Skip to end of metadata
Go to start of metadata

Introduction

By default, FileCloud installer installs Mongo database server on the same machine as the webserver without any authentication settings. However if you need to enabling authentication might be needed for added security and/or hosting the database server from a different machine than the webserver. Follow the steps here to enable authentication for MongoDB.

Setup DB User

A DB user has to be first created in MongoDB and this user can be later used in FileCloud for secure database access.
Assuming we will add a user with following details:

User NamePassword
dbuserpassw0rd1

Use a command line mongo client and execute the following commands to create the required DB user. 


The following command lists all the databases in the system (depending on the configuration one or more dbs may not exist (or new ones may be present). So it is important to set authentication for each of the DB in the system. (Ignore the "local" database that shows up when you type "show databases")


For Mongo Client v 2.4

Mongo Client
> show databases
admin            0.078GB
tonidoauditdb    0.078GB
tonidoclouddb    0.078GB
tonidos3storage  0.078GB
tonidosettings   0.078GB
tonidostoragedb  0.078GB
tonidosyncdb     0.078GB
 
> use admin;
> db.addUser('dbuser','passw0rd1')
> use tonidoauditdb;
> db.addUser('dbuser','passw0rd1')
> use tonidoclouddb;
> db.addUser('dbuser','passw0rd1')
> use tonidostoragedb;
> db.addUser('dbuser','passw0rd1')
> use tonidosyncdb;
> db.addUser('dbuser','passw0rd1')
> use tonidosettings;
> db.addUser('dbuser','passw0rd1')

Upon executing all the above commands, 'dbuser' will be added as valid database user.

 

For MongoClient v3.0 and above

use admin
db.createUser( { user:"dbuser", pwd:"passw0rd1", roles:[ "root" ] })

 

Configure Settings DB URL

FileCloud's settings database is where all the information is bootstrapped from. The default implicit URL for this database is "mongodb://127.0.0.1". Set this URL explicitly to reflect the fact that a database user needs to be used and the database server resides on different server.
To do this, edit the configuration file WWWROOT/config/cloudconfig.php and add the following line:

Override Settings DB URL
define("TONIDOCLOUD_SETTINGS_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");

In the above example, we assumed the database server is installed on a different machine (i.e., 192.168.1.102) than the webserver. In collocated scenarios, 127.0.0.1 can be used as well.

Configure Other DB URLs In Config File

If you have never updated the database URLs in the admin UI, follow this sub-section. If not, skip to the next sub-section.

Other database URLs required for FileCloud needs to be changed to reflect the database user as well.
To do this, edit the configuration file WWWROOT/config/cloudconfig.php and update the following lines:

Update DB URLs in cloudconfig.php
// ... Cloud Database
define("TONIDOCLOUD_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");
// ... Audit Database
define("TONIDOCLOUD_AUDIT_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");	
// ... Settings Database
define("TONIDOCLOUD_SETTINGS_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");

and configuration file WWWROOT/config/cloudconfig.php and update the following line:

Update DB URLs in localstorageconfig.php
// ... Cloud Database
define("TONIDO_LOCALSTORAGE_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");

Configure Other DB URLs In Settings DB

If you have updated the database URLs in the admin UI, then changing the values in the config files as described above will not work.

In this case use a mongodb client and update the URLs with the following information.

Update settings database with a mongo client
Database: tonidosettings
Collection: sites
Records:  {
	"name" : "TONIDOCLOUD_DBSERVER",
	"value" : "mongodb://dbuser:passw0rd1@192.168.1.102:27017"
	}, {
	"name" : "TONIDOCLOUD_AUDIT_DBSERVER",
	"value" : "mongodb://dbuser:passw0rd1@192.168.1.102:27017"
	}, {
	"name" : "TONIDO_LOCALSTORAGE_DBSERVER",
	"value" : "mongodb://dbuser:passw0rd1@192.168.1.102:27017"
}

Enable MongoDB Security

Now that FileCloud is updated with the security info, enable security in MongoDB. To do this open the file mongodb.conf that can be typically found in the following location:

WindowsC:\xampp\mongodb\bin\mongodb.conf
Linux/etc/mongodb.conf

Edit this file and add/update with the following line. If the line is already there, ensure it is not commented.

Enable mongodb security in Windows and mongodb v2.x on Linux
# Turn on/off security.  Off is currently the default
#noauth = true
auth = true
Enable mongodb v3.x on Linux
security:
  authorization: enabled

Restart Services

Finally, it is necessary to restart both MongoDB and Apache to get the security in-place.

 

Note

  • In case of any issues, disable security in mongodb and fix the problems.
  • To disable security, mongodb auth has to be disabled and the database URLs has to be reverted back.

 

 

  • No labels