Help Center> Document Database Service> Getting Started> Getting Started with Single Nodes> Connecting to a Single Node Instance Over Public Networks> Step 4: Connect to a Single Node Instance Over Public Networks
View PDF

Step 4: Connect to a Single Node Instance Over Public Networks

Scenarios

This section describes how to connect to a single-node instance using the MongoDB client and Robo 3T over public networks.

The MongoDB client and Robo 3T can connect to a DB instance with a common connection or an encrypted connection (SSL). To improve data transmission security, you are advised to connect to DB instances using the SSL connection.

Different OS scenarios: The following uses Linux ECS and Window client as an example.

Prerequisites

  1. Bind an EIP to the cluster instance and set security group rules to ensure that the EIP can be accessed through the ECS or Robo 3T.
  2. Install the MongoDB client or Robo 3T.

    MongoDB client

    1. For details on how to create and log in to an ECS, see Purchasing an ECS and Logging In to an ECS.
    2. Install the MongoDB client on the ECS.

      For details on how to install a MongoDB client, see How Can I Install a MongoDB Client?

    Robo 3T

    Install Robo 3T. For details, see How Can I Install Robo 3T?

  3. If you select SSL mode, download the SSL certificate on the DDS console.
    1. On the Instance Management page, click the target DB instance.
    2. In the navigation pane on the left, choose Connections.
    3. In the Basic Information area, click next to the SSL field.

Connecting to a DB Instance Using Robo 3T (SSL)

  1. Run the installed Robo 3T. On the displayed dialog box, click Create.

    Figure 1 Connections

  2. In the Connection Settings dialog box, set the parameters of the new connection.

    1. On the Connection tab, enter the name of the new connection in the Name text box and enter the EIP and database port that are bound to the single-node instance in the Address text box.
      Figure 2 Connection
    2. On the Authentication tab, set Database to admin, User Name to rwuser, and Password to the administrator password you set during the creation of the single-node instance.
      Figure 3 Authentication
    3. On the SSL tab, upload the SSL certificate and select Allowed for Invalid Hostnames.
      Figure 4 SSL
    4. Click Save.

  3. On the MongoDB Connections page, click Connect to connect to the single-node instance.

    Figure 5 Connections

  4. If the single-node instance is successfully connected, the page shown in Figure 6 is displayed.

    Figure 6 Connection succeeded

Connecting to a DB Instance Using Robo 3T (Non-SSL)

If you connect to a DB instance using this method, you need to disable the SSL connection. For details about how to disable the SSL connection, see section Enabling or Disabling SSL.

  1. Run the installed Robo 3T. On the displayed dialog box, click Create.

    Figure 7 Connections

  2. In the Connection Settings dialog box, set the parameters of the new connection.

    1. On the Connection tab, enter the name of the new connection in the Name text box and enter the EIP and database port that are bound to the single-node instance in the Address text box.
      Figure 8 Connection
    2. On the Authentication tab, set Database to admin, User Name to rwuser, and Password to the administrator password you set during the creation of the single-node instance.
      Figure 9 Authentication
    3. Click Save.

  3. On the MongoDB Connections page, click Connect to connect to the single-node instance.

    Figure 10 Connections

  4. If the single-node instance is successfully connected, the page shown in Figure 11 is displayed.

    Figure 11 Connection succeeded

Connecting to a DB Instance Using the MongoDB Client (SSL)

  1. On the Instance Management page, click the target DB instance.
  2. In the navigation pane on the left, choose Connections.
  3. In the Basic Information area, click next to the SSL field.
  4. Upload the root certificate to the ECS to be connected to the DB instance.

    The following describes how to upload the certificate to a Linux and Window ECS:

    • In Linux, run the following command:
      scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>
      • IDENTITY_FILE indicates the directory where the root certificate resides. The file access permission is 600.
      • REMOTE_USER indicates the ECS OS user.
      • REMOTE_ADDRESS indicates the ECS address.
      • REMOTE_DIR indicates the directory of the ECS to which the root certificate is uploaded.
    • In Windows, upload the root certificate using the remote connection tool.

  5. Connect to the DB instance in the directory where the MongoDB client is located.

    • Method 1: Using Linux commands

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      Enter the database account password when prompted:

      Enter password:
    • Method 2: Using the public connection address

      ./mongo mongodb://rwuser:****@<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      To obtain the public connection address, click the instance name and choose Connections. The address is displayed in Public Network Connection Address field on the Public Connection tab.

    • A single node instance uses the management IP address to generate SSL certificate. --sslAllowInvalidHostnames is needed for the SSL connection through a public network.
    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the EIP column in the node list on the Connections page.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
    • DB_USER indicates the database account name. The default value is rwuser.
    • **** indicates the password of the database account. If you use the connection address to connect to a DB instance:
      • If the password contains the at sign (@), change @ to %40.
      • If the password contains the exclamation mark (!), add an escape character (\) before the exclamation mark (!).
    • FILE_PATH indicates the path where the root certificate is stored.
    • Connect to the instance using Linux commands. The following is an example command:

      ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

    • Connect to the DB instance using the public connection address. The following is an example command:

      ./mongo mongodb://rwuser:****@192.168.1.80:8635/test?authSource=admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

  6. Check the connection result. If the following information is displayed, the connection is successful. 

    replica:PRIMARY>

Connecting to a DB Instance Using the MongoDB Client (Non-SSL)

If you connect to a DB instance using this method, you need to disable the SSL connection. For details about how to disable the SSL connection, see section Enabling or Disabling SSL.

  1. Connect to the ECS.
  2. Connect to a DDS DB instance.

    • Method 1: Using Linux commands

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

      Enter the database account password when prompted:

      Enter password:
    • Method 2: Using the public connection address

      ./mongo mongodb://rwuser:****@<DB_HOST>:<DB_PORT>/test?authSource=admin

      To obtain the public connection address, click the instance name and choose Connections. The address is displayed in Public Network Connection Address field on the Public Connection tab.

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the EIP column in the node list on the Connections page.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
    • DB_USER indicates the database account name. The default value is rwuser.
    • **** indicates the password of the database account. If you use the connection address to connect to a DB instance:
      • If the password contains the at sign (@), change @ to %40.
      • If the password contains the exclamation mark (!), add an escape character (\) before the exclamation mark (!).
    • Connect to the instance using Linux commands. The following is an example command:

      ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

    • Connect to the DB instance using the public connection address. The following is an example command:

      ./mongo mongodb://rwuser:****@192.168.1.80:8635/test?authSource=admin

  3. Check the connection result. If the following information is displayed, the connection is successful. 

    replica:PRIMARY>