MongoDB Add Authentication
-
When adding authentication, two users are created, the root user for the admin library and the hap user for all business libraries.
-
The provided example uses
hTkfDMYJ7ZLs
for the root password andtC9S86SFWxga
for the hap password. Please replace these with your own, strong passwords in your actual setup.- To ensure compatibility and security, avoid special characters like "$", "&", or "@" in your custom passwords. These characters can interfere with regular expression parsing and may not be correctly passed to the container. Use hyphens "-" or underscores "_" instead.
-
Advance data backup is recommended before operation.
-
Microservices version: v3.7.0+.
-
If you've enabled the aggregate table feature, please refer to the corresponding documents to complete the creation of the aggregate table database and the corresponding roles and users, as well as adjust the replica set related parameters
- microservice version>=5.1.0
- microservice version<5.1.0
First, use the docker ps
command to find the mingdaoyun-sc container
Then use the command docker exec -it $(docker ps | grep mingdaoyun-sc | awk '{print $1}') bash
to enter the mingdaoyun-sc container
Execute the mongo
command to log in to mongo shll in the mingdaoyun-sc container
Enter the mingdaoyun-community container and log in to mongo
docker exec -it $(docker ps | grep mingdaoyun-community | awk '{print $1}') mongo
-
Create root users for the admin library and hap users for all business libraries in the mongo shell
use admin
db.createUser({user:"root",pwd:"hTkfDMYJ7ZLs",roles:[{role:"root",db:"admin"}]})
use MDLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDLicense"}]})
use ClientLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"ClientLicense"}]})
use commonbase
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"commonbase"}]})
use MDAlert
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDAlert"}]})
use mdactionlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdactionlog"}]})
use mdapproles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapproles"}]})
use mdapprove
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapprove"}]})
use mdapps
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapps"}]})
use mdattachment
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdattachment"}]})
use mdcalendar
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcalendar"}]})
use mdcategory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcategory"}]})
use MDChatTop
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDChatTop"}]})
use mdcheck
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcheck"}]})
use mddossier
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mddossier"}]})
use mdemail
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdemail"}]})
use mdform
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdform"}]})
use MDGroup
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDGroup"}]})
use mdgroups
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdgroups"}]})
use MDHistory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDHistory"}]})
use mdIdentification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdIdentification"}]})
use mdinbox
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdinbox"}]})
use mdkc
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdkc"}]})
use mdmap
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmap"}]})
use mdmobileaddress
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmobileaddress"}]})
use MDNotification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDNotification"}]})
use mdpost
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdpost"}]})
use mdreportdata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdreportdata"}]})
use mdroles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdroles"}]})
use mdsearch
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsearch"}]})
use mdservicedata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdservicedata"}]})
use mdsms
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsms"}]})
use MDSso
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDSso"}]})
use mdtag
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtag"}]})
use mdtransfer
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtransfer"}]})
use MDUser
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDUser"}]})
use mdworkflow
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkflow"}]})
use mdworksheet
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworksheet"}]})
use mdworkweixin
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkweixin"}]})
use mdwsrows
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdwsrows"}]})
use pushlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"pushlog"}]})
use taskcenter
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"taskcenter"}]})
use mdintegration
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdintegration"}]})
use mdworksheetlog
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetlog"}]})
use mdworksheetsearch
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetsearch"}]})
use mddatapipeline
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mddatapipeline"}]})
use mdwfplugin
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfplugin"}]}) -
Modify the file docker-compose.yaml to add environment variables and port mapping.
Default path for file docker-compose.yaml: /data/mingdao/script/docker-compose.yaml
- microservice version>=5.1.0
- microservice version<5.1.0
Add environment variables
ENV_MONGODB_DAEMON_ARGS
andENV_MONGODB_URI
under the app service.ENV_MONGODB_DAEMON_ARGS: "--auth"
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017"Add port mapping under the sc service to map port 27017 in the container (you can leave port mapping off if don't need external access).
- 27017:27017
Configuration example of file docker-compose.yaml
version: '3'
services:
app:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.8.1
environment:
ENV_ADDRESS_MAIN: "https://hap.domain.com"
ENV_APP_VERSION: "5.8.1"
ENV_API_TOKEN: "******"
ENV_MONGODB_DAEMON_ARGS: "--auth" # Add
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017" # Add. Note to change it to the actual hap user password.
ports:
- 8880:8880
volumes:
- ./volume/data/:/data/
- ../data:/data/mingdao/data
sc:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.0.0
environment:
<<: *app-environment
ports:
- 27017:27017 # Add. MongoDB port mapping. If external access to MongoDB is not required, there is no need to add this port mapping
volumes:
- ./volume/data/:/data/Add environment variables
ENV_MONGODB_DAEMON_ARGS
andENV_MONGODB_URI
under the app service.ENV_MONGODB_DAEMON_ARGS: "--auth"
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017"Add port mapping under the app service to map port 27017 in the container (you can leave port mapping off if don't need external access).
- 27017:27017
Configuration example of file docker-compose.yaml
version: '3'
services:
app:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.8.1
environment:
ENV_ADDRESS_MAIN: "https://hap.domain.com"
ENV_APP_VERSION: "5.8.1"
ENV_API_TOKEN: "******"
ENV_MONGODB_DAEMON_ARGS: "--auth" # Add
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017" # Add. Note to change it to the actual hap user password.
ports:
- 8880:8880
- 27017:27017 # Add. MongoDB port mapping. If external access to MongoDB is not required, there is no need to add this port mapping
volumes:
- ./volume/data/:/data/
- ../data:/data/mingdao/data -
Restart the microservice in the directory of Install Manager to take effect.
bash service.sh restartall