IT干货网

node.js之检查服务器身份 MongoDB

fff_TT 2023年12月10日 编程设计 235 0

简短的问题:

checkServerIdentity 出了什么问题?

如果我关闭该选项,那么我可以连接!但我想使用这个选项!


长问题

运行 mongodb 3.2.6

我做了一个数据库用户

use db 
db.createUser( 
    { 
      user: "user", 
      pwd: "pass", 
      roles: [ 
         { role: "readWrite", db: "db" } 
      ] 
    } 
) 

我的 mongod.conf 看起来像这样

systemLog: 
  destination: file 
  logAppend: true 
  path: /var/log/mongodb/mongod.log 
 
storage: 
  dbPath: /var/lib/mongo 
  journal: 
    enabled: true 
 
processManagement: 
  fork: true   
  pidFilePath: /var/run/mongodb/mongod.pid   
 
net: 
  port: 27017  
  ssl: 
    mode: requireSSL 
    PEMKeyFile: /etc/letsencrypt/live/example.com/mongod-PEMKeyFile.pem 
    CAFile: /etc/letsencrypt/mongod-CAFile.pem 

我开始 mongod --auth --config/etc/mongod.conf

然后我运行我的 node.js 脚本

require(__dirname+'/../node_modules/mongodb').MongoClient.connect( 
    'mongodb://user:pass@127.0.0.1:27017/db?ssl=true&authMechanism=SCRAM-SHA-1&authSource=db' 
    ,   {server:{ 
         sslValidate:true 
    ,    checkServerIdentity:true 
    ,    sslCA:[require('fs').readFileSync('/etc/letsencrypt/identrust-root-download-x3.pem')] 
    ,    sslKey:require('fs').readFileSync('/etc/letsencrypt/live/example.com/privkey.pem') 
    ,    sslCert:require('fs').readFileSync('/etc/letsencrypt/live/example.com/mongod-sslCert.pem') 
         }} 
,   function(e,db){ 
    console.log(e,db); 
    }); 

只显示错误

{ [MongoError: failed to connect to server [127.0.0.1:27017] on first connect] 
   name: 'MongoError', 
   message: 'failed to connect to server [127.0.0.1:27017] on first connect' } 

Note: It connects fine if I turn off ssl in the mongod.conf and the node.js script!

mongod.log 中没有信息

2016-08-03T19:23:26.995+0200 I CONTROL  [main] ***** SERVER RESTARTED ***** 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] MongoDB starting : pid=25307 port=27017 dbpath=/var/lib/mongo 64-bit host=xxxx 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] db version v3.2.6 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] git version: 05552b562c7a0b3143a729aaa0838e558dc49b25 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] allocator: tcmalloc 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] modules: none 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] build environment: 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten]     distmod: rhel70 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten]     distarch: x86_64 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten]     target_arch: x86_64 
2016-08-03T19:23:27.012+0200 I CONTROL  [initandlisten] options: { config: "/etc/mongod.conf", net: { port: 27017, ssl: { CAFile: "/etc/letsencrypt/mongod-CAFile.pem", PEMKeyFile: "/etc/letsencrypt/live/example.com/mongod-PEMKeyFile.pem", mode: "requireSSL" } }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongod.pid" }, security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongo", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } } 
2016-08-03T19:23:27.047+0200 I -        [initandlisten] Detected data files in /var/lib/mongo created by the 'mmapv1' storage engine, so setting the active storage engine to 'mmapv1'. 
2016-08-03T19:23:27.059+0200 I STORAGE  [initandlisten]  
2016-08-03T19:23:27.059+0200 I STORAGE  [initandlisten] ** WARNING: Readahead for /var/lib/mongo is set to 4096KB 
2016-08-03T19:23:27.059+0200 I STORAGE  [initandlisten] **          We suggest setting it to 256KB (512 sectors) or less 
2016-08-03T19:23:27.059+0200 I STORAGE  [initandlisten] **          http://dochub.mongodb.org/core/readahead 
2016-08-03T19:23:27.059+0200 I JOURNAL  [initandlisten] journal dir=/var/lib/mongo/journal 
2016-08-03T19:23:27.060+0200 I JOURNAL  [initandlisten] recover : no journal files present, no recovery needed 
2016-08-03T19:23:27.364+0200 I JOURNAL  [durability] Durability thread started 
2016-08-03T19:23:27.365+0200 I JOURNAL  [journal writer] Journal writer thread started 
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten]  
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten]  
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten] **        We suggest setting it to 'never' 
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten]  
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten] **        We suggest setting it to 'never' 
2016-08-03T19:23:27.366+0200 I CONTROL  [initandlisten]  
2016-08-03T19:23:27.389+0200 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data' 
2016-08-03T19:23:27.389+0200 I NETWORK  [initandlisten] waiting for connections on port 27017 ssl 
2016-08-03T19:23:27.390+0200 I NETWORK  [HostnameCanonicalizationWorker] Starting hostname canonicalization worker 

我该如何调试它?这个错误告诉我什么都没有!

请您参考如下方法:

来自:https://jira.mongodb.org/browse/NODE-788

Lucas Hrabovsky 添加了评论 - 2016 年 8 月 4 日 05:38:18 PM GMT+0000

Looking at the implementation for checkServerIdentity, this is the callback passed to tls.connect(). Passing checkServerIdentity: true per your example is not required as this is the default value for this option and should only be specified as checkServerIdentity: false or a custom callback.

benzmuircroft@gmail.com Benz Muircroft 添加了评论 - 2016 年 8 月 4 日 06:55:04 PM GMT+0000

Feedback: That seems really odd that setting it to true would prevent it from connecting! shouldn't checkServerIdentity:true just be ignored or at lease have a relevant warning/error

the current output error offers no hint:

{ [MongoError: failed to connect to server [127.0.0.1:27017] on first connect] name: 'MongoError', message: 'failed to connect to server [127.0.0.1:27017] on first connect' }

Ps: this is using MongoDB shell version: 3.2.6 I have another sever with MongoDB shell version: 3.2.8 and setting checkServerIdentity:true on 3.2.8 does not affect connecting in any way! (both servers are using node.js mongodb 2.2.4) its very weird that only one server is affected.

Thanks!


评论关闭
IT干货网

微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!