Max Harper Social Computing and Recommender Systems

Setting Up a Proxy to mLab

I am using mLab in our curriculum for Developing the Interactive Web. MLab is a neat service that provides MongoDB as a service. Unfortunately, our firewall at the University of Minnesota aggressively filters outbound TCP traffic, which makes it more complicated to establish a connection with databases at mLab. Typically, I would solve this using an SSH tunnel, but mLab does not support SSH connections. Another solution might be to use a commercial VPN, but this could get expensive.

My kludgy solution is to use Amazon EC2 to host an nginx server, using their new TCP pass-through feature to route open outbound ports (e.g., 80) to mLab. I started up an EC2 instance in US-East (where mLab is also hosted), and mostly followed this wonderful tutorial at Servers for Hackers.

Here’s an example nginx.conf to use in EC2:

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    #...
}

http {
    # ...
}

stream {
    upstream mongo_80 {
        server ds000000.mongolab.com:33333;
    }

    server {
        listen 80;
        proxy_pass mongo_80;
    }
}

Then, I can connect to mongo via a command like this:

mongo ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com:80/db-name -u user -p pass

To find open TCP outbound ports, I used portquiz.net. Here’s a little bash script that requires one second per port:

for i in `seq 1 100`; do nc -w 1 -G 1 -v portquiz.net $i; done