我想用JAVA连接mongoDB,这个数据库是开了认证也开了TLS的。
我的访问代码:
MongoCredential credential = MongoCredential.createScramSha1Credential(
"gdasuser", "admin", "2ye80MW75y6Nd1h8Iitl7jCZwFuMAyRE".toCharArray());
ServerAddress serverAddress = new ServerAddress("10.19.85.113", 37017);
MongoClient mongoClient = new MongoClient(serverAddress, Arrays.asList(credential));
之前我访问https的时候,有用过别人的跳过认证的函数,这次用了好像不太有用,连接还是报错
Exception in thread "AWT-EventQueue-0" com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=10.19.85.113:37017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.io.EOFException}}]
at com.mongodb.BaseCluster.getServer(BaseCluster.java:82)
我猜可能没起什么作用,所以想学习一下正常通过TLS访问mongoDB
mongd的配置我能看到,pem文件也能拿到,但是我不知道接下来怎么办了。
> replication:
replSetName: "rs_aaa"
storage:
dbPath: "/tank/mongo/mongovolumes/data"
journal:
enabled: true
systemLog:
destination: file
verbosity: 0
quiet: false
logAppend: true
logRotate: rename
traceAllExceptions: true
path: "/tank/mongo/mongovolumes/log/mongod/mongod.log"
processManagement:
fork: true
pidFilePath: /home/aaa/var/run/mongodb/mongod.pid
timeZoneInfo: /usr/share/zoneinfo
security:
clusterAuthMode: x509
javascriptEnabled: false
net:
bindIp: "localhost,10.19.85.113"
port: "37017"
maxIncomingConnections: 65536
unixDomainSocket:
enabled: false
tls:
mode: requireTLS
disabledProtocols: TLS1_0,TLS1_1,TLS1_3
allowConnectionsWithoutCertificates: true
CAFile: "/home/aaa/conf/mongo/certificates/CA.pem"
certificateKeyFile: "/home/aaa/conf/mongo/certificates/mongo.pem"
certificateKeyFilePassword:
__exec: "cat /home/aaa/conf/mongo/certificates/passphrase.dec | tr -d '\n'"
type: "string"
clusterFile: "/home/aaa/conf/mongo/certificates/mongo.pem"
clusterPassword:
__exec: "cat /home/aaa/conf/mongo/certificates/passphrase.dec | tr -d '\n'"
type: "string"
setParameter:
authenticationMechanisms: SCRAM-SHA-1,SCRAM-SHA-256
opensslCipherConfig: HIGH:!EXPORT:!aNULL@STRENGTH