learning
/
mongodb-for-python-developers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
mongodb-for-python-developers/transcripts/ch9-deployment/7.txt

80 lines
5.0 KiB
Plaintext
Raw Permalink Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

00:01 Alright, so on the left here we're logged into our MongoDB server
00:03 and let's go to the web server, we're logged in here,
00:12 now on the web server, just for now, I'm going to set up the Mongo shell
00:16 so that we can sort of simulate talking to this
00:20 from the web application, our little fake web application in Python
00:24 which we haven't gotten to yet, but we'll do that later in this chapter.
00:26 And we already added the list here, so we're going to install, apt install this,
00:31
00:38 ok so let's go Mongo, you're going to run something great, not the right one,
00:42 okay, so before we do anything let's see if we can get to our Mongo server,
00:48 and the answer will be no,
00:52 so here this is the host name of the Mongo server,
00:57 right now if I try to connect to it, it's going to say no,
01:00 if I come over here and I type mongo it connects, what is going on?
01:05 Remember this, remember it's listening only on local host. 01:14 So we're going to want to change this, but not before we make it safe,
01:17 so we don't want to just tell it to listen on the open internet right away
01:22 so let's first block access to all of these ports
01:27 and everything basically except for initially ssh,
01:31 so what we're going to use is we are going to use something built into Ubuntu
01:36 called uncomplicated firewall.
01:40 The first thing that we're going to do is say ufw default deny incoming.
01:45 By default we're blocking all of the ports.
01:51 Now, we're going to say allow outgoing,
01:55 so by default allow our server to get back out, that's cool.
01:58 The other thing that we want to allow, unless this is going to be
02:02 the very last time we see the server,
02:04 we're going to need to allow ssh back to this server.
02:07 Not default, just allow ssh.
02:14 Okay, great, it updated for ipv4 and ipv6, that's pretty sweet.
02:19 Now the last thing is a moment of truth, we're going to enable it,
02:23 we could ask the status, it's not enabled,
02:28 it says you know, if you are blocking ssh, you're going to be done for; we're not.
02:34 And let's just verify, just connect, reconnect, okay, we're good.
02:40 So at least now nothing can talk to any port except for 22 ssh, at all on this server.
02:47 The one final thing to do, let's go over here and say ping the web server,
02:58 so this, that's the ip address of the web server,
03:04 what I want is to allow the web server to get to the Mongo server,
03:09 so one more thing I'll say ufw allow from here,
03:14 so uncomplicated firewall allow from this to any port
03:18 and we're going to give it a port here and normally you would type this,
03:23 27017,  that's the default port,
03:29 but the very next thing we are going to do is say
03:32 running MongoDB on the default port probably is a stupid idea,
03:35 everyone is scanning the wide open internet for 27017
03:38 and then seeing what kind of havoc they can wreak upon that.
03:41 So even though we think our firewalls are blocking the wide open internet
03:45 for everything except for ssh— let's go ahead and change the port,
03:51 so we're going to say 100001 is the port we're going to run Mongo,
03:55 so we're going to allow that thing to come back to 10001,
03:57 where MongoDB is going to be listening.
04:01 Okay, rule added. So it is running,  it's listening on just that port.
04:07 Next thing to do is we're going to want to go and change the port here,
04:12
04:15 like this, and change this port, 10001.
04:19
04:23 Excellent, okay, so MongoDB, we're going to have to go do a service restart,
04:30 now if I type Mongo fail, but if I say --port, like that, we're good.
04:36 So it looks like everything is working over here.
04:39 It's still not going to listen to us,
04:45 because we're still not listening on the public internet,
04:49 we're just listening on local host.
04:52 Okay, but this is one step in the right path,
04:55 we've got basically the firewall here restricting access to everything,
05:00 except for wide open ssh and MongoDB
05:05 on a default port only from the web server.
05:08 Let's while we're over here go ahead and do this as well.
05:11 Just assuming that you're treating this as your web server,
05:14 let's go ahead do the same thing.
05:18 So by default we're going to do deny incoming allow outgoing,
05:23
05:28 allow ssh, and let's say allow 80 and 443 to simulate this being the web server,
05:37 we're not actually going to run a website, like I said,
05:40 but that is what I would do, and then we would do an enable.
05:44 It says are you sure you want to do this, we'll exit one more time,
05:46 make sure we can get back, and we can, fabulous.
05:49 So now, we've got that server sort of foul lock down just to play along,
05:54 this one is like actually lock down and this thing can talk to it,
05:57 but this one is not listening.
05:59 I don't want to make that one listen, until we go through a few other steps,
06:01 so you are going to have to hold off on having this whole connection thing working.
Reference in New Issue View Git Blame Copy Permalink