Skip to main content

MongoDB Add Authentication

tip
  • When adding authentication, two users are created, the root user for the admin library and the hap user for all business libraries.

  • The provided example uses hTkfDMYJ7ZLs for the root password and tC9S86SFWxga for the hap password. Please replace these with your own, strong passwords in your actual setup.

    • To ensure compatibility and security, avoid special characters like "$", "&", or "@" in your custom passwords. These characters can interfere with regular expression parsing and may not be correctly passed to the container. Use hyphens "-" or underscores "_" instead.
  • Advance data backup is recommended before operation.

  • Microservices version: v3.7.0+.

  • If you've enabled the aggregate table feature, please refer to the corresponding documents to complete the creation of the aggregate table database and the corresponding roles and users, as well as adjust the replica set related parameters

First, use the docker ps command to find the mingdaoyun-sc container

Then use the command docker exec -it $(docker ps | grep mingdaoyun-sc | awk '{print $1}') bash to enter the mingdaoyun-sc container

Execute the mongo command to log in to mongo shll in the mingdaoyun-sc container

  1. Create root users for the admin library and hap users for all business libraries in the mongo shell

    use admin
    db.createUser({user:"root",pwd:"hTkfDMYJ7ZLs",roles:[{role:"root",db:"admin"}]})
    use MDLicense
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDLicense"}]})
    use ClientLicense
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"ClientLicense"}]})
    use commonbase
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"commonbase"}]})
    use MDAlert
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDAlert"}]})
    use mdactionlog
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdactionlog"}]})
    use mdapproles
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapproles"}]})
    use mdapprove
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapprove"}]})
    use mdapps
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapps"}]})
    use mdattachment
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdattachment"}]})
    use mdcalendar
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcalendar"}]})
    use mdcategory
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcategory"}]})
    use MDChatTop
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDChatTop"}]})
    use mdcheck
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcheck"}]})
    use mddossier
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mddossier"}]})
    use mdemail
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdemail"}]})
    use mdform
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdform"}]})
    use MDGroup
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDGroup"}]})
    use mdgroups
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdgroups"}]})
    use MDHistory
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDHistory"}]})
    use mdIdentification
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdIdentification"}]})
    use mdinbox
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdinbox"}]})
    use mdkc
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdkc"}]})
    use mdmap
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmap"}]})
    use mdmobileaddress
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmobileaddress"}]})
    use MDNotification
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDNotification"}]})
    use mdpost
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdpost"}]})
    use mdreportdata
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdreportdata"}]})
    use mdroles
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdroles"}]})
    use mdsearch
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsearch"}]})
    use mdservicedata
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdservicedata"}]})
    use mdsms
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsms"}]})
    use MDSso
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDSso"}]})
    use mdtag
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtag"}]})
    use mdtransfer
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtransfer"}]})
    use MDUser
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDUser"}]})
    use mdworkflow
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkflow"}]})
    use mdworksheet
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworksheet"}]})
    use mdworkweixin
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkweixin"}]})
    use mdwsrows
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdwsrows"}]})
    use pushlog
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"pushlog"}]})
    use taskcenter
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"taskcenter"}]})
    use mdintegration
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdintegration"}]})
    use mdworksheetlog
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetlog"}]})
    use mdworksheetsearch
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetsearch"}]})
    use mddatapipeline
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mddatapipeline"}]})
    use mdwfplugin
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfplugin"}]})
  2. Modify the file docker-compose.yaml to add environment variables and port mapping.

    Default path for file docker-compose.yaml: /data/mingdao/script/docker-compose.yaml

    Add environment variables ENV_MONGODB_DAEMON_ARGS and ENV_MONGODB_URI under the app service.

    ENV_MONGODB_DAEMON_ARGS: "--auth"
    ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017"

    Add port mapping under the sc service to map port 27017 in the container (you can leave port mapping off if don't need external access).

    - 27017:27017
    Configuration example of file docker-compose.yaml
    version: '3'

    services:
    app:
    image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.8.1
    environment:
    ENV_ADDRESS_MAIN: "https://hap.domain.com"
    ENV_APP_VERSION: "5.8.1"
    ENV_API_TOKEN: "******"
    ENV_MONGODB_DAEMON_ARGS: "--auth" # Add
    ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017" # Add. Note to change it to the actual hap user password.
    ports:
    - 8880:8880
    volumes:
    - ./volume/data/:/data/
    - ../data:/data/mingdao/data

    sc:
    image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.0.0
    environment:
    <<: *app-environment
    ports:
    - 27017:27017 # Add. MongoDB port mapping. If external access to MongoDB is not required, there is no need to add this port mapping
    volumes:
    - ./volume/data/:/data/
  3. Restart the microservice in the directory of Install Manager to take effect.

    bash service.sh restartall