💾 Archived View for wilw.capsule.town › notes › mongodb.gmi captured on 2024-05-26 at 14:57:14. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-12-28)
-=-=-=-=-=-=-
This is a reference quick-start note for deploying MongoDB via Docker, and with working self-signed TLS.
_Note: This setup does not yet consider replica sets. Coming soon..._
E.g. with one year expiry:
openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 cp cert.pem certificateKey.pem cat key.pem >> certificateKey.pem
Ensure to reference the correct locations via volume mounts.
`docker-compose.yml`
services:
mongo:
image: mongo:5
restart: always
command: "--auth --tlsMode requireTLS --tlsCertificateKeyFile /data/certificateKey.pem"
ports:
- "27017:27017"
volumes:
- /data/mongo:/data/db
- ./certificateKey.pem:/data/certificateKey.pem
Note, when setting-up for the first time, omit the `--auth` flag, and use Docker localhost to configure users, and then re-run with `--auth`.
Connect as usual, but in the Mongo connection string for your apps, now pass in the following at the end of the string: `?tls=true&tlsAllowInvalidCertificates=true`.
Note: we need to allow invalid certificates, as the one we generated is self-signed.