Help Center/ Document Database Service/ User Guide/ Connecting to a DDS Instance/ Connecting to a Single Node Instance/ Connecting to a Single Node Instance over a Public Network/ Connecting to a Single Node Instance Using Mongo Shell (Public Network)
Updated on 2026-04-29 GMT+08:00
View PDF
Share

Connecting to a Single Node Instance Using Mongo Shell (Public Network)

Scenarios

In the following scenarios, you can access a DDS instance from the Internet by binding a public gateway or an EIP to the instance.

Scenario 1: If your application is running on an ECS that is in a different region from the one where the DDS instance is located, connect to the DDS instance using an EIP.

Figure 1 Accessing DDS from ECS across regions

Scenario 2: If your application is deployed on a cloud server provided by other vendors, connect to the DDS instance using an EIP.

Figure 2 Accessing DDS from other cloud servers

This section uses an application deployed on an ECS as an example to guide you through the process of connecting to a single node instance using Mongo Shell over an EIP.

You can connect to a single node instance using an SSL connection or an unencrypted connection. The SSL connection is encrypted and more secure. To improve data transmission security, connect to instances using SSL.

Prerequisites

  1. For details about how to create and log in to an ECS, see Purchasing an ECS and Logging In to an ECS.
  2. You have bound a public gateway or an EIP to the single node instance and configured security group rules to ensure that the EIP is reachable from the ECS.
  3. Install the MongoDB client on the ECS.

    For details about how to install a MongoDB client, see How Can I Install a MongoDB Client?

SSL Connection

If you connect to an instance over the SSL connection, enable SSL first. Otherwise, an error is reported. For details about how to enable SSL, see Enabling and Disabling SSL.

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Databases > Document Database Service.
  4. On the Instances page, click the instance name.
  5. In the navigation pane on the left, choose Connections.
  6. In the Basic Information area, click next to the SSL field.
  7. Import the root certificate to the Linux or Windows ECS. For details, see How Can I Import the Root Certificate to a Windows or Linux OS?
  8. Connect to the instance in the directory where the MongoDB client is located.

    • Method 1: Using an EIP

      Command format:

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabaseadmin --ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames

      The parameters are explained as follows:

      • DB_HOST is the EIP bound to the instance to be connected.

        On the Instances page, click the instance name. The Basic Information page is displayed. In the navigation tree, choose Connections. On the displayed page, click the Public Connection tab and find the EIP of the target node.

        Figure 3 Obtaining an EIP

      • DB_PORT is the database port. The default port number is 8635.

        You can click the instance name to go to the Basic Information page. In the navigation pane on the left, choose Connections. On the displayed page, click the Public Connection tab and obtain the port from the Database Port field in the Basic Information area.

        Figure 4 Obtaining the port

      • DB_USER is the database account. The default value is rwuser.
      • FILE_PATH is the path where the root certificate is stored.
      • --sslAllowInvalidHostnames: The certificate for the single node instance is generated using an internal management IP address to ensure that internal communication does not occupy resources such as user IP bandwidth. --sslAllowInvalidHostnames is required when you use SSL to connect to a single node instance over a public network.

      Example command:

      ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

      Enter the database account password when the following prompt appears:

      Enter password:
    • Method 2: Using the EIP of a public gateway

      Command format:

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabaseadmin --ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames

      The parameters are explained as follows:

      • DB_HOST is the EIP of the public gateway bound to the instance to be connected.

        On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections > Public Connection and obtain the EIP of the corresponding node in the Public Gateway column.

        Figure 5 Obtaining the EIP of the public gateway

      • DB_PORT is the port of the public gateway.
        Figure 6 Port of the public gateway

      • DB_USER is the database account. The default value is rwuser.
      • FILE_PATH is the path where the root certificate is stored.
      • --sslAllowInvalidHostnames: The certificate for the single node instance is generated using an internal management IP address to ensure that internal communication does not occupy resources such as user IP bandwidth. --sslAllowInvalidHostnames is required when you use SSL to connect to a single node instance over a public network.

      Example command:

      ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

      Enter the database account password when the following prompt appears:

      Enter password:

  9. Check the connection result. If the following information is displayed, the connection is successful. 

    replica:PRIMARY>

Unencrypted Connection

If you connect to an instance without SSL, ensure that SSL is disabled. Otherwise, an error will be reported. For details about how to disable SSL, see Enabling and Disabling SSL.

  1. Log in to the ECS.
  2. Connect to a DDS instance.

    • Method 1: Using an EIP

      Command format:

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

      The parameters are explained as follows:

      • DB_HOST is the EIP bound to the instance to be connected.

        On the Instances page, click the instance name. The Basic Information page is displayed. In the navigation tree, choose Connections. On the displayed page, click the Public Connection tab and find the EIP of the target node.

        Figure 7 Obtaining an EIP

      • DB_PORT is the database port. The default port number is 8635.

        You can click the instance name to go to the Basic Information page. In the navigation pane on the left, choose Connections. On the displayed page, click the Public Connection tab and obtain the port from the Database Port field in the Basic Information area.

        Figure 8 Obtaining the port

      • DB_USER is the database account. The default value is rwuser.

      Example command:

      ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin

      Enter the database account password when the following prompt appears:

      Enter password:
    • Method 2: Using the EIP of a public gateway

      Command format:

      ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

      The parameters are explained as follows:

      • DB_HOST is the EIP of the public gateway bound to the instance to be connected.

        On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections > Public Connection and obtain the EIP of the corresponding node in the Public Gateway column.

        Figure 9 Obtaining the EIP of the public gateway

      • DB_PORT is the port of the public gateway.
        Figure 10 Port of the public gateway

      • DB_USER is the database account. The default value is rwuser.

      Example command:

      ./mongo --host 192.168.xx.xx --port 8635 -u rwuser -p --authenticationDatabase admin

      Enter the database account password when the following prompt appears:

      Enter password:

  3. Check the connection result. If the following information is displayed, the connection is successful. 

    replica:PRIMARY>