Updated on 2022-08-17 GMT+08:00

Connecting to a Cluster Instance Over Private Networks

Scenarios

This section describes how to connect to a cluster instance using the MongoDB client over private networks.

The MongoDB client can connect to a DB instance with a common connection or an encrypted connection (SSL). To improve data transmission security, you are advised to connect to DB instances using the SSL connection.

Different OS scenarios: The following uses Linux ECS and Window client as an example.

Constraints

For details about constraints on connecting to a DB instance, see Constraints.

Prerequisites

  1. For details on how to create and log in to an ECS, see "Creating and Logging In to a Windows ECS" or "Creating and Logging In to a Linux ECS" in the Elastic Cloud Server User Guide.
  2. Install the MongoDB client on the ECS.

    For details on how to install a MongoDB client, see section How Can I Install a MongoDB Client?

    If you use a connection address to connect to a cluster instance, download the MongoDB client of version later than 4.0.

Connecting to a DB Instance Using the MongoDB Client (SSL)

  1. On the Instance Management page, click the target DB instance.
  2. In the navigation pane on the left, choose Connections.
  3. In the Basic Information area, click next to the SSL field.
  4. Upload the root certificate to the ECS to be connected to the DB instance.

    The following describes how to upload the certificate to a Linux and Window ECS:

    • In Linux, run the following command:
      scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>
      • IDENTITY_FILE indicates the directory where the root certificate locates. The file access permission is 600.
      • REMOTE_USER indicates the ECS OS user.
      • REMOTE_ADDRESS indicates the ECS address.
      • REMOTE_DIR indicates the directory of the ECS to which the root certificate is uploaded.
    • In Windows, upload the root certificate using the remote connection tool.

  5. Connect to the DB instance in the directory where the MongoDB client is located.

    • Method 1: Using Linux commands

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      Enter the database account password when prompted:

      Enter password:
    • Method 2: Using the private connection address. Enter the IP addresses and ports based on the number of DB instance nodes.

      ./mongo mongodb://rwuser:****@<DB_HOST>:<DB_PORT>,<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      The connection information can be obtained in the Address column on the Instance Management page.

      A connection address indicates that one of the mongos nodes will be randomly connected. If you use this method to connect to a DB instance, use the MongoDB client of version later than 4.0.

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
    • DB_USER indicates the database account name. The default value is rwuser.
    • **** indicates the password of the database account. If you use the connection address to connect to a DB instance:
      • If the password contains the at sign (@), change @ to %40.
      • If the password contains the exclamation mark (!), add an escape character (\) before the exclamation mark (!).
    • FILE_PATH indicates the path where the root certificate is stored.
    • Connect to the instance using Linux commands. The following is an example command:

      ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

    • Connect to the DB instance using the private connection address. The following is an example command:

      ./mongo mongodb://rwuser:****@192.168.1.6:8635/test?authSource=admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

  6. Check the connection result. If the following information is displayed, the connection is successful.

    mongos>

Connecting to a DB Instance Using the MongoDB Client (Non-SSL)

If you connect to a DB instance using this method, you need to disable the SSL connection. For details, see section Disabling SSL.

  1. Connect to the ECS.
  2. Connect to the DB instance in the directory where the MongoDB client is located.

    • Method 1: Using Linux commands

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

      Enter the database account password when prompted:

      Enter password:
    • Method 2: Using the private connection address. Enter the IP addresses and ports based on the number of DB instance nodes.

      ./mongo mongodb://rwuser:****@<DB_HOST1>:<DB_PORT1>,<DB_HOST2>:<DB_PORT2>/test?authSource=admin

      The connection information can be obtained in the Address column on the Instance Management page.

      A connection address indicates that one of the mongos nodes will be randomly connected. If you use this method to connect to a DB instance, use the MongoDB client of version later than 4.0.

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
    • DB_USER indicates the database account name. The default value is rwuser.
    • **** indicates the password of the database account. If you use the connection address to connect to a DB instance:
      • If the password contains the at sign (@), change @ to %40.
      • If the password contains the exclamation mark (!), add an escape character (\) before the exclamation mark (!).
    • Connect to the instance using Linux commands. The following is an example command:

      ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

    • Connect to the DB instance using the private connection address. The following is an example command:

      ./mongo mongodb://rwuser:****@192.168.1.6:8635/test?authSource=admin

  3. Check the connection result. If the following information is displayed, the connection is successful.

    mongos>