Introduction
By default, FileCloud installer installs Mongo database server on the same machine as the webserver without any authentication settings. However if you need to enabling authentication might be needed for added security and/or hosting the database server from a different machine than the webserver. Follow the steps here to enable authentication for MongoDB.
Setup DB User
A DB user has to be first created in MongoDB and this user can be later used in FileCloud for secure database access.
Assuming we will add a user with following details:
User Name | Password |
---|---|
dbuser | passw0rd1 |
Use a command line mongo client and execute the following commands to create the required DB user.
The following command lists all the databases in the system (depending on the configuration one or more dbs may not exist (or new ones may be present). So it is important to set authentication for each of the DB in the system. (Ignore the "local" database that shows up when you type "show databases")
For MongoClient v3.0 and above
use admin db.createUser( { user:"dbuser", pwd:"passw0rd1", roles:[ "root" ] })
For Mongo Client v 2.4
> show databases admin 0.078GB tonidoauditdb 0.078GB tonidoclouddb 0.078GB tonidos3storage 0.078GB tonidosettings 0.078GB tonidostoragedb 0.078GB tonidosyncdb 0.078GB > use admin; > db.addUser('dbuser','passw0rd1') > use tonidoauditdb; > db.addUser('dbuser','passw0rd1') > use tonidoclouddb; > db.addUser('dbuser','passw0rd1') > use tonidostoragedb; > db.addUser('dbuser','passw0rd1') > use tonidosyncdb; > db.addUser('dbuser','passw0rd1') > use tonidosettings; > db.addUser('dbuser','passw0rd1')
Upon executing all the above commands, 'dbuser' will be added as valid database user.
Configure Settings DB URL
FileCloud's settings database is where all the information is bootstrapped from. The default implicit URL for this database is "mongodb://127.0.0.1". Set this URL explicitly to reflect the fact that a database user needs to be used and the database server resides on different server. To do this, edit the configuration file WWWROOT/config/cloudconfig.php and add the following line:
define("TONIDOCLOUD_SETTINGS_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");
In the above example, we assumed the database server is installed on a different machine (i.e., 192.168.1.102) than the webserver. In collocated scenarios, 127.0.0.1 can be used as well.
Note: If you use special characters in the password, make sure to URI encode them. For example: using 'password@2090' as the password, you will need to specify it like
Configure Other DB URLs In Config File
If you have never updated the database URLs in the admin UI, follow this sub-section. If not, skip to the next sub-section.
Other database URLs required for FileCloud needs to be changed to reflect the database user as well.
To do this, edit the configuration file WWWROOT/config/cloudconfig.php and update the following lines:
// ... Cloud Database define("TONIDOCLOUD_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017"); // ... Audit Database define("TONIDOCLOUD_AUDIT_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017"); // ... Settings Database define("TONIDOCLOUD_SETTINGS_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");
and configuration file WWWROOT/config/cloudconfig.php and update the following line:
// ... Cloud Database define("TONIDO_LOCALSTORAGE_DBSERVER", "mongodb://dbuser:passw0rd1@192.168.1.102:27017");
Configure Other DB URLs In Settings DB
If you have updated the database URLs in the admin UI, then changing the values in the config files as described above will not work.
In this case use a mongodb client and update the URLs with the following information.
Database: tonidosettings Collection: sites Records: { "name" : "TONIDOCLOUD_DBSERVER", "value" : "mongodb://dbuser:passw0rd1@192.168.1.102:27017" }, { "name" : "TONIDOCLOUD_AUDIT_DBSERVER", "value" : "mongodb://dbuser:passw0rd1@192.168.1.102:27017" }, { "name" : "TONIDO_LOCALSTORAGE_DBSERVER", "value" : "mongodb://dbuser:passw0rd1@192.168.1.102:27017" }
Enable MongoDB Security
Now that FileCloud is updated with the security info, enable security in MongoDB. To do this open the file mongodb.conf that can be typically found in the following location:
Windows | C:\xampp\mongodb\bin\mongodb.conf |
---|---|
Linux | /etc/mongodb.conf |
Edit this file and add/update with the following line. If the line is already there, ensure it is not commented.
# Turn on/off security. Off is currently the default #noauth = true auth = true
If you are using a version of MongoDB that creates a YAML conf file, you might need to enable authentication using the following format.
security: authorization: enabled
Restart Services
Finally, it is necessary to restart both MongoDB and Apache to get the security in-place.
Note
- In case of any issues, disable security in mongodb and fix the problems.
- To disable security, mongodb auth has to be disabled and the database URLs has to be reverted back.