mongodb.conf bind_ip = 127.0.0.1 不起作用,但 0.0.0.0 起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17588876/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
mongodb.conf bind_ip = 127.0.0.1 does not work but 0.0.0.0 works
提问by GJain
I could not understand what bind_ipin mongodb is. I could make a remote connection from desktop to the EC2 machine by having bind_ip = 0.0.0.0, but could not make it work with bind_ip = 127.0.0.1.
我不明白bind_ipmongodb 是什么。我可以通过 建立从桌面到 EC2 机器的远程连接bind_ip = 0.0.0.0,但无法使其与bind_ip = 127.0.0.1.
Please explain me what bind_ip is and why it works for 0.0.0.0and not for 127.0.0.1.
请向我解释什么是 bind_ip 以及为什么它适用于0.0.0.0而不适用于127.0.0.1.
For reference from mongodb docs:
供参考mongodb 文档:
bind_ipDefault: All interfaces.
Set this option to configure the mongod or mongos process to bind to and listen for connections from applications on this address. You may attach mongod or mongos instances to any interface; however, if you attach the process to a publicly accessible interface, implement proper authentication or firewall restrictions to protect the integrity of your database.
You may concatenate a list of comma separated values to bind mongod to multiple IP addresses.
bind_ip默认:所有接口。
设置此选项以配置 mongod 或 mongos 进程以绑定到并侦听来自此地址上的应用程序的连接。您可以将 mongod 或 mongos 实例附加到任何接口;但是,如果您将进程附加到可公开访问的接口,请实施适当的身份验证或防火墙限制以保护数据库的完整性。
您可以连接逗号分隔值列表以将 mongod 绑定到多个 IP 地址。
回答by OWADVL
Everywhere it's written that you have to bind them like this
到处都写着你必须像这样绑定它们
bindIp : 127.0.0.1,192.168.0.50
but it doesn't work.
但它不起作用。
how it works, in the version 3.2.0 is
它是如何工作的,在 3.2.0 版本中是
bindIp : [127.0.0.1,192.168.0.50]
so try to add your ips inside the [ ]
所以尝试在 [ ] 中添加您的 ip
example :
例子 :
# network interfaces
net:
port: 27017
bindIp : [127.0.0.1,0.0.0.0]
However 0.0.0.0 opens up. While this is ok for TESTING, for production you should know the security implications of this setting!
然而 0.0.0.0 打开了。虽然这对于 TESTING 来说没问题,但对于生产,您应该知道此设置的安全含义!
回答by ConcurrentHashMap
Before binding your server to 0.0.0.0, please be clear about the security implications of those changes: Your server will be publicly exposed to all IPs on the whole internet. Be sure to enable authentication on your server!
在将您的服务器绑定到 0.0.0.0 之前,请清楚这些更改的安全含义:您的服务器将公开暴露给整个互联网上的所有 IP。请务必在您的服务器上启用身份验证!
You can't access your machine when you bind it to 127.0.0.1on EC2. That's not a bug, it's reasoned by the network interface bindings.
当您将其绑定到127.0.0.1EC2 上时,您无法访问您的机器。这不是错误,而是由网络接口绑定引起的。
127.0.0.1will only bind to the loopback interface (so you will only be able to access it locally), while 0.0.0.0will bind it to all network interfaces that are available.
127.0.0.1只会绑定到环回接口(因此您只能在本地访问它),同时0.0.0.0会将其绑定到所有可用的网络接口。
That's why you can access your mongodb on EC2 when you bind it to 0.0.0.0(as it's available through the internet now) and not via 127.0.0.1.
这就是为什么当您将 mongodb 绑定到0.0.0.0(因为它现在可以通过 Internet 访问)而不是通过127.0.0.1.
For local servers (like a WAMP or a local mongodb server) that won't look different to you, but for that case you should also thing that binding to 0.0.0.0for local servers might make them available over all network interfaces (so it might be public for someone who knows your IP, if there is no firewall!)
对于本地服务器(如 WAMP 或本地 mongodb 服务器),在您看来并没有什么不同,但在这种情况下,您还应该绑定到0.0.0.0本地服务器可能会使它们在所有网络接口上可用(因此它可能是公共的对于知道您 IP 的人,如果没有防火墙!)
Read on a similar question on Server Faulthere.
回答by Sam Hermans
It should be clear for anyone looking up this answer that binding your mongoDB to 0.0.0.0 could be your worst move ever.
任何查找此答案的人都应该清楚,将 mongoDB 绑定到 0.0.0.0 可能是您有史以来最糟糕的举动。
Please read up on the following articleand make sure that whenever you DO decide to go all public with your (and your customers) data, you consider the following:
请仔细阅读以下文章,并确保每当您决定将您(和您的客户)数据全部公开时,您会考虑以下几点:
- Do you have additional firewall rules to decide who or what can
access your service - Understand that when using Amazon EC2, if you allow 'internal' traffic it should be considered the same as putting it wide open, you are not alone at Amazon
- Are your services password protected ? And what kind of authentication ? Is the data submitted in clear text or using
encryption - Are you using the default database names, or have you copy pasted an example?
- 您是否有额外的防火墙规则来决定谁或什么可以
访问您的服务 - 了解在使用 Amazon EC2 时,如果您允许“内部”流量,则应将其视为完全开放,您在 Amazon 并不孤单
- 您的服务是否受密码保护?以及什么样的认证?提交的数据是明文还是
加密 - 您是使用默认数据库名称,还是复制粘贴了一个示例?
