How To Restrict Mongo To Only Accept Local Connections
In some cases, it may be preferable to have MongoDB more secure than it is by default. While MongoDB isn't configured in our application to work with authentication, it can be locked down so that connections outside of the server are by default, rejected. Since all connections to Mongo are proxied directly through the Web Server, this will not interfere with users who are externally accessing GlobalCapture or GlobalAction.
Performing this action is fairly simple, as it requires only a very small modification of the Mongo Configuration file.
Step-by-step guide
- Stop Mongo DB service.
- You can do this from the Windows Services panel and stopping the service named "MongoDB".
- Open the mongod.cfg File in a text editor (located in the Getsmart directory, by default, this is C:\GetSmart).
- Modify the mongod.cfg to match your environment as shown in the examples below.
- Save your configuration file.
- Restart the MongoDB service.
GlobalSearch and GlobalCapture:
logpath=C:\GetSmart\mongodb\logs\mongo.log
dbpath=C:\GetSmart\mongodb\data
journal=true
bind_ip=127.0.0.1
GlobalCapture Standalone:
net:
bindIp: 127.0.0.1
systemLog:
destination: file
path: C:\GetSmart\CE_MongoDB\\logs\mongo.log
storage:
dbPath: C:\GetSmart\CE_MongoDB\\data
Please Be Advised
This CANNOT be performed if your environment is running multiple GlobalCapture Servers or a stand-alone GlobalForms 10 server. This should ONLY be performed on a server where all GlobalCapture/GlobalSearch/GlobalForms applications reside