💾 Archived View for wilw.capsule.town › notes › mongodb.gmi captured on 2024-05-12 at 15:35:20. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-12-28)

-=-=-=-=-=-=-

🏡 Home

Back to notes

MongoDB

Last updated on 31 October 2023

This is a reference quick-start note for deploying MongoDB via Docker, and with working self-signed TLS.

_Note: This setup does not yet consider replica sets. Coming soon..._

1. Generate keys for TLS

E.g. with one year expiry:

openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
cp cert.pem certificateKey.pem
cat key.pem >> certificateKey.pem

2. Create a Docker Compose file

Ensure to reference the correct locations via volume mounts.

`docker-compose.yml`

services:
  mongo:
    image: mongo:5
    restart: always
    command: "--auth --tlsMode requireTLS --tlsCertificateKeyFile /data/certificateKey.pem"
    ports:
      - "27017:27017"
    volumes:
      - /data/mongo:/data/db
      - ./certificateKey.pem:/data/certificateKey.pem

Note, when setting-up for the first time, omit the `--auth` flag, and use Docker localhost to configure users, and then re-run with `--auth`.

3. Connect

Connect as usual, but in the Mongo connection string for your apps, now pass in the following at the end of the string: `?tls=true&tlsAllowInvalidCertificates=true`.

Note: we need to allow invalid certificates, as the one we generated is self-signed.

Back to notes