You can bind an elastic IP to a DDS instance to access the DDS instance over the Internet.
If an application is deployed on a CT-ECS and the elastic cloud server resides in a region different from the DDS instance, or the application is deployed in the cloud server of another cloud vendor, we recommend that you use an elastic IP to connect the DDS instance.
This topic uses the application scenario deploying on an elastic cloud server as an example to describe how to use Mongo Shell to connect an instance over the Internet.
There are two methods to connect instances: SSL connection and non-SSL connection. The SSL connection is encrypted and features higher security. To improve data security during network transmission, SSL is recommended.
Before You Begin
Create and log in to the elastic cloud server.
Bind the instance to the EIP and set the security group rules to ensure that the instance can be accessed from the elastic cloud server.
Manage and add Internet configuration and use rule settings in the trustlist.
Install the MongoDB client on the elastic cloud server.
Non-SSL Connection
Go to DDS > Management Console.
On the Instance Management page, select the specified target instance and click the instance name. The Basic Information page is displayed.
Disable SSL in the instance information.
Check the bound EIP.
Connect the elastic cloud server.
Connect the database instance in the same directory as Mongo.
Method 1: Internet highly available connection (recommended)
Command format:
./mongo <Internet highly available connection address>
Internet highly available connection address: you can get the address from Basic Information > Database Connection.
Example of connection:
./mongo "mongodb://root:password@100.124.xx.xx:9030,100.124.xx.xx:9030/admin?authSource=admin"
Parameter | Description |
root | Indicates the database account name. The root account is created by default, or you can also create an account. |
password | Indicates the password of the database account. Replace it with the real password. If the password contains special characters @, ! and %, you must replace them with the corresponding hexadecimal URL codes (ASCII code) "%40", "%21", and "%25" respectively. For example, the password is ****@%!, the corresponding URL code is ****%40%25%21. |
100.124.xx.xx:9030,100.124.xx.xx:9030 | Specifies the EIP address and port number of the mongod node of the instance you want to connect. For cluster instances, specify the EIP address and port number of the mongos node. The default port number is 8030 for mongod and 9030 for mongos. |
admin | Specifies the admin name. You can set it as needed. |
authSource=admin | The root account authentication database must be "admin", and the root account must be "authSource=admin". The format is fixed and cannot be changed. It can also be the database where the account is created. |
Method 2: Internet IP address connection
Command format:
./mongo --host <db_host> --port <db_port> -u <db_user> -p --authenticationDatabase admin
Example of connection:
./mongo --host 100.124.xx.xx --port 9030 -u root -p --authenticationDatabase admin
Parameter | Description |
db_user | Indicates the database account name. The root account is created by default, or you can also create an account. |
db_host | Specifies the EIP address of the mongod node of the instance you want to connect. For cluster instances, specify the EIP address of the mongos node. |
db_port | Specifies the port number of the mongod node of the instance you want to connect. For cluster instances, specify the port number of the mongos node. |
--authenticationDatabase admin | The root account authentication database must be "admin", and the root account must be "--authenticationDatabase admin". The format is fixed and cannot be changed. It can also be the database where the account is created. |
Enter the password of the database account when the following message is displayed:
Enter password:
The following message indicates that the connection is successful.
Cluster:
mongos>
Primary and secondary replica sets:
DDS:PRIMARY> DDS:SECONDARY>
Note:
In sharded cluster instance mode, EIP highly available connection mode with multiple Mongos nodes is supported.
SSL Connection
Go to DDS > Management Console.
On the Instance Management page, select the specified target instance and click the instance name. The Basic Information page is displayed.
Enable SSL in the instance information and click to download the certificate.
Check the bound EIP.
Connect the elastic cloud server and upload the certificate to the elastic cloud server.
Connect the database instance in the same directory as Mongo.
Method 1: Internet highly available connection (recommended)
Command format:
./mongo <Internet highly available connection address> --ssl --sslCAFile <file_path> --sslAllowInvalidHostnames
Internet highly available connection address: you can get the address from Basic Information > Database Connection.
Example of connection:
./mongo "mongodb://root:password@100.124.xx.xx:9030,100.124.xx.xx:9030/admin?authSource=admin" --ssl --sslCAFile /conf/ca.crt -sslAllowInvalidHostnames
Parameter | Description |
root | Indicates the database account name. The root account is created by default, or you can also create an account. |
password | Indicates the password of the database account. Replace it with the real password. If the password contains special characters @, ! and %, you must replace them with the corresponding hexadecimal URL codes (ASCII code) "%40", "%21", and "%25" respectively. For example, the password is ****@%!, the corresponding URL code is ****%40%25%21. |
100.124.xx.xx:9030,100.124.xx.xx:9030 | Specifies the EIP address and port number of the mongod node of the instance you want to connect. For cluster instances, specify the EIP address and port number of the mongos node. The default port number is 8030 for mongod and 9030 for mongos. |
admin | Specifies the admin name. You can set it as needed. |
authSource=admin | The root account authentication database must be "admin", and the root account must be "authSource=admin". The format is fixed and cannot be changed. It can also be the database where the account is created. |
file_path | Specifies the path for storing the root certificate. |
--sslAllowInvalidHostnames | The certificate is generated using an internal IP address. You must add "--sslAllowInvalidHostnames" when connecting instances using SSL over the Internet. |
Method 2: Internet IP address connection
Command format:
./mongo --host <db_host> --port <db_port> -u <db_user> -p --authenticationDatabase admin --ssl --sslCAFile <file_path> --sslAllowInvalidHostnames
Example of connection:
./mongo --host 100.124.xx.xx --port 9030 -u root -p --authenticationDatabase admin --ssl --sslCAFile /conf/ca.crt --sslAllowInvalidHostnames
Parameter | Description |
db_user | Indicates the database account name. The root account is created by default, or you can also create an account. |
db_host | Specifies the EIP address of the mongod node of the instance you want to connect. For cluster instances, specify the EIP address of the mongos node. |
db_port | Specifies the port number of the mongod node of the instance you want to connect. For cluster instances, specify the port number of the mongos node. |
--authenticationDatabase admin | The root account authentication database must be "admin", and the root account must be "--authenticationDatabase admin". The format is fixed and cannot be changed. It can also be the database where the account is created. |
file_path | Specifies the path for storing the root certificate. |
--sslAllowInvalidHostnames | The certificate is generated using an internal IP address. You must add "--sslAllowInvalidHostnames" when connecting instances using SSL over the Internet. |
Enter the password of the database account when the following message is displayed:
Enter password:
The following message indicates that the connection is successful.
Cluster:
mongos>
Primary and secondary replica sets:
DDS:PRIMARY> DDS:SECONDARY>
Note:
In sharded cluster instance mode, EIP highly available connection mode with multiple Mongos nodes is supported.