Docker内部的Mongo身份验证 [英] Mongo authentication inside Docker
问题描述
我正在尝试通过身份验证运行mongo docker映像.遵循文档中最简单的示例我通过 docker-compose up
命令运行了mongo和mongo-express图像.我的 docker-compose.yml
在这个阶段:
I am trying to run the mongo docker image with authentication. Following the most simple example from the documentation I ran the mongo and the mongo-express images by the docker-compose up
command. My docker-compose.yml
at this stage:
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
mongo-express:
image: mongo-express
restart: always
ports:
- 8081:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: example
这将运行,两个容器都可以正常运行,我可以从mongo-express网站浏览mongo的内容.但是,每当我更改 docker-compose.yml
文件中的用户名或密码时,例如更改为:
This runs, both containers start ok and I can browse the contents of mongo from the mongo-express website. However, whenever I change the username or the password in the docker-compose.yml
file, for example to this:
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example123
mongo-express:
image: mongo-express
restart: always
ports:
- 8081:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: example123
mongo-express抛出未经授权的错误消息:
the mongo-express throws an unauthotrized error message:
mongo-express_1 | Admin Database connected
mongo-express_1 | { MongoError: Authentication failed.
mongo-express_1 | at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1 | at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1 | at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1 | at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1 | at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1 | at emitOne (events.js:116:13)
mongo-express_1 | at Socket.emit (events.js:211:7)
mongo-express_1 | at addChunk (_stream_readable.js:263:12)
mongo-express_1 | at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1 | at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1 | name: 'MongoError',
mongo-express_1 | message: 'Authentication failed.',
mongo-express_1 | ok: 0,
mongo-express_1 | errmsg: 'Authentication failed.',
mongo-express_1 | code: 18,
mongo-express_1 | codeName: 'AuthenticationFailed' }
mongo-express_1 | unable to list databases
mongo-express_1 | { MongoError: command listDatabases requires authentication
mongo-express_1 | at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1 | at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1 | at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1 | at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1 | at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1 | at emitOne (events.js:116:13)
mongo-express_1 | at Socket.emit (events.js:211:7)
mongo-express_1 | at addChunk (_stream_readable.js:263:12)
mongo-express_1 | at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1 | at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1 | name: 'MongoError',
mongo-express_1 | message: 'command listDatabases requires authentication',
mongo-express_1 | ok: 0,
mongo-express_1 | errmsg: 'command listDatabases requires authentication',
mongo-express_1 | code: 13,
mongo-express_1 | codeName: 'Unauthorized' }
无论我在 docker-compose.yml
中输入什么用户名或密码,仅当我使用原始 root
且 example
对.
No matter what username or password I enter in docker-compose.yml
, I cannot make mongo-express connect to mongo, only if I use the original root
and example
pair.
请注意,我没有将用户名和密码用作环境变量,但是可以直接在 docker-compose.yml
文件中键入它们,如您在此处看到的那样.
Note, that I am not getting the username and password as environment variables, but they are directly typed into the docker-compose.yml
file as you can see here.
还请注意,当我将 MONGO_INITDB_ROOT_USERNAME
和 MONGO_INITDB_ROOT_PASSWORD
(mongo的)变量更改为任何变量时,它们似乎没有效果,我仍然可以与mongo-express使用原始的root用户和示例凭据.
Also note, that when I change the MONGO_INITDB_ROOT_USERNAME
and MONGO_INITDB_ROOT_PASSWORD
(mongo's) variables to anything, they don't seem to have an effect, I can still connect with mongo-express using the original root and example credentials.
是什么原因导致这种行为?我该如何进行这项工作?
What causes this behaviour? How can I make this work?
推荐答案
您的docker-compose命令:
Your docker-compose command:
docker-compose up --build --force-recreate
Mongo映像使用匿名卷,所以您还需要-renew-anon-volumes
(文档):
Mongo image uses anonymous volumes, so you need also --renew-anon-volumes
(doc):
docker-compose up --build --force-recreate --renew-anon-volumes
否则,将使用先前具有已初始化DB的卷=>将不使用INITDB env变量.
Otherwise previous volume with already initialized DB is used => INITDB env variables won't be used.
这篇关于Docker内部的Mongo身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!