Skip to content

Instantly share code, notes, and snippets.

@BlackHacked

BlackHacked/docker: mongo.md

Forked from x-yuri/docker: mongo.md
Created May 5, 2022 02:12
Show Gist options
  • Save BlackHacked/c3c99298f76600cbe6247bdaecdcd96a to your computer and use it in GitHub Desktop.
Save BlackHacked/c3c99298f76600cbe6247bdaecdcd96a to your computer and use it in GitHub Desktop.
Download ZIP
docker: mongo
Raw
docker: mongo.md

Without either MONGO_INITDB_ROOT_USERNAME, or MONGO_INITDB_ROOT_PASSWORD the access is unrestricted.

docker-compose.yml:

version: '3'

services:
  mongo:
    image: mongo
      
  bash:
    image: bash
    entrypoint: sleep 100000000
$ docker-compose up -d
$ docker-compose exec bash sh -c 'echo http://dl-cdn.alpinelinux.org/alpine/v3.9/main >> /etc/apk/repositories' && docker-compose exec bash sh -c 'echo http://dl-cdn.alpinelinux.org/alpine/v3.9/community >> /etc/apk/repositories' && docker-compose exec bash apk update && docker-compose exec bash apk add mongodb
$ docker-compose exec bash mongo --host mongo
> show dbs
> use admin
> show collections

But you can't specify a user when connecting to the database:

$ docker-compose exec bash mongo --host mongo -u whatever
Enter password: 
connecting to: mongodb://mongo:27017/?gssapiServiceName=mongodb
2019-11-15T20:25:21.998+0000 E QUERY    [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:328:13
@(connect):1:6
exception: connect failed

In terms of mongoid.yml that means either no user option (*.clients.default.options.user), or nil value (user: ). Empty string (user: '') won't do.

docker-compose.yml:

version: '3'

services:
  mongo:
    image: mongo
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: root

      MONGO_USER: user
      MONGO_DB: db
    networks:
      - app
    volumes:
      - db:/data/db
      - ./init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh

  bash:
    image: bash
    entrypoint: sleep 100000000
    networks:
      - app

networks:
  app:

volumes:
  db:

init-mongo.sh:

#!/usr/bin/env bash
set -eu
mongo -- "$MONGO_DB" <<EOF
    var rootUser = '$MONGO_INITDB_ROOT_USERNAME';
    var rootPassword = '$MONGO_INITDB_ROOT_PASSWORD';
    var admin = db.getSiblingDB('admin');
    admin.auth(rootUser, rootPassword);

    var user = '$MONGO_USER';
    var passwd = '${MONGO_PASSWORD-}' || user;
    db.createUser({user: user, pwd: passwd, roles: ["readWrite"]});
EOF
$ docker-compose down -v && docker-compose up -d
$ docker-compose exec bash sh -c 'echo http://dl-cdn.alpinelinux.org/alpine/v3.9/main >> /etc/apk/repositories' && docker-compose exec bash sh -c 'echo http://dl-cdn.alpinelinux.org/alpine/v3.9/community >> /etc/apk/repositories' && docker-compose exec bash apk update && docker-compose exec bash apk add mongodb
$ docker-compose exec bash mongo --host mongo --authenticationDatabase admin --username root
$ docker-compose exec bash mongo --host mongo --authenticationDatabase db --username user db
> db.c1.insert({a: 1})
> db.c1.find()
> show collections
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment