tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for MongoDB
    Documentation
    Download PDF

    Enabling Public Network Access

    Last updated: 2024-01-12 10:12:33
    Download PDF
      TencentDB for MongoDB supports both private and public network access. This document describes how to configure a public network access address in the console for you to access MongoDB database via the public network. By doing so, you can manage the database more flexibly and conveniently.

      Implementation Scheme

      TencentDB for MongoDB enables public network access through Cloud Load Balancer (CLB). After a CLB instance listening port is configured in the TencentDB for MongoDB console, the CLB instance will forward requests to the real server when its public IP address and port number are accessed over the public networks. The real server then maps the private and public networks and automatically forwards requests from the public network to the private network server of MongoDB. For more information about CLB and the real server, see CLB
      As is shown below, public network users access CLB via IP address 192.168.17.6 and port number 80. The real server of CLB forwards the request to the actual operating environment of MongoDB database where the private network IP address is 10.0.0.1 and the port number is 27017. In this way, public network users can access the MongoDB database via CLB.
      
      
      

      Use Limits

      Before enabling the public network access of the MongoDB database, you need to understand the relevant restrictions and requirements which involves MongoDB database, CLB, and network to ensure the security and stability of the database. For more information, see the table below.
      Category
      Feature
      Description
      TencentDB for MongoDB
      Version
      Only for MongoDB replica sets or sharded clusters v4.0 and later.
      Sharded cluster
      It only supports binding the default instance access address (CLB address) to CLB.
      Note
      The LB address of a MongoDB sharded cluster forwards client requests to the appropriate Mongos process for processing. For more information, see System Architecture. The CLB listener will listen to the LB IP address and port number of the MongoDB sharded cluster.
      
      Replica set
      When a node is added or deleted for the MongoDB replica set, you need to modify the public network IP address and specify the listening rules for the new node.
      Network
      VPC
      Only TencentDB for MongoDB CLB instances under the same VPC can be bound.
      After enabling the public network access, you can’t modify the network for the instance. To modify it, you need to disable the public network access.
      Security group
      You can’t enable the public network access for the MongoDB instance unbound to a security group. We recommend that you configure a security group to restrict the visiting address. For detailed directions, see Configuring Security Group.
      Password-free authentication
      Password-free access
      You can’t enable public network access for the MongoDB instances with password-free access enabled.
      CLB
      Instance type
      MongoDB instances can’t be bound to the classic CLB instances. For the differences between CLB (former Application Load Balancer) and classic CLB, see Instance Types Comparison.
      Instance specifications
      CLB instances fall into shared instances and LCU-supported instances. A shared instance can support a maximum of 50,000 concurrent connections per minute, but this may not be enough for some high-spec MongoDB instances. Therefore, we recommend that you choose LCU-supported instances to meet your needs. For differences between these two types of instances, see Instance Specifications Comparison.
      Operation Limits
      -
      You need to disable the public network access in the TencentDB for MongoDB console, and do not delete the bound address and the listening port in the CLB instance, otherwise the business connection exceptions will be caused.

      Note

      After the public network access is disabled, MongoDB will only clear the bound listener and will not release or repossess the CLB instance. You can purchase or delete a CLB instance in the CLB console.
      We recommend that each MongoDB instance be bound to one dedicated CLB instance, after which MongoDB will manage and maintain the listener. To share a CLB instance with other resources, you need to manage your listener ports well and reserve enough listeners. Otherwise, when a CLB is used by multiple services, the management chaos may occur.

      Prerequisites

      You have created a TencentDB for MongoDB instance on v4.0 or later, and the instance runs normally.
      You have created CLB instances in the same VPC as that of the MongoDB instance. For more information, see Creating CLB Instances.
      For more information on downloading a Windows visual tool, see MongoDB Compass Download (GUI).

      Directions

      Step 1. Enable public network access

      1. Log in to the TencentDB for MongoDB console.
      2. In the MongoDB drop-down list on the left sidebar, select Replica Set Instance or Sharded Cluster Instance. The directions for the two types of instances are similar.
      3. Above the Instance List on the right, select the region.
      4. In the instance list, find the target instance.
      In the search box in the top-right corner, you can search for the target instance by instance ID, instance name, private IP, or tag key.
      If you can't find the target instance in the instance list, select Recycle Bin on the left sidebar to check whether it is isolated there due to overdue payments. For more information, see Recycle Bin.
      5. In the Instance ID/Name column of the target instance, click the Instance ID to enter the Instance Details page.
      6. In the Network Configuration section on the Instance Details page, click Configure CLB Public Network Access next to Public Network Access.
      7. In the Service Authorization pop-up window, click Grant.
      8. 
      
      In the Configure CLB Public Network Access window, select CLB listening instances and configure listening rules.
      a. On the Bind CLB Instance tab, all CLB instances in the same VPC as the current MongoDB instance have been listed. Select the CLB instance to be bound based on the required bandwidth cap specification. VIP refers to the public IP address of the CLB instance.
      b. Click Next, on the Configure Listening Rules tab, bind the CLB instance and set the listening rules.
      If it is a replica set, configure CLB listening port number for MongoDB primary node and secondary node.
      If it is a sharded instance, configure a listening port for the private network address.
      
      
      
      9. Click OK,and wait for the task to complete. In the Network Configuration section on the Instance Details page, you can view the connection string of the public network address.
      
      
      Log in to the CLB console, find the CLB instance bound to MongoDB in the instance list of the instance management page, click Instance ID to enter the Basic Info tab, select Listener Management tab to view the listener.

      
      
      Step 2. Configure a security group

      After enabling the public network access, you need to configure security group rules for the CLB and its MongoDB instance timely. By doing so, you can control the access sources to ensure the security of the data access.
      1. Log in to the CVM console > Security Group, create a security group, set the inbound rules, and open the client IP address of mongo-driver  and the listening port of your specified MongoDB instance. For detailed directions, see Creating a Security Group.
      
      
      
      2. Log in to the CLB console, find the CLB instance bound to MongoDB in the instance list of the instance management page, click Instance ID to enter the Basic Info tab, and select the Security Group tab.
      Click Bind in the Bound Security Groups section, select a created security group in the Configure Security Group pop-up window, and click OK. For detailed directions, see Configuring CLB Security Group.
      
      
      3. Log in to the MongoDB console, find the target instance in the instance list, click the Instance ID, select the Data Security tab, click Configure Security Group to select the desired security group, and click OK. For detailed directions, see Configuring Security Group.
      
      

      Step 3. Connect to a database instance

      1. Log in to the MongoDB console. In the Network Configuration section on the Instance Details page, In the Access Address section, copy the connection string of Access Read/Write Primary Node or Only read secondary node in the Public network access address (connection string) column in the Access Address.
      
      
      
      2. Log in to the MongoDB Compass Download (GUI) client, paste the copied public network address connection string into the URI input box. The password information in the connection string is hidden as *, and you need to manually replace it with the access password of the instance, and click Connect .
      
      3. You can manage the database after the connection is successful.
      
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy