MongoDB Add Authentication
tip
-
When adding authentication, two users are created, the root user for the admin library and the hap user for all business libraries.
-
The following is an example with the password
hTkfDMYJ7ZLsfor root andtC9S86SFWxgafor hap. -
Be sure to change the passwords for root and hap in the actual configuration.
-
Advance data backup is recommended before operation.
-
Microservices version: v3.7.0+.
- microservice version>=5.1.0
- microservice version<5.1.0
First, use the docker ps command to find the mingdaoyun-sc container
Then use the command docker exec -it $(docker ps | grep mingdaoyun-sc | awk '{print $1}') bash to enter the mingdaoyun-sc container
Execute the mongo command to log in to mongo shll in the mingdaoyun-sc container
Enter the mingdaoyun-community container and log in to mongo
docker exec -it $(docker ps | grep mingdaoyun-community | awk '{print $1}') mongo
-
Create root users for the admin library and hap users for all business libraries in the mongo shell
use admin
db.createUser({user:"root",pwd:"hTkfDMYJ7ZLs",roles:[{role:"root",db:"admin"}]})
use MDLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDLicense"}]})
use ClientLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"ClientLicense"}]})
use commonbase
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"commonbase"}]})
use MDAlert
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDAlert"}]})
use mdactionlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdactionlog"}]})
use mdapproles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapproles"}]})
use mdapprove
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapprove"}]})
use mdapps
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapps"}]})
use mdattachment
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdattachment"}]})
use mdcalendar
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcalendar"}]})
use mdcategory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcategory"}]})
use MDChatTop
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDChatTop"}]})
use mdcheck
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcheck"}]})
use mddossier
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mddossier"}]})
use mdemail
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdemail"}]})
use mdform
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdform"}]})
use MDGroup
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDGroup"}]})
use mdgroups
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdgroups"}]})
use MDHistory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDHistory"}]})
use mdIdentification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdIdentification"}]})
use mdinbox
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdinbox"}]})
use mdkc
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdkc"}]})
use mdmap
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmap"}]})
use mdmobileaddress
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmobileaddress"}]})
use MDNotification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDNotification"}]})
use mdpost
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdpost"}]})
use mdreportdata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdreportdata"}]})
use mdroles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdroles"}]})
use mdsearch
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsearch"}]})
use mdservicedata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdservicedata"}]})
use mdsms
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsms"}]})
use MDSso
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDSso"}]})
use mdtag
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtag"}]})
use mdtransfer
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtransfer"}]})
use MDUser
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDUser"}]})
use mdworkflow
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkflow"}]})
use mdworksheet
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworksheet"}]})
use mdworkweixin
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkweixin"}]})
use mdwsrows
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdwsrows"}]})
use pushlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"pushlog"}]})
use taskcenter
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"taskcenter"}]})
use mdintegration
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdintegration"}]})
use mdworksheetlog
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetlog"}]})
use mdworksheetsearch
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetsearch"}]})
use mddatapipeline
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mddatapipeline"}]}) -
Modify the file docker-compose.yaml to add environment variables and port mapping.
Default path for file docker-compose.yaml: /data/mingdao/script/docker-compose.yaml
- microservice version>=5.1.0
- microservice version<5.1.0
Add environment variables
ENV_MONGODB_DAEMON_ARGSandENV_MONGODB_URIunder the app service.ENV_MONGODB_DAEMON_ARGS: "--auth"
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017"Add port mapping under the sc service to map port 27017 in the container (you can leave port mapping off if don't need external access).
- 27017:27017Configuration example of file docker-compose.yaml
version: '3'
services:
app:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.6.4
environment:
ENV_ADDRESS_MAIN: "https://hap.domain.com"
ENV_APP_VERSION: "5.6.4"
ENV_API_TOKEN: "******"
ENV_MONGODB_DAEMON_ARGS: "--auth" # Add
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017" # Add. Note to change it to the actual hap user password.
ports:
- 8880:8880
volumes:
- ./volume/data/:/data/
- ../data:/data/mingdao/data
sc:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.0.0
environment:
<<: *app-environment
ports:
- 27017:27017 # Add. MongoDB port mapping. If external access to MongoDB is not required, there is no need to add this port mapping
volumes:
- ./volume/data/:/data/Add environment variables
ENV_MONGODB_DAEMON_ARGSandENV_MONGODB_URIunder the app service.ENV_MONGODB_DAEMON_ARGS: "--auth"
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017"Add port mapping under the app service to map port 27017 in the container (you can leave port mapping off if don't need external access).
- 27017:27017Configuration example of file docker-compose.yaml
version: '3'
services:
app:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.6.4
environment:
ENV_ADDRESS_MAIN: "https://hap.domain.com"
ENV_APP_VERSION: "5.6.4"
ENV_API_TOKEN: "******"
ENV_MONGODB_DAEMON_ARGS: "--auth" # Add
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017" # Add. Note to change it to the actual hap user password.
ports:
- 8880:8880
- 27017:27017 # Add. MongoDB port mapping. If external access to MongoDB is not required, there is no need to add this port mapping
volumes:
- ./volume/data/:/data/
- ../data:/data/mingdao/data -
Restart the microservice in the directory of Install Manager to take effect.
bash service.sh restartall