MongoDB Add Authentication

tip

When adding authentication, two users are created, the root user for the admin library and the hap user for all business libraries.
The provided example uses hTkfDMYJ7ZLs for the root password and tC9S86SFWxga for the hap password. Please replace these with your own, strong passwords in your actual setup.
- To ensure compatibility and security, avoid special characters like "$", "&", or "@" in your custom passwords. These characters can interfere with regular expression parsing and may not be correctly passed to the container. Use hyphens "-" or underscores "_" instead.
Advance data backup is recommended before operation.
Microservices version: v3.7.0+.
If you've enabled the aggregate table feature, please refer to the corresponding documents to complete the creation of the aggregate table database and the corresponding roles and users, as well as adjust the replica set related parameters

Enter the mingdaoyun-sc container and log in to MongoDB

docker exec -it $(docker ps | grep mingdaoyun-sc | awk '{print $1}') mongo

Create root users for the admin library and hap users for all business libraries in the mongo shell

use admin
db.createUser({user:"root",pwd:"hTkfDMYJ7ZLs",roles:[{role:"root",db:"admin"}]})
use MDLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDLicense"}]})
use ClientLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"ClientLicense"}]})
use commonbase
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"commonbase"}]})
use MDAlert
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDAlert"}]})
use mdactionlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdactionlog"}]})
use mdapproles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapproles"}]})
use mdapprove
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapprove"}]})
use mdapps
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapps"}]})
use mdattachment
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdattachment"}]})
use mdcalendar
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcalendar"}]})
use mdcategory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcategory"}]})
use MDChatTop
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDChatTop"}]})
use mdcheck
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcheck"}]})
use mddossier
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mddossier"}]})
use mdemail
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdemail"}]})
use mdform
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdform"}]})
use MDGroup
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDGroup"}]})
use mdgroups
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdgroups"}]})
use MDHistory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDHistory"}]})
use mdIdentification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdIdentification"}]})
use mdinbox
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdinbox"}]})
use mdkc
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdkc"}]})
use mdmap
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmap"}]})
use mdmobileaddress
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmobileaddress"}]})
use MDNotification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDNotification"}]})
use mdpost
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdpost"}]})
use mdreportdata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdreportdata"}]})
use mdroles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdroles"}]})
use mdsearch
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsearch"}]})
use mdservicedata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdservicedata"}]})
use mdsms
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsms"}]})
use MDSso
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDSso"}]})
use mdtag
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtag"}]})
use mdtransfer
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtransfer"}]})
use MDUser
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDUser"}]})
use mdworkflow
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkflow"}]})
use mdworksheet
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworksheet"}]})
use mdworkweixin
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkweixin"}]})
use mdwsrows
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdwsrows"}]})
use pushlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"pushlog"}]})
use taskcenter
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"taskcenter"}]})
use mdintegration
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdintegration"}]})
use mdworksheetlog
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetlog"}]})
use mdworksheetsearch
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetsearch"}]})
use mddatapipeline
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mddatapipeline"}]})
use mdwfplugin
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfplugin"}]})
use mdpayment 
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdpayment"}]})
use mdwfai
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfai"}]})
use mdopenauth 
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdopenauth"}]})
use mdaisearch 
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdaisearch"}]})

Modify the file docker-compose.yaml to add environment variables and port mapping.

Default path for file docker-compose.yaml: /data/mingdao/script/docker-compose.yaml

Add environment variables ENV_MONGODB_DAEMON_ARGS and ENV_MONGODB_URI under the app service.

ENV_MONGODB_DAEMON_ARGS: "--auth"
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017"

Add port mapping under the sc service to map port 27017 in the container (you can leave port mapping off if don't need external access).

- 27017:27017

Configuration example of file docker-compose.yaml

version: '3'

services:
  app:
    image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-hap:7.3.5
    environment:
      ENV_ADDRESS_MAIN: "https://hap.domain.com"
      ENV_APP_VERSION: "7.3.5"
      ENV_API_TOKEN: "******"
      ENV_MONGODB_DAEMON_ARGS: "--auth"    # Add
      ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017" # Add. Note to change it to the actual hap user password.
    ports:
      - 8880:8880 
    volumes:
      - ./volume/data/:/data/
      - ../data:/data/mingdao/data

  sc:
    image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.2.0
    environment:
      <<: *app-environment
    ports:
      - 27017:27017 # Add. MongoDB port mapping. If external access to MongoDB is not required, there is no need to add this port mapping
    volumes:
      - ./volume/data/:/data/

Restart the microservice in the directory of Install Manager to take effect.
```
bash service.sh restartall
```