Help Center/ Document Database Service/ User Guide/ Connecting to a DDS Instance/ Connecting to a Single Node Instance/ Connecting to a Single Node Instance over a Public Network/ Connecting to a Single Node Instance Using Mongo Shell (Public Network)
Updated on 2026-01-30 GMT+08:00
View PDF
Share

Connecting to a Single Node Instance Using Mongo Shell (Public Network)

Scenarios

In the following scenarios, you can access a DDS instance from the Internet by binding a public gateway to the instance.

Scenario 1: If your applications are running on an ECS that is in a different region from the one where the DDS instance is located, connect to the DDS instance through the EIP of a public gateway.

Figure 1 Accessing DDS from ECS across regions

Scenario 2: If your applications are deployed on a cloud server provided by other vendors, connect to the DDS instance through the EIP of a public gateway.

Figure 2 Accessing DDS from other cloud servers

This section describes how to use Mongo Shell to connect to a single node instance through the EIP of a public gateway.

You can connect to a single node instance using an SSL connection or an unencrypted connection. The SSL connection is encrypted and more secure. To improve data transmission security, connect to instances using SSL.

Prerequisites

  1. For details about how to create and log in to an ECS, see Purchasing an ECS and Logging In to an ECS.
  2. Bind a public gateway to the single node instance and configure security group rules to ensure that the single node instance can be accessed from an ECS.
  3. Install the MongoDB client on the ECS.

    For details about how to install a MongoDB client, see How Can I Install a MongoDB Client?

SSL Connection

If you connect to an instance over the SSL connection, enable SSL first. Otherwise, an error is reported. For details about how to enable SSL, see Enabling and Disabling SSL.

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Databases > Document Database Service.
  4. On the Instances page, click the instance name.
  5. In the navigation pane on the left, choose Connections.
  6. In the Basic Information area, click next to the SSL field.
  7. Import the root certificate to the Linux or Windows ECS. For details, see How Can I Import the Root Certificate to a Windows or Linux OS?
  8. Connect to the instance in the directory where the MongoDB client is located.

    Method 1: Using an EIP

    Example command:

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabaseadmin --ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames

    Parameter description:

    • DB_HOST is the EIP bound to the instance to be connected.

      On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections > Public Connection and obtain the EIP of the corresponding node.

      Figure 3 Obtaining an EIP
    • DB_PORT is the database port. The default port number is 8635.

      You can click the instance name to go to the Basic Information page. In the navigation pane on the left, choose Connections. On the displayed page, click the Public Connection tab and obtain the port from the Database Port field in the Basic Information area.

      Figure 4 Obtaining the port
    • DB_USER is the database user. The default value is rwuser.
    • FILE_PATH is the path for storing the root certificate.
    • --sslAllowInvalidHostnames: To ensure that the internal communication of the single node instance does not occupy resources such as the user IP address and bandwidth, the single node certificate is generated using the internal management IP address. --sslAllowInvalidHostnames is needed for the SSL connection through a public network.

    Command example:

    ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

    Enter the database account password when prompted:

    Enter password:

    Method 2: Using the EIP of a public gateway

    Example command:

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabaseadmin --ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames

    Parameter description:

    • DB_HOST is the EIP of the public gateway bound to the instance to be connected.

      On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections > Public Connection and obtain the EIP of the corresponding node in the Public Gateway column.

      Figure 5 Obtaining the EIP of the public gateway

    • DB_PORT is the port of the public gateway.
      Figure 6 Port of the public gateway

    • DB_USER is the database user. The default value is rwuser.
    • FILE_PATH is the path for storing the root certificate.
    • --sslAllowInvalidHostnames: The single node certificate is generated using the internal management IP address to ensure that internal communication does not occupy resources such as the user IP address and bandwidth. --sslAllowInvalidHostnames is needed for the SSL connection through a public network.

    Command example:

    ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

    Enter the database password when prompted:

    Enter password:

  9. Check the connection result. If the following information is displayed, the connection is successful. 

    replica:PRIMARY>

Unencrypted Connection

If you connect to an instance over an unencrypted connection, disable SSL first. Otherwise, an error is reported. For details about how to disable SSL, see Enabling and Disabling SSL.

  1. Log in to the ECS.
  2. Connect to a DDS instance.

    Method 1: Using an EIP

    Example command:

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

    Parameter description:

    • DB_HOST is the EIP bound to the instance to be connected.

      On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections > Public Connection and obtain the EIP of the corresponding node.

      Figure 7 Obtaining an EIP
    • DB_PORT is the database port. The default port number is 8635.

      You can click the instance name to go to the Basic Information page. In the navigation pane on the left, choose Connections. On the displayed page, click the Public Connection tab and obtain the port from the Database Port field in the Basic Information area.

      Figure 8 Obtaining the port
    • DB_USER is the database user. The default value is rwuser.

    Command example:

    ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin

    Enter the database account password when prompted:

    Enter password:

    Method 2: Using the EIP of a public gateway

    Example command:

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

    Parameter description:

    • DB_HOST is the EIP of the public gateway bound to the instance to be connected.

      On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections > Public Connection and obtain the EIP of the corresponding node in the Public Gateway column.

      Figure 9 Obtaining the EIP of the public gateway

    • DB_PORT is the port of the public gateway.
      Figure 10 Port of the public gateway

    • DB_USER is the database user. The default value is rwuser.

    Command example:

    ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin

    Enter the database password when prompted:

    Enter password:

  3. Check the connection result. If the following information is displayed, the connection is successful. 

    replica:PRIMARY>