I’m working on a test environment with mongo image in Docker Desktop. I need to configure TLS with a self-signed certificate.
I generated a PEM certificate and updated mongo configuration file (see below). Service started successfully, but clients cannot connect to the service (test .Net client, Mongo Compass).
.Net client gets the following error:
System.TimeoutException: 'A timeout occurred after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 }, OperationsCountServerSelector }. Client view of cluster state is { ClusterId : “1”, DirectConnection : “True”, Type : “Standalone”, State : “Disconnected”, Servers : [{ ServerId: “{ ClusterId : 1, EndPoint : “192.168.2.11:27017” }”, EndPoint: “192.168.2.11:27017”, ReasonChanged: “Heartbeat”, State: “Disconnected”, ServerVersion: , TopologyVersion: , Type: “Unknown”, HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server.
Mongo image log contains many similar lines. See a short extract below:
{"t":{"$date":"2022-07-22T20:08:42.422+00:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.19.0.1:56814","uuid":"43a121aa-a251-4a5b-b02e-550e251ec477","connectionId":1,"connectionCount":1}}
{"t":{"$date":"2022-07-22T20:08:42.422+00:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.19.0.1:56812","uuid":"d3ca9390-5353-4ae3-8ab0-e4bd77a37b79","connectionId":2,"connectionCount":2}}
{"t":{"$date":"2022-07-22T20:08:42.487+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn2","msg":"Connection ended","attr":{"remote":"172.19.0.1:56812","uuid":"d3ca9390-5353-4ae3-8ab0-e4bd77a37b79","connectionId":2,"connectionCount":1}}
{"t":{"$date":"2022-07-22T20:08:42.487+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn1","msg":"Connection ended","attr":{"remote":"172.19.0.1:56814","uuid":"43a121aa-a251-4a5b-b02e-550e251ec477","connectionId":1,"connectionCount":0}}
{"t":{"$date":"2022-07-22T20:08:43.018+00:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.19.0.1:56816","uuid":"6cb73ff5-f2ce-4af2-b3ba-7767b66926a3","connectionId":3,"connectionCount":1}}
{"t":{"$date":"2022-07-22T20:08:43.024+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn3","msg":"Connection ended","attr":{"remote":"172.19.0.1:56816","uuid":"6cb73ff5-f2ce-4af2-b3ba-7767b66926a3","connectionId":3,"connectionCount":0}}
mongod.yaml
net:
tls:
mode: requireTLS
certificateKeyFile: /etc/mongo/cert/pub and priv keys.pem
certificateKeyFilePassword: 1
disabledProtocols: TLS1_0,TLS1_1
docker-compose.yaml
version: "3.1"
services:
my-mongo:
image: mongo:latest
command: "--config /etc/mongo/conf/mongod.yaml"
restart: always
container_name: mongo
hostname: mongo_host
ports:
- "27017:27017"
- "8080:80"
environment:
MONGO_INITDB_ROOT_USERNAME: oleksiiroot
MONGO_INITDB_ROOT_PASSWORD: password
volumes:
- "./volumes/mongo/config/:/etc/mongo/conf/"
- "./volumes/mongo/cert/:/etc/mongo/cert/"
- "./volumes/mongo/data/:/data/db/"
.NET app source code (MongoUrlBuilder)
var urlBuilder = new MongoUrlBuilder();
urlBuilder.ApplicationName = "my-app-name";
urlBuilder.DirectConnection = true;
urlBuilder.Scheme = ConnectionStringScheme.MongoDB;
urlBuilder.Server = new MongoServerAddress("192.168.2.11", 27017);
urlBuilder.Username = "oleksiiroot";
urlBuilder.Password = "password";
urlBuilder.UseTls = true;
urlBuilder.TlsDisableCertificateRevocationCheck = true;