Connecting Meteor External DB with ssh

Question

I've a droplet on DO in which there is a MONGODB instance. I can connect through the "ssh user@ip" command in OSX using the terminal, but if i want to connect it with Meteor(local) i need to do port forwarding with "ssh -L port:localhost:portserver user@ip -f -N" and use launch Meteor with --port. To access the MONGODB i removed the password so you can access only with the ssh and enabled a firewall as suggested on the DO guide. My question is: Is there a way to connect Meteor(local) with MONGODB without using the ssh tunneling each time? Or make it run the command before the meteor starting?This app is going to be on the phone(Android) for personal use so it won't go on production. Second question: Is the ssh tunneling + port forwarding slower than connecting with user@password to MONGODB? Third question: I'm going to use the ssh also for another mongoDB that will go in production, is it better to use user@password and connect using MONGO_URL var?

Thanks for the help!

Answer 1

There are 2 things to consider here: - authentication - encryption

the ssh tunnel insures encryption, while the password ensures authentication.

You can open up your DB to the world, and be protected by password, but if you don't have encryption, it's pretty much vulnerable to all sorts of network sniffing attacks (whenever on an open network or if someone is listening in the middle)

So, you would need encryption, that is SSL (TLS really, but best knowns as SSL)

You should looks at the MongoDB docs for this:

https://docs.mongodb.org/manual/tutorial/configure-ssl/

TLS can also be used for authentication, using a client certificate and a setting the server certificate to only accept those clients with a valid certificate. That's a little more complex as you'd need to configure your certification authority (OpenSSL most likely) to generate the right certs.

You can use tools like : https://github.com/cloudflare/cfssl to make your life easier in generating certs.

Hope that helps.