Question posted in
The official documentation can be found here.

Docker – Unable to connect to mongo db 6.0 from ASP.NET Core application

We are working on ASP.NET Core application with MongoDb as database. Mongo db has hosted on Docker container.

  • Existing configuration:
  • Mongodb 5.0.24
  • MongoDB.Driver 2.20.0
  • connection string: mongodb://myuser:mypassword@localhost:27017/mydatabase?ssl=true&sslVerifyCertificate=false

We are able to connect.

Now we are upgrading MongoDB version to 6.0. We need have to mongodb.pem file generated from chain of trust TLS.

But for the local development, we are trying to spin-up mongo container by supplying below command in the docker compose file.

--tlsAllowInvalidCertificates  --tlsCAFile  /run/secrets/mongo.crt

Here is the full service code from docker compose file

my_mongo:
    container_name: my_mongo
    image: mongo:${MONGO_VERSION:-6.0}
    ports:
      - 27017:27017
    restart: unless-stopped
    env_file: env/.mongo-env
    secrets:
      - mongodb.pem
      - mongo.crt
    networks:
      internal_network:
        aliases:
          - my-mongo
          - my-mongo.me.io
    volumes:
      - 'mongodb:/data/db'
      - './db-init/init-mongodb-users.sh:/docker-entrypoint-initdb.d/init-mongodb-users.sh'
    command: '--tlsAllowInvalidCertificates  --tlsCAFile  /run/secrets/mongo.crt --tlsMode requireTLS --tlsCertificateKeyFile /run/secrets/mongodb.pem'

I am unable connect with the old connection string. And try to pass different parameters like below to the connection string url. But no luck.

lsAllowInvalidCertificates=true
tlsCAFile=<path to .crt file>
sslPEMKeyFile =<path to .pem file>

Can anyone please help me out in giving proper connection string?

Thanks in advance.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thanks @Werbfried,

    For my local development I am able to use the Mongo 6.0 version by providing the below command

    --tlsAllowConnectionsWithoutCertificates

    here is the complete mongo service code of compose file for reference.

    my_mongo:
container_name: my_mongo
image: mongo:${MONGO_VERSION:-6.0}
ports:
  - 27017:27017
restart: unless-stopped
env_file: env/.mongo-env
secrets:
  - mongodb.pem
  - mongo.crt
networks:
  internal_network:
    aliases:
      - my-mongo
      - my-mongo.me.io
volumes:
  - 'mongodb:/data/db'
  - './db-init/init-mongodb-users.sh:/docker-entrypoint-initdb.d/init-mongodb-users.sh'
command: '--tlsAllowConnectionsWithoutCertificates --tlsAllowInvalidCertificates  --tlsCAFile  /run/secrets/mongo.crt --tlsMode requireTLS --tlsCertificateKeyFile /run/secrets/mongodb.pem'

    Here is the doc reference https://www.mongodb.com/docs/manual/reference/program/mongod/#std-option-mongod.--tlsAllowConnectionsWithoutCertificates


  2. 0

    You run a stand-alone MongoDB, and you don’t pass any client certificate. Thus --tlsCAFile ... has no effect, i.e. is not needed. The same applies for --tlsAllowInvalidCertificates option.

    sslPEMKeyFile parameter is deprecated, better use the tls... parameter.

    Did you put the private key to file mongodb.pem?

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search