Max Harper GroupLens Research Scientist

Setting Up a Proxy to mLab

I am using mLab in our curriculum for Developing the Interactive Web. MLab is a neat service that provides MongoDB as a service. Unfortunately, our firewall at the University of Minnesota aggressively filters outbound TCP traffic, which makes it more complicated to establish a connection with databases at mLab. Typically, I would solve this using an SSH tunnel, but mLab does not support SSH connections. Another solution might be to use a commercial VPN, but this could get expensive.

My kludgy solution is to use Amazon EC2 to host an nginx server, using their new TCP pass-through feature to route open outbound ports (e.g., 80) to mLab. I started up an EC2 instance in US-East (where mLab is also hosted), and mostly followed this wonderful tutorial at Servers for Hackers.

Here’s an example nginx.conf to use in EC2:

user www-data;
worker_processes auto;
pid /run/;

events {

http {
    # ...

stream {
    upstream mongo_80 {

    server {
        listen 80;
        proxy_pass mongo_80;

Then, I can connect to mongo via a command like this:

mongo -u user -p pass

To find open TCP outbound ports, I used Here’s a little bash script that requires one second per port:

for i in `seq 1 100`; do nc -w 1 -G 1 -v $i; done