For data security, in the MongoDB configuration file, the default port of 27017 is typically changed to a custom port number, and then the allowed IP is set to 127.0.0.1 (that is, the host itself). However, this can cause trouble when the development process looks at the data, and it must go to the server side or call the API interface deployed on the server to be able to visually query the data well. In order to be able to use visual tools on the client side, you can establish an SSH tunnel to access the remote server's database directly from the client.
This example is based on the following development environment:
Server side: Ubuntu 16.04 X86_64,mongodb 3.4.6
Client: Windows10 X86_64,robomongo 1.0.0-rc1,putty or Xshell
=========================================================================
There are two ways to establish an SSH tunnel to implement client Robomongo Access server MongoDB, one is to use putty or Xshell connection server when the tunnel, the server's MongoDB listening port mapping to the client's designated port, This allows the client to access the server's MongoDB port using the specified port on the local Robomongo connection, with the disadvantage of maintaining putty or Xshell in connection with the database before connecting to the database, and using Robomongo to create an SSH tunnel. Simply create a new connection in Robomongo, enter the username or password required to establish an SSH session, or log in to the server using Robomongo, and then access the local MongoDB port on the server. The advantage is that there is no need to establish an SSH connection separately (this is the recommended approach, but the first one is not limited to robomongo connections).
=========================================================================
Note: Because the SSH tunnel is based on the TCP forward established, therefore, in the SSHD configuration file must allow Tcpforwarding, I began to configure the sshd when this disabled, so climbed for a long time to climb out of the pit.
$ sudo vim/etc/ssh/sshd_config
Modify the following fields:
allowtcpforwarding Yes
Restart sshd
$ sudo systemctl restart sshd
Also, to modify the MongoDB configuration file so that it can only be accessed locally:
$ sudo vim/etc/mongod.conf
Modify the following fields:
Net
port:27017
bindip:127.0.0.1
=========================================================================
One, using putty or Xshell to establish the client-server SSH tunnel
PuTTY: After setting the login information (including the server IP port user password key, etc.), in the left column find Connection/ssh/tunnels,add new forwarded port, Source port to fill the port number that needs to be mapped to the client, Destination fill in the server's host and port number (the server's host is, of course, localhost) select Local and auto below, and then click Add, save for the next login convenience, click Open to establish an SSH tunnel connection.
Then, open Robomongo, and create a new connection to localhost:27018 to connect to the server MongoDB.
Alternatively, you can listen to a local 27018 port to monitor the server's 27017 port.
Similarly, when using Xshell, fill in the login host port user name password key and other information, find the ssh/tunnel in the left column, add the TCP/IP transfer rule type is local, the source host even if the client's host and listening port, the target is the server host and port, determine the connection, You can establish an SSH tunnel.
=========================================================================
Second, using the SSH tunnel with Robomongo
Turn on Robomongo, enable SSH tunnel in the SSH tab in the connection settings and set the login SSH server information, go back to the Connection tab and fill in the host (localhost) with the port on the server MongoDB. Save the connection.
Configure SSH tunneling to access MongoDB on Ubuntu server