Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing to connect to Replica Set with SSL #3872

Closed
letsgolesco opened this issue Feb 10, 2016 · 12 comments
Closed

Failing to connect to Replica Set with SSL #3872

letsgolesco opened this issue Feb 10, 2016 · 12 comments

Comments

@letsgolesco
Copy link

I've been trying to connect over SSL to a mongodb 3.2 instance on compose.io with no luck. The message I end up with is Error: unable to verify the first certificate. I'm using mongoose 4.4.3, node 4.3.0.

What's particularly confounding is that I can successfully connect using the exact same options via the Node.js MongoDB Driver (i.e. require('mongodb').MongoClient).

Since Mongoose uses the same driver to establish connections, I'm hoping you guys have an idea as to what is happening here.

I've pasted some details below. I've tried tweaking the params a bit (e.g. using replSet or server instead of mongos), but with no luck. The options I've tried are mostly inspired by this blog post: https://www.compose.io/articles/one-missing-key-and-how-it-broke-node-js-and-mongodb/

var url = 'mongodb://{user}:{pass}@{ip_1}:{port_1},{ip_2}:{port_2}/{db_name}?ssl=true';
var ca = [fs.readFileSync(__dirname + '/cert.pem')];

var options = {
    mongos: {
        ssl: true,
        sslValidate: true,
        sslCA: ca,
        ca: ca,
        poolSize: 1,
        reconnectTries: 1
    }
};

mongoose.createConnection(url, options); // this fails
// MongoClient.connect(url, options); // this works
@vkarpov15 vkarpov15 added this to the 4.4.4 milestone Feb 11, 2016
@vkarpov15
Copy link
Collaborator

@letsgolesco try using the following options:

var sslOptions = {
  ssl: true,
  sslValidate: true,
  sslCA: ca,
  ca: ca,
  poolSize: 1,
  reconnectTries: 1
};

var options = {
    db: sslOptions,
    mongos: sslOptions
};

I suspect that may help. This is another instance where #3877 would be quite useful

@letsgolesco
Copy link
Author

Thanks for the suggestion @vkarpov15 , that got me around the unable to verify the first certificate error.

I'm still unable to connect unfortunately, the error this time being MongoError: no valid seed servers in list.

I tried the suggestion from #3209 to use the replSet option connectWithNoPrimary but I'm still getting the same error.

Any ideas here?

PS: I'm glad to see #3877 in the pipe!

@letsgolesco
Copy link
Author

Good news, I was actually able to get around the error. Now my issue is that I eventually get a no mongos proxy available error.

I'll try playing with the options to get around it, but any advice here is definitely appreciated!

@vkarpov15
Copy link
Collaborator

Can you show me your new connection options? Also, are you able to connect to the mongos from the machine that you're running your server on?

@vkarpov15 vkarpov15 modified the milestones: 4.4.5, 4.4.4 Feb 16, 2016
@letsgolesco
Copy link
Author

I'm able to connect to the mongos from my machine via the command line terminal without issue.

The previous problem happened because I neglected to update the configuration on a separate microservice.

Now my app doesn't throw any connection errors, but it also doesn't seem to execute any queries either (it just hangs).

My current connection options look like this (as per your previous suggestion):

var sslOptions = {
    socketOptions: { keepAlive: 120 },
    poolSize: 1,
    reconnectTries: 1,
    ssl: true,
    sslValidate: true,
    sslCA: sslPublicKey,
    ca: sslPublicKey
};

var options = {
    db: sslOptions,
    mongos: sslOptions
};

@letsgolesco
Copy link
Author

Woops, sorry about that - another case of my own human error. Looks like we got the problem resolved!

Thanks for the help with regards to configuration options. If you have any recommendations for other connection options to use on a production server (e.g. keepAlive, connectionTimeoutMS, socketTimeoutMS, poolSize, reconnectTries, etc), I'd appreciate that.

@vkarpov15 vkarpov15 removed this from the 4.4.5 milestone Feb 18, 2016
@karmakoder
Copy link

@letsgolesco what is the fix you tried for "MongoError: no valid seed servers in list" error?
I started to get this error in our app without making any changes to mongo configuration. Here is our current config :

`var options = {
server: { poolSize: 50 },
replSet: {
auto_reconnect: true,
socketOptions : {
keepAlive: 120
}
}
};
var db = mongoose.connect(IP1:27017, IP2:27017, IP3:27017 + "/" + dbName,options, function (error) {

}`

mongoose version - 4.4.6

@unusualbob
Copy link
Contributor

I just had this issue as well and finally figured out I had expired SSL certificates on my mongo servers. The way I figured it out was by trying to connect to just the primary instead of the replica set.

My connection string before was: mongodb://server1,server2,server3/db-name?replicaSet=rs0
When I used that I got the seed server error, then I changed it to mongodb://server1/db-name, when I used that I got certificate has expired. I then modified my mongoose connection options to include sslValidate: false and changed back to the replica connection string and it worked.

var options = {
  replSet: {
    ssl: true,
    sslValidate: false,
    auto_reconnect: true,
    socketOptions : {
      keepAlive: 120
    }
  }
}

@letsgolesco
Copy link
Author

@karmakoder this what my db config looks like, not sure if it'll help your situation though (my replica set is behind a mongos proxy):

    "mongos": {
      "ssl": true,
      "sslValidate": true,
      "sslCA": [ "<insert cert here>" ],
      "socketOptions": {
        "keepAlive": 120
      }
    },
    "server": {
      "socketOptions": {
        "autoReconnect": true,
        "keepAlive": 120
      }
    }
  }

@CallMeLaNN
Copy link

MongoError: no valid seed servers in list that related to client certificate but not replica set should follow #4900

@sescobb27
Copy link

sescobb27 commented Mar 7, 2017
edited

hi i'm having the same issue for my development environment, this is my config

mongoose.connect(process.env.MONGODB, {
  mongos: {
    ssl: process.env.ENABLE_SSL === 'true',
    sslValidate: process.env.ENABLE_SSL === 'true',
    sslCA: "cert",
    ca: "cert"
  }
});

this works for my production database which it's connection format is the following (we use compose for our production DB)

export MONGODB="mongodb://USER:PASS@HOST1:PORT1,HOST2:PORT2/DB?ssl=true"

but in my development database, it throws MongoError: no mongos proxies found in seed list it's connection is

export MONGODB=mongodb://localhost:27017/test-db

i was in mongoose@4.5.10 and it worked in both of them, but now i'm in mongoose@4.7.9 and it doesn't work anymore in development, any hint? thanks

@sescobb27
Copy link

this is a workaround which seems to work, but don't know if it's ok to do it this way

db.connect(process.env.MONGODB, {
  mongos: process.env.NODE_ENV === 'production',
  server: {
    ssl: process.env.ENABLE_SSL === 'true',
    sslValidate: process.env.ENABLE_SSL === 'true',
    sslCA: "cert",
    ca: "cert"
  }
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@CallMeLaNN @unusualbob @sescobb27 @vkarpov15 @letsgolesco @karmakoder