简短问题:
checkServerIdentity出了什么问题?
如果我关闭该选项,则可以连接!但是我想使用这个选项!
长的问题
运行mongodb 3.2.6
我做了一个数据库用户
use db
db.createUser(
{
user: "user",
pwd: "pass",
roles: [
{ role: "readWrite", db: "db" }
]
}
)
我的mongod.conf看起来像这样
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
processManagement:
fork: true
pidFilePath: /var/run/mongodb/mongod.pid
net:
port: 27017
ssl:
mode: requireSSL
PEMKeyFile: /etc/letsencrypt/live/example.com/mongod-PEMKeyFile.pem
CAFile: /etc/letsencrypt/mongod-CAFile.pem
我开始
mongod --auth --config /etc/mongod.conf然后我运行node.js脚本
require(__dirname+'/../node_modules/mongodb').MongoClient.connect(
'mongodb://user:[email protected]:27017/db?ssl=true&authMechanism=SCRAM-SHA-1&authSource=db'
, {server:{
sslValidate:true
, checkServerIdentity:true
, sslCA:[require('fs').readFileSync('/etc/letsencrypt/identrust-root-download-x3.pem')]
, sslKey:require('fs').readFileSync('/etc/letsencrypt/live/example.com/privkey.pem')
, sslCert:require('fs').readFileSync('/etc/letsencrypt/live/example.com/mongod-sslCert.pem')
}}
, function(e,db){
console.log(e,db);
});
只是显示错误
{ [MongoError: failed to connect to server [127.0.0.1:27017] on first connect]
name: 'MongoError',
message: 'failed to connect to server [127.0.0.1:27017] on first connect' }
注意:如果我关闭mongod.conf和node.js脚本中的ssl,则连接正常!
mongod.log中没有信息
2016-08-03T19:23:26.995+0200 I CONTROL [main] ***** SERVER RESTARTED *****
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] MongoDB starting : pid=25307 port=27017 dbpath=/var/lib/mongo 64-bit host=xxxx
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] db version v3.2.6
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] git version: 05552b562c7a0b3143a729aaa0838e558dc49b25
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] allocator: tcmalloc
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] modules: none
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] build environment:
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] distmod: rhel70
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] distarch: x86_64
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] target_arch: x86_64
2016-08-03T19:23:27.012+0200 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { port: 27017, ssl: { CAFile: "/etc/letsencrypt/mongod-CAFile.pem", PEMKeyFile: "/etc/letsencrypt/live/example.com/mongod-PEMKeyFile.pem", mode: "requireSSL" } }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongod.pid" }, security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongo", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2016-08-03T19:23:27.047+0200 I - [initandlisten] Detected data files in /var/lib/mongo created by the 'mmapv1' storage engine, so setting the active storage engine to 'mmapv1'.
2016-08-03T19:23:27.059+0200 I STORAGE [initandlisten]
2016-08-03T19:23:27.059+0200 I STORAGE [initandlisten] ** WARNING: Readahead for /var/lib/mongo is set to 4096KB
2016-08-03T19:23:27.059+0200 I STORAGE [initandlisten] ** We suggest setting it to 256KB (512 sectors) or less
2016-08-03T19:23:27.059+0200 I STORAGE [initandlisten] ** http://dochub.mongodb.org/core/readahead
2016-08-03T19:23:27.059+0200 I JOURNAL [initandlisten] journal dir=/var/lib/mongo/journal
2016-08-03T19:23:27.060+0200 I JOURNAL [initandlisten] recover : no journal files present, no recovery needed
2016-08-03T19:23:27.364+0200 I JOURNAL [durability] Durability thread started
2016-08-03T19:23:27.365+0200 I JOURNAL [journal writer] Journal writer thread started
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten]
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten]
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten]
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2016-08-03T19:23:27.366+0200 I CONTROL [initandlisten]
2016-08-03T19:23:27.389+0200 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data'
2016-08-03T19:23:27.389+0200 I NETWORK [initandlisten] waiting for connections on port 27017 ssl
2016-08-03T19:23:27.390+0200 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
我该如何调试?该错误告诉我什么!
最佳答案
来自:https://jira.mongodb.org/browse/NODE-788
Lucas Hrabovsky添加了评论-2016年8月4日格林尼治标准时间+0000
查看checkServerIdentity的实现,这是传递给tls.connect()的回调。
您的示例不需要传递checkServerIdentity: true,因为这是此选项的默认值,并且仅应指定为checkServerIdentity: false或自定义回调。
[email protected] Benz Muircroft添加了评论-2016年8月4日下午6:55:04 GMT + 0000
反馈:
将其设置为true会阻止其连接,这似乎很奇怪! checkServerIdentity:true不应被忽略或至少有相关的警告/错误
当前输出错误没有提示:
{ [MongoError: failed to connect to server [127.0.0.1:27017] on first connect] name: 'MongoError', message: 'failed to connect to server [127.0.0.1:27017] on first connect' }
附言:这使用的是MongoDB Shell版本:3.2.6。我还有另一台服务器与MongoDB Shell版本:3.2.8,在3.2.8上设置checkServerIdentity:true不会以任何方式影响连接! (两个服务器都使用node.js mongodb 2.2.4),这很奇怪,只有一台服务器受到影响。
谢谢!