如何解决连接到 VPC 外部的 AWS DocumentDB 时连接超时
我正在尝试创建一个可以使用 DocumentDB 的非常简单的节点应用程序。我不使用 Cloud9 也不使用 Lambda,我在本地编码。我正在关注此链接 https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html 和此链接 https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-ec2.html
我使用以下入站规则创建了一个安全性较差的 EC2 实例
| 端口范围 | 协议 | 来源 | 安全组 |
|---|---|---|---|
| 22 | TCP | 0.0.0.0/0 | demoEC2 |
此 demoEC2 安全组具有以下入站规则
| 类型 | 协议 | 端口范围 | 来源 |
|---|---|---|---|
| SSH | TCP | 22 | 0.0.0.0/0 |
然后我创建了一个 DocumentDB 集群,其中有 1 个可用实例,该实例属于具有以下入站规则的安全组
| 类型 | 协议 | 端口范围 | 来源 |
|---|---|---|---|
| 自定义 tcp | TCP | 27017 | demoEC2 |
之后,我打开我的终端并创建了一个隧道:
ssh -i "mykeypair.pem" -L 27017:<CLUSTER ENDPOINT>:27017 ec2-user@<EC2 PUBLIC IPV4 DNS> -N
而且,为了测试我的隧道是否正常工作,我使用 mongoshell 进行连接:
> mongo "mongodb://<MASTER USERNAME>:<MASTER PASSWORD>@localhost:27017/<DATABASE>" --tls --tlsAllowInvalidHostnames --tlsCAFile rds-combined-ca-bundle.pem
MongoDB shell version v4.2.13
connecting to: mongodb://localhost:27017/<DATABASE>?compressors=disabled&gssapiServiceName=mongodb
2021-07-29T10:10:59.309+0200 W NETWORK [js] The server certificate does not match the host name. Hostname: localhost does not match docdb-2021-07-27-10-32-49.ctuxybn342pe.eu-central-1.docdb.amazonaws.com docdb-2021-07-27-10-32-49.cluster-ctuxybn342pe.eu-central-1.docdb.amazonaws.com docdb-2021-07-27-10-32-49.cluster-ro-ctuxybn342pe.eu-central-1.docdb.amazonaws.com,Subject Name: C=US,ST=Washington,L=Seattle,O=Amazon.com,OU=RDS,CN=docdb-2021-07-27-10-32-49.ctuxybn342pe.eu-central-1.docdb.amazonaws.com
Implicit session: session { "id" : UUID("63340995-54ad-471b-aa8d-85763f3c7281") }
MongoDB server version: 4.0.0
WARNING: shell and server versions do not match
Warning: Non-Genuine MongoDB Detected
This server or service appears to be an emulation of MongoDB rather than an official MongoDB product.
Some documented MongoDB features may work differently,be entirely missing or incomplete,or have unexpected performance characteristics.
To learn more please visit: https://dochub.mongodb.org/core/non-genuine-mongodb-server-warning.
rs0:PRIMARY>
但是,当我尝试在我的节点应用程序中进行连接时:
const mongoose = require('mongoose');
const fs = require('fs');
const path = require('path');
const username = ...
const password = ...
const database = ...
const connstring = `mongodb://${username}:${password}@localhost:27017/${database}?tls=true&replicaSet=rs0&readPreference=secondaryPreferred`;
const certFile = path.resolve(__dirname,'./rds-combined-ca-bundle.pem');
const certFileBuf = fs.readFileSync(certFile); //I tried this one in tlsCAFile option as well
mongoose.connect(connstring,{
tlsCAFile: certFile,useNewUrlParser: true,tlsAllowInvalidHostnames: true,}
).then(() => console.log('Connection to DB successful'))
.catch((err) => console.error(err,'Error'));
我在一段时间后收到连接超时错误:
> > node .\index.js
(node:12388) [MONGODB DRIVER] Warning: Current Server Discovery and Monitoring engine is deprecated,and will be removed in a future version. To use the new Server Discover and Monitoring engine,pass option { useUnifiedTopology: true } to the MongoClient constructor.
MongoNetworkError: failed to connect to server [<CLUSTER ENDPOINT WITHOUT HAVING .cluster->:27017] on first connect [MongoNetworkTimeoutError: connection timed out
at connectionFailureError (D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\connection\connect.js:345:14)
at TLSSocket.<anonymous> (D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\connection\connect.js:313:16)
at Object.onceWrapper (events.js:421:28)
at TLSSocket.emit (events.js:315:20)
at TLSSocket.Socket._onTimeout (net.js:481:8)
at listOnTimeout (internal/timers.js:549:17)
at processTimers (internal/timers.js:492:7)]
at Pool.<anonymous> (D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\topologies\server.js:441:11)
at Pool.emit (events.js:315:20)
at D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\connection\pool.js:564:14
at D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\connection\pool.js:1013:9
at D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\connection\connect.js:32:7
at callback (D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\connection\connect.js:283:5)
at TLSSocket.<anonymous> (D:\projects\documentdb-connect\node_modules\mongoose\node_modules\mongodb\lib\core\connection\connect.js:313:7)
at Object.onceWrapper (events.js:421:28)
at TLSSocket.emit (events.js:315:20)
at TLSSocket.Socket._onTimeout (net.js:481:8)
at listOnTimeout (internal/timers.js:549:17)
at processTimers (internal/timers.js:492:7) Error
既然我可以使用 mongoshell 连接,我认为隧道正在工作,我什至可以在上面做一些插入,但是为什么 Mongoose 无法连接?我也尝试过使用 MongoClient(const MongoClient = require('mongodb').MongoClient 和 MongoClient.connect(same everything)),但是没有用,我仍然遇到相同的超时错误。
解决方法
原来我需要做的就是通过选项传递用户名和密码,而不是在连接字符串中:
const connstring = `mongodb://localhost:27017/${database}`;
const certFile = path.resolve(__dirname,'./rds-combined-ca-bundle.pem');
const certFileBuf = fs.readFileSync(certFile);
mongoose.connect(connstring,{
tls: true,tlsCAFile: certFile,useNewUrlParser: true,tlsAllowInvalidHostnames: true,auth: {
username,password
}
}
)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
