feat: add two tsl/ssl certificate-related options and adapted lib/db.js #574
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change is
This is rather a note or question than a true pull request. I don't understand much about encryption and nodejs, but I could not get the current mongo-express docker container (0.54) to connect to the latest official mongo container (4.2.6) with a SSL/TSL setup
and self-signed certificates for testing purposes generated according to https://medium.com/@rajanmaharjan/secure-your-mongodb-connections-ssl-tls-92e2addb3c89 with
openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem openssl genrsa -out mongodb.key 2048 openssl req -new -key mongodb.key -out mongodb.csr openssl x509 -req -in mongodb.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256 cat mongodb.key mongodb.crt > mongodb.pem
without the code modifications demonstrated here. Otherwise, no SSL connection the the db server is established, probably due to some data type incompatibilities of passing strings and objects to mongodb.MongoClient within lib/db.js where boolean values and Buffers are expected (?).
Now, I have this setup working with this
docker-compose.yml
content:(note: the
local_mongo
image is just a thin modification to the official mongo image that mounts an smb share, nothing to do with the issue discussed here)Where would those described type incompatibilities arise? Did I do something wrong, and would there be any better practice that avoids my modifications?
References:
https://stackoverflow.com/questions/24381561/connecting-to-mongodb-over-ssl-with-node-js
https://stackoverflow.com/questions/28106940/mongodb-and-nodejs-ssl-secure-connection