Mongodb码头容器与客户端访问控制 [英] Mongodb docker container with client access control
问题描述
我想创建一个配有客户端访问控制的mongodb的docker容器(用户验证,请参阅这个)。
I want to create a docker container with a mongodb configured with client access control (user authentication, see this).
我已经使用此图片。但是它不使用mongo访问控制。
I have successfully configured a docker container with mongo using this image. But it doesn't use mongo access control.
问题是要启用访问控制,我必须使用特定的命令行运行mongodb( --auth ),但只能在创建第一个管理员用户后。
The problem is that to enable access control I have to run mongodb with a specific command line (--auth) but only after creating the first admin user.
使用标准的mongodb安装,我通常执行以下步骤:
With a standard mongodb installation I normally perform these steps:
- 运行mongod没有
- auth - 连接到mongo并添加管理员用户
- 重新启动mongo与
- auth
- run mongod without
--auth - connect to mongo and add the admin user
- restart mongo with
--auth
我应该用码头工具做什么?因为mongo图像总是在没有 - auth 的情况下启动。我应该创建一个新的图像吗?或者可能修改入口点?
How I'm supposed to do it with docker? Because mongo image always start without --auth. Should I create a new image? Or maybe modify the entry point?
可能我错过了一些东西,我是docker的新人...
Probably I'm missing something, I'm new to docker...
推荐答案
好的,我找到了一个解决方案。基本上,MongoDb具有允许设置访问安全性的功能( - auth ),但允许localhost连接。
请参阅 mongo本地例外。
Ok, I have found a solution. Basically MongoDb has a feature that allow to setup access security (--auth) but permit localhost connection.
See mongo local exception.
所以这是我的最终脚本:
So this is my final script:
# Create a container from the mongo image,
# run is as a daemon (-d), expose the port 27017 (-p),
# set it to auto start (--restart)
# and with mongo authentication (--auth)
# Image used is https://hub.docker.com/_/mongo/
docker pull mongo
docker run --name YOURCONTAINERNAME --restart=always -d -p 27017:27017 mongo mongod --auth
# Using the mongo "localhost exception" add a root user
# bash into the container
sudo docker exec -i -t YOURCONTAINERNAME bash
# connect to local mongo
mongo
# create the first admin user
use admin
db.createUser({user:"foouser",pwd:"foopwd",roles:[{role:"root",db:"admin"}]})
# exit the mongo shell
exit
# exit the container
exit
# now you can connect with the admin user (from any mongo client >=3 )
# remember to use --authenticationDatabase "admin"
mongo -u "foouser" -p "foopwd" YOURHOSTIP --authenticationDatabase "admin"
这篇关于Mongodb码头容器与客户端访问控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
