无法在本地使用 NodeJS 连接到 AWS DocumentDB
Cannot connect to AWS DocumentDB using NodeJS locally
我按照此处的说明设置了 SSH 隧道以进行外部连接:
https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html
建立隧道后,我可以使用 GUI 客户端 Robomongo 和“Studio 3T”进行连接。这样可以验证 ec2 机器确实具有访问权限并且我的 SSH 隧道正在运行。
但尽管如此,NodeJS 对连接并不满意。根据我的配置,我收到 2 个错误之一。
配置 1:
const url = 'mongodb://root:some-password@localhost:27017?ssl=true&replicaSet=rs0&readPreference=secondaryPreferred';
const ca = [fs.readFileSync('./rds-combined-ca-bundle.pem')];
const options = {
sslValidate: false, // you will see why in the next config
sslCA: ca,
useNewUrlParser: true,
useUnifiedTopology: true,
};
const client = new MongoClient(url, options);
几秒钟后我得到:
(node:7640) UnhandledPromiseRejectionWarning: MongoServerSelectionError: connect ENETUNREACH 172.31.26.210:27017
at Timeout._onTimeout (/Volumes/foo/source/node_modules/mongodb/lib/core/sdam/topology.js:430:30)
at listOnTimeout (internal/timers.js:549:17)
at processTimers (internal/timers.js:492:7)
配置 2:
const url = 'mongodb://root:some-password@localhost:27017?ssl=true&replicaSet=rs0&readPreference=secondaryPreferred';
const ca = [fs.readFileSync('./rds-combined-ca-bundle.pem')];
const options = {
sslValidate: true, // now this is true
sslCA: ca,
useNewUrlParser: true,
useUnifiedTopology: true,
};
const client = new MongoClient(url, options);
几秒钟后我得到:
(node:7682) UnhandledPromiseRejectionWarning: MongoServerSelectionError: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:docdb-2020-07-14-23-38-05.cluster-cpapk5zw6fa0.us-west-2.docdb.amazonaws.com, DNS:docdb-2020-07-14-23-38-05.cluster-ro-cpapk5zw6fa0.us-west-2.docdb.amazonaws.com, DNS:docdb-2020-07-14-23-38-05.cpapk5zw6fa0.us-west-2.docdb.amazonaws.com
at Timeout._onTimeout (/Volumes/foo/source/node_modules/mongodb/lib/core/sdam/topology.js:430:30)
at listOnTimeout (internal/timers.js:549:17)
at processTimers (internal/timers.js:492:7)
您无法通过隧道连接到副本集部署,因为一旦收到任何副本集成员的响应,驱动程序就会(尝试重新)连接到副本集配置中指定的主机名。
您可以通过单一拓扑中的隧道进行连接。从您的 URI 中删除 replicaSet
URI 选项。当然,这只会为您提供到指定节点的连接,您不会获得自动故障转移等。
我按照此处的说明设置了 SSH 隧道以进行外部连接: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html
建立隧道后,我可以使用 GUI 客户端 Robomongo 和“Studio 3T”进行连接。这样可以验证 ec2 机器确实具有访问权限并且我的 SSH 隧道正在运行。
但尽管如此,NodeJS 对连接并不满意。根据我的配置,我收到 2 个错误之一。
配置 1:
const url = 'mongodb://root:some-password@localhost:27017?ssl=true&replicaSet=rs0&readPreference=secondaryPreferred';
const ca = [fs.readFileSync('./rds-combined-ca-bundle.pem')];
const options = {
sslValidate: false, // you will see why in the next config
sslCA: ca,
useNewUrlParser: true,
useUnifiedTopology: true,
};
const client = new MongoClient(url, options);
几秒钟后我得到:
(node:7640) UnhandledPromiseRejectionWarning: MongoServerSelectionError: connect ENETUNREACH 172.31.26.210:27017
at Timeout._onTimeout (/Volumes/foo/source/node_modules/mongodb/lib/core/sdam/topology.js:430:30)
at listOnTimeout (internal/timers.js:549:17)
at processTimers (internal/timers.js:492:7)
配置 2:
const url = 'mongodb://root:some-password@localhost:27017?ssl=true&replicaSet=rs0&readPreference=secondaryPreferred';
const ca = [fs.readFileSync('./rds-combined-ca-bundle.pem')];
const options = {
sslValidate: true, // now this is true
sslCA: ca,
useNewUrlParser: true,
useUnifiedTopology: true,
};
const client = new MongoClient(url, options);
几秒钟后我得到:
(node:7682) UnhandledPromiseRejectionWarning: MongoServerSelectionError: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:docdb-2020-07-14-23-38-05.cluster-cpapk5zw6fa0.us-west-2.docdb.amazonaws.com, DNS:docdb-2020-07-14-23-38-05.cluster-ro-cpapk5zw6fa0.us-west-2.docdb.amazonaws.com, DNS:docdb-2020-07-14-23-38-05.cpapk5zw6fa0.us-west-2.docdb.amazonaws.com
at Timeout._onTimeout (/Volumes/foo/source/node_modules/mongodb/lib/core/sdam/topology.js:430:30)
at listOnTimeout (internal/timers.js:549:17)
at processTimers (internal/timers.js:492:7)
您无法通过隧道连接到副本集部署,因为一旦收到任何副本集成员的响应,驱动程序就会(尝试重新)连接到副本集配置中指定的主机名。
您可以通过单一拓扑中的隧道进行连接。从您的 URI 中删除 replicaSet
URI 选项。当然,这只会为您提供到指定节点的连接,您不会获得自动故障转移等。