. When this opens select This PC from the left-hand navigation panel.

      Image showing This PC in the navigation panel

      Next, click on the Map network drive icon in the top navigation bar.

      Image showing the Map network drive icon in top navigation panel

      Enter the URL of your WebDAV server with a URL of the following form:

      https://your_domain/webdav
      

      Image showing the URL entry dialog

      Click Finish to connect to your WebDAV server. It will prompt you to enter a username and password.

      Image showing username and password entry dialog

      Enter your username and password and click OK to log in to your server. Check the Remember my credentials option if you do not want to enter your password every time you access your files.

      Your WebDAV will now appear as a location under the This PC section of the File Explorer left-hand navigation panel.

      Image showing the WebDAV share in File Explorer

      Conclusion

      You have now set up and configured a secure WebDAV server to serve your files to your users. No matter what operating system your users have on their local system they will be able to access and manage the files in your WebDAV server.



      Source link

      How To Configure WebDAV Access with Apache on Ubuntu 18.04


      Introduction

      WebDAV is an extension of the HTTP protocol that allows users to manage files on remote servers. There are many ways to use a WebDAV server, you can, for example, share Word or Excel documents with your colleagues by uploading them to your WebDAV server. You can also share your music collection with your family and friends by simply giving them a URL. All of this can be achieved without them installing any additional software as everything is built right into their operating system.

      In this article, you’ll configure an Apache web server to enable WebDAV access from Windows, Mac, and Linux with SSL and password authentication.

      Prerequisites

      Before you begin this guide, you will need the following:

      WebDAV requires very few server resources, so any sized virtual machine will be enough to get your WebDAV server up and running.

      Log in to your server as the sudo-enabled, non-root user to start the first step.

      Step 1 — Enabling the WebDAV Apache Modules

      The Apache web server provides a lot of functionality as optional modules. You can enable and disable these modules to add and remove their functionality from Apache. Its WebDAV functionality is included in a module that you installed along with Apache, but is not enabled by default.

      You enable the WebDAV module for Apache using the a2enmod utility. The following two commands will enable the WebDAV modules:

      • sudo a2enmod dav
      • sudo a2enmod dav_fs

      Now, restart Apache to load the new modules:

      • sudo systemctl restart apache2.service

      You’ve now loaded and started the WebDAV module. In the next step, you will configure Apache to serve your files via WebDAV.

      Step 2 — Configuring Apache

      In this step, you will create all the configurations that Apache needs to implement a WebDAV server.

      First, create the WebDAV root folder at /var/www/webdav that will hold the files you want to make available over WebDAV:

      • sudo mkdir /var/www/webdav

      Then, set Apache’s user, www-data, to be the owner of the WebDAV directory:

      • sudo chown www-data:www-data /var/www/webdav

      Next, you need to create a location for the database file that Apache uses to manage and lock the files that WebDAV users are accessing. This file needs to be readable and writable by Apache, but must not be available from the website as this can leak sensitive information.

      Create a new directory with the mkdir utility for the database file at /usr/local/apache/var/:

      • sudo mkdir -p /usr/local/apache/var/

      The -p option tells the mkdir utility to create all the directories in the path you specified if they don’t exist.

      Next, set the owner and group of the new directory to Apache’s user and group with the chown utility:

      • sudo chown www-data:www-data /usr/local/apache/var

      Now, you need to edit the VirtualHost file that holds the Apache configuration about your domain name. This file is located in /etc/apache2/sites-enabled/ and ends in le-ssl.conf if you used Certbot to register the SSL certificate.

      Open the VirtualHost file with a text editor:

      • sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      On the first line, add the DavLockDB directive:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      DavLockDB /usr/local/apache/var/DavLock
      . . .
      

      Next, add the following Alias and Directory directives inside the <VirtualHost> tags following all the other directives:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      . . .
      Alias /webdav /var/www/webdav
      
      <Directory /var/www/webdav>
          DAV On
      </Directory>
      

      The Alias directive maps requests to http://your.server/webdav to the /var/www/webdav folder.

      The Directory directive tells Apache to enable WebDAV for the /var/www/webdav folder. You can find out more about mod_dav from the Apache docs.

      Your final VirtualHost file will be as follows, which includes the DavLockDB, Alias, and Directory directives in the correct locations:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      DavLockDB /usr/local/apache/var/DavLock
      <IfModule mod_ssl.c>
      <VirtualHost *:443>
          ServerAdmin admin@your_domain
              ServerName your_domain
              ServerAlias your_domain
              DocumentRoot /var/www/your_domain/public_html
              ErrorLog ${APACHE_LOG_DIR}/error.log
              CustomLog ${APACHE_LOG_DIR}/access.log combined
      
              SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
              SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem
              Include /etc/letsencrypt/options-ssl-apache.conf
      
              Alias /webdav /var/www/webdav
      
              <Directory /var/www/webdav>
                  DAV On
              </Directory>
      
      </VirtualHost>
      </IfModule>
      

      If you make any syntax errors while you are editing Apache’s configuration it will refuse to start. It’s a good practice to check your Apache configuration before restarting Apache.

      Use the apachectl utility to check the configuration:

      • sudo apachectl configtest

      If your configuration is error free, apachectl will print Syntax OK. When you receive this, it is safe to restart Apache to load the new configuration:

      • sudo systemctl restart apache2.service

      You’ve now configured Apache as a WebDAV server to serve files from /var/www/webdav. However, you don’t yet have authentication configured or enabled so anyone that can access your server will be able to read, write, and edit your files. In the next section, you will enable and configure WebDAV authentication.

      Step 3 — Adding Authentication to WebDAV

      The authentication method that you will use is called digest authentication. Digest authentication is the more secure method of WebDAV authentication, especially when coupled with HTTPS.

      Digest authentication works with a file that stores the usernames and passwords of users that are allowed to access the WebDAV server. Just as with the DavLockDB the digest file needs to be stored in a location that Apache can read and write to and that cannot be served from your website.

      As you already created /usr/local/apache/var/ for this purpose, you will place the digest file there as well.

      First, create an empty file called users.password at /usr/local/apache/var/ with the touch utility:

      • sudo touch /usr/local/apache/var/users.password

      Then change the owner and group to www-data so Apache can read and write to it:

      • sudo chown www-data:www-data /usr/local/apache/var/users.password

      New users are added to WebDAV using the htdigest utility. The following command adds the user sammy:

      • sudo htdigest /usr/local/apache/var/users.password webdav sammy

      The webdav in this command is the realm and should be thought of as the group you are adding the new user to. It is also the text displayed to users as they enter their username and password when they access your WebDAV server. You can choose whatever realm best describes your use case.

      It will prompt you to enter a password and confirm it when you run the htdigest command:

      Output

      Adding user sammy in realm webdav New password: Re-type new password:

      Next, you’ll tell Apache to require authentication for WebDAV access and to use the users.password file.

      Open your VirtualHost file:

      • sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      Then, add the following lines inside the Directory directive block:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      AuthType Digest
      AuthName "webdav"
      AuthUserFile /usr/local/apache/var/users.password
      Require valid-user
      

      These directives do the following:

      • AuthType Digest: Use the digest authentication method.
      • AuthName "webdav": Only allow users from the webdav realm.
      • AuthUserFile /usr/local/apache/var/users.password: Use the usernames and passwords contained in /usr/local/apache/var/users.password.
      • Require valid-user: Allow access to any user listed in the users.password file that supplied the correct password.

      Your <Directory> directive will be as follows:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      <Directory /var/www/webdav>
        DAV On
        AuthType Digest
        AuthName "webdav"
        AuthUserFile /usr/local/apache/var/users.password
        Require valid-user
      </Directory>
      

      Next, enable the auth_digest Apache module so that Apache knows how to use the digest authentication method:

      Finally, restart Apache to load all the new configuration:

      • sudo systemctl restart apache2.service

      You’ve now configured your WebDAV server to use HTTPS and digest authentication. It is ready to start serving files to your users. In the next section, you’ll access a WebDAV server from either Windows, Linux, or macOS.

      Step 4 — Accessing WebDAV

      In this step, you’ll access a WebDAV server with the native file browsers of macOS, Windows, and Linux (KDE and GNOME).

      Before you get started accessing your WebDAV server you should put a file into the WebDAV folder, so you have a file to test.

      Open a new file with a text editor:

      • sudo nano /var/www/webdav/webdav-testfile.txt

      Add some text then save and exit. Now, set the owner and group of this file to www-data:

      • sudo chown www-data:www-data /var/www/webdav/webdav-testfile.txt

      You are now ready to start accessing and testing your WebDAV server.

      Linux KDE

      First, open the KDE Dolphin file manager. Then edit the address bar with a URL that has the following form:

      webdavs://your_domain/webdav
      

      image showing WebDAV link in the Dolphin address bar

      When you hit ENTER you will be prompted to enter a username and password.

      image showing the username and password dialog box

      Check the Remember password option if you want Dolphin to retain your password. Then click OK to continue. It will now present you with the contents of the /var/www/webdav/ directory, which you can manipulate as if they were on your local system.

      Bookmark your WebDAV server by grabbing the folder icon in the address bar and dragging it under the Remote section in the left-hand navigation panel.

      Image showing the WebDAV server in the Dolphin Remote locations

      Linux GNOME

      First, open the Files application by clicking on its icon on the right-hand side of the desktop.

      Image showing Finder icon

      When Files opens do the following:

      1. Click on + Other Locations.
      2. Enter the URL of your WebDAV instance with the following form:
      davs://your_domain/webdav
      

      Image showing the Files application

      Then, click on Connect. It will then prompt you with a username and password dialog box.

      Image showing the username and password dialog

      Enter your username and password then click Connect to log in to your WebDAV server. Check the Remember forever option if you do not want to enter your password every time you access your files.

      Your WebDAV folder will now be available in Files where you can manage your files:

      Image showing the WebDAV server in the Files application

      macOS

      First, open the Finder application. Next, click on the Go menu and then on Connect to server.

      Image showing the Go menu in the Finder application

      You will now find a new dialog box where you enter the URL of the WebDAV server. This URL must have the following form:

      https://your_domain/webdav
      

      Image showing the URL entry dialog box

      Click on the Connect button to continue. It will prompt you to enter a username and password.

      Image showing the username and password dialog

      Click on Connect to complete adding your WebDAV server to your system.

      You will now find your WebDAV server in Finder under the Locations section.

      Image showing the WebDAV share in Finder

      Windows

      First, from the Start Menu, open the File Explorer application. When this opens select This PC from the left-hand navigation panel.

      Image showing This PC in the navigation panel

      Next, click on the Map network drive icon in the top navigation bar.

      Image showing the Map network drive icon in top navigation panel

      Enter the URL of your WebDAV server with a URL of the following form:

      https://your_domain/webdav
      

      Image showing the URL entry dialog

      Click Finish to connect to your WebDAV server. It will prompt you to enter a username and password.

      Image showing username and password entry dialog

      Enter your username and password and click OK to log in to your server. Check the Remember my credentials option if you do not want to enter your password every time you access your files.

      Your WebDAV will now appear as a location under the This PC section of the File Explorer left-hand navigation panel.

      Image showing the WebDAV share in File Explorer

      Conclusion

      You have now set up and configured a secure WebDAV server to serve your files to your users. No matter what operating system your users have on their local system they will be able to access and manage the files in your WebDAV server.



      Source link

      How To Configure Remote Access for MongoDB on Ubuntu 18.04


      An earlier version of this tutorial was written by Melissa Anderson.

      Introduction

      MongoDB, also known as Mongo, is an open-source document database used commonly in modern web applications. By default, it only allows connections that originate on the same server where it’s installed. If you want to manage MongoDB remotely or connect it to a separate application server, there are a few changes you’d need to make to the default configuration.

      In this tutorial, you will configure a MongoDB installation to securely allow access from a trusted remote computer. To do this, you’ll update your firewall rules to provide the remote machine access to the port on which MongoDB is listening for connections and then update its configuration file to change its IP binding setting. Then, as a final step, you’ll test that your remote machine is able to make the connection to your database successfully.

      Prerequisites

      To complete this tutorial, you’ll need:

      • A server running Ubuntu 18.04. This server should have a non-root administrative user and a firewall configured with UFW. Set this up by following our initial server setup guide for Ubuntu 18.04.
      • MongoDB installed on your server. This tutorial assumes that you have MongoDB 4.4 or newer installed. You can install this version by following our tutorial on How To Install MongoDB on Ubuntu 18.04.
      • A second computer from which you’ll access your MongoDB instance. For simplicity, this tutorial assumes that this machine is another Ubuntu 18.04 server, with a non-root administrative user and a UFW firewall configured following our initial server setup guide for Ubuntu 18.04. However, Steps 1 and 2, which describe the actual procedure for enabling remote connectivity on the database server, will work regardless of what operating system the remote machine is running.

      Lastly, while it isn’t required to complete this tutorial, we strongly recommend that you secure your MongoDB installation by creating an administrative user account for the database and enabling authentication. To do this, follow our tutorial on How To Secure MongoDB on Ubuntu 18.04.

      Step 1 — Adjusting the Firewall

      Assuming you followed the prerequisite initial server setup tutorial and enabled a UFW firewall on your server, your MongoDB installation will be inaccessible from the internet. If you intend to use MongoDB only locally with applications running on the same server, this is the recommended and secure setting. However, if you would like to be able to connect to your MongoDB server from a remote location, you have to allow incoming connections to the port where the database is listening by adding a new UFW rule.

      Start by checking which port your MongoDB installation is listening on with the lsof command. This command typically returns a list with every open file in a system, but when combined with the -i option, it lists only network-related files or data streams.

      The following command will redirect the output produced by lsof -i to a grep command that searches for a string named mongo:

      • sudo lsof -i | grep mongo

      This example output shows that the mongod process is listening for connections on its default port, 27017:

      Output

      . . . mongod 82221 mongodb 11u IPv4 913411 0t0 TCP localhost:27017 (LISTEN) . . .

      In most cases, MongoDB should only be accessed from certain trusted locations, such as another server hosting an application. One way to configure this is to run the following command on your MongoDB server, which opens up access on MongoDB’s default port while explicitly only allowing the IP address of the other trusted server.

      Run the following command, making sure to change trusted_server_ip to the IP address of the trusted remote machine you’ll use to access your MongoDB instance:

      Note: If the previous command’s output showed your installation of MongoDB is listening on a non default port, use that port number in place of 27017 in this command.

      • sudo ufw allow from trusted_server_ip to any port 27017

      In the future, if you ever want to access MongoDB from another machine, run this command again with the new machine’s IP address in place of trusted_server_ip.

      You can verify the change in firewall settings with ufw:

      The output will show that traffic to port 27017 from the remote server is now allowed:

      Output

      Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 27017 ALLOW trusted_server_ip OpenSSH (v6) ALLOW Anywhere (v6)

      You can find more advanced firewall settings for restricting access to services in UFW Essentials: Common Firewall Rules and Commands.

      Next, you’ll bind MongoDB to the server’s public IP address so you can access it from your remote machine.

      Step 2 — Configuring a Public bindIP

      At this point, even though the port is open, MongoDB is currently bound to 127.0.0.1, the local loopback network interface. This means that MongoDB is only able to accept connections that originate on the server where it’s installed.

      To allow remote connections, you must edit the MongoDB configuration file — /etc/mongod.conf — to additionally bind MongoDB to your server’s publicly-routable IP address. This way, your MongoDB installation will be able to listen to connections made to your MongoDB server from remote machines.

      Open the MongoDB configuration file in your preferred text editor. The following example uses nano:

      • sudo nano /etc/mongod.conf

      Find the network interfaces section, then the bindIp value:

      /etc/mongod.conf

      . . .
      # network interfaces
      net:
        port: 27017
        bindIp: 127.0.0.1
      
      . . .
      

      Append a comma to this line followed by your MongoDB server’s public IP address:

      /etc/mongod.conf

      . . .
      # network interfaces
      net:
        port: 27017
        bindIp: 127.0.0.1,mongodb_server_ip
      
      . . .
      

      Save and close the file. If you used nano, do so by pressing CTRL + X, Y, then ENTER.

      Then, restart MongoDB to put this change into effect:

      • sudo systemctl restart mongod

      Following that, your MongoDB installation will be able to accept remote connections from whatever machines you’ve allowed to access port 27017. As a final step, you can test whether the trusted remote server you allowed through the firewall in Step 1 can reach the MongoDB instance running on your server.

      Step 3 — Testing Remote Connectivity

      Now that you configured your MongoDB installation to listen for connections that originate on its publicly-routable IP address and granted your remote machine access through your server’s firewall to Mongo’s default port, you can test that the remote machine is able to connect.

      Note: As mentioned in the Prerequisites section, this tutorial assumes that your remote machine is another server running Ubuntu 18.04. The procedure for enabling remote connections outlined in Steps 1 and 2 should work regardless of what operating system your remote machine runs, but the testing methods described in this Step do not work universally across operating systems.

      One way to test that your trusted remote server is able to connect to the MongoDB instance is to use the nc command. nc, short for netcat, is a utility used to establish network connections with TCP or UDP. It’s useful for testing in cases like this because it allows you to specify both an IP address and a port number.

      First, log into your trusted server using SSH:

      • ssh sammy@trusted_server_ip

      Then run the following nc command, which includes the -z option. This limits nc to only scan for a listening daemon on the target server without sending it any data. Recall from the prerequisite installation tutorial that MongoDB is running as a service daemon, making this option useful for testing connectivity. It also includes the v option which increases the command’s verbosity, causing netcat to return some output which it otherwise wouldn’t.

      Run the following nc command from your trusted remote server, making sure to replace mongodb_server_ip with the IP address of the server on which you installed MongoDB:

      • nc -zv mongodb_server_ip 27017

      If the trusted server can access the MongoDB daemon, its output will indicate that the connection was successful:

      Output

      Connection to mongodb_server_ip 27017 port [tcp/*] succeeded!

      Assuming you have a compatible version of the mongo shell installed on your remote server, you can at this point connect directly to the MongoDB instance installed on the host server.

      One way to connect is with a connection string URI, like this:

      • mongo "mongodb://mongo_server_ip:27017"

      Note: If you followed the recommended How To Secure MongoDB on Ubuntu 18.04 tutorial, you will have closed off access to your database to unauthenticated users. In this case, you’d need to use a URI that specifies a valid username, like this:

      • mongo "mongodb://username@mongo_server_ip:27017"

      The shell will automatically prompt you to enter the user’s password.

      With that, you’ve confirmed that your MongoDB server can accept connections from the trusted server.

      Conclusion

      You can now access your MongoDB installation from a remote server. At this point, you can manage your Mongo database remotely from the trusted server. Alternatively, you could configure an application to run on the trusted server and use the database remotely.

      If you haven’t configured an administrative user and enabled authentication, anyone who has access to your remote server can also access your MongoDB installation. If you haven’t already done so, we strongly recommend that you follow our guide on How To Secure MongoDB on Ubuntu 18.04 to add an administrative user and lock things down further.



      Source link