Connect MongoDB via SSH Tunnel

Last update: 2023-07-25
  • Created for:
  • Beginner
    Intermediate
    Admin
    Developer
    User

To connect your MongoDB database to Commerce Intelligence via an SSH tunnel, you must do a few things:

  1. Retrieve the Commerce Intelligence public key
  2. Allow access to the Commerce Intelligence IP address
  3. Create a Linux user for Commerce Intelligence
  4. Create a MongoDB user for Commerce Intelligence
  5. Enter the connection and user info into Commerce Intelligence
NOTE

Due to the technical nature of this setup, Adobe recommends you loop in a developer to help out if you have not done this before.

Retrieving the Commerce Intelligence public key

The public key is used to authorize the Commerce Intelligence Linux user. The next section walks you through creating the user and import the keys.

  1. Go to Data > Connections and click Add New Data Source.
  2. Click the MONGODB icon.
  3. After the MongoDB credentials page opens, change the Encrypted toggle to Yes. This displays the SSH setup form.
  4. The public key is located underneath this form.

Leave this page open throughout the tutorial - you will need it in the next section and at the end.

If you are a bit lost, here is how to navigate through Commerce Intelligence to retrieve the key:

Retrieving the RJMetrics public key

Allow access to the Commerce Intelligence IP address

For the connection to be successful, you must configure your firewall to allow access from your IP addresses. They are 54.88.76.97 and 34.250.211.151, but it is also on the MongoDB credentials page:

MBI_Allow_Access_IPs.png

Creating a Linux user for Commerce Intelligence

IMPORTANT

If the sshd_config file associated with the server is not set to the default option, only certain users have server access - this prevents a successful connection to Commerce Intelligence. In these cases, it is necessary to run a command like AllowUsers to allow the rjmetric user access to the server.

This can be a production or secondary machine, as long as it contains real-time (or frequently updated) data. You may restrict this user any way you like as long as it retains the right to connect to the MongoDB server.

To add the new user, run the following commands as root on your Linux server:

    adduser rjmetric -p
    mkdir /home/rjmetric
    mkdir /home/rjmetric/.ssh

Remember the public key you retrieved in the first section? To ensure that the user has access to the database, you need to import the key into authorized_keys. Copy the entire key into the authorized_keys file as follows:

    touch /home/rjmetric/.ssh/authorized_keys
    "< PASTE KEY HERE >" >> /home/rjmetric/.ssh/authorized_keys

To finish creating the user, alter the permissions on the /home/rjmetric directory to allow access via SSH:

    chown -R rjmetric:rjmetric /home/rjmetric
    chmod -R 700 /home/rjmetric/.ssh

Creating an Commerce Intelligence MongoDB user

MongoDB servers have two run modes - one with the “auth” option (mongod -- auth) and one without, which is the default. The steps for creating a MongoDB user varies depending on what mode your server is using. Bee sure to verify the mode before continuing.

If your server uses the Auth Option:

When connecting to multiple databases, you can add the user by logging into MongoDB as an admin user and running the following commands.

NOTE

To see all available databases, the Commerce Intelligence user requires the permissions to run listDatabases.

This command grants the Commerce Intelligence user access to all databases:

    use admin
    db.createUser('rjmetric', '< secure password here >', true)

Use this command to grant the Commerce Intelligence user access to a single database:

    use < database name >
    db.createUser('rjmetric', '< secure password here >', true)

This prints a response that looks like this:

    {
    "id": ObjectId("< some object id here >"),
    "user": "rjmetric",
    "readOnly": true,
    "pwd": "< some hash here >"
    }

If your server uses the default option

If your server does not use auth mode, your MongoDB server is accessible even without a username and password. However, you should ensure the mongodb.conf file (/etc/mongodb.conf) has the following lines - if not, restart your server after you add them.

    bind_ip = 127.0.0.1
    noauth = true

To bind your MongoDB server to a different address, adjust the database hostname in the next step accordingly.

Entering the connection and user info into Commerce Intelligence

To wrap things up, you need to enter the connection and user info into Commerce Intelligence. Did you leave the MongoDB credentials page open? If not, go to Data > Connections and click Add New Data Source, then the MongoDB icon. Do not forget to change the Encrypted toggle to Yes.

Enter the following info into this page, starting with the Database Connection section:

  • Host: 127.0.0.1
  • Username: The Commerce Intelligence MongoDB username (should be rjmetric)
  • Password: The Commerce Intelligence MongoDB password
  • Port: MongoDB’s port on your server (27017 by default)
  • Database Name (Optional): If you only allowed access to one database, specify the name of that database here.

Under the SSH Connection section:

  • Remote Address: The IP address or hostname of the server you will SSH into
  • Username: The Commerce Intelligence Linux (SSH) username (should be rjmetric)
  • SSH Port: The SSH port on your server (22 by default)

When you are finished, click Save Test to complete the setup.

Previous page
Next page

On this page