This is a reference quick-start note for deploying MongoDB via Docker, and with working self-signed TLS.
Note: This setup does not yet consider replica sets. Coming soon…
1. Generate keys for TLS
E.g. with one year expiry:
openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 cp cert.pem certificateKey.pem cat key.pem >> certificateKey.pem
2. Create a Docker Compose file
Ensure to reference the correct locations via volume mounts.
services: mongo: image: mongo:5 restart: always command: "--auth --tlsMode requireTLS --tlsCertificateKeyFile /data/certificateKey.pem" ports: - "27017:27017" volumes: - /data/mongo:/data/db - ./certificateKey.pem:/data/certificateKey.pem
Note, when setting-up for the first time, omit the
--auth flag, and use Docker localhost to configure users, and then re-run with
Connect as usual, but in the Mongo connection string for your apps, now pass in the following at the end of the string:
Note: we need to allow invalid certificates, as the one we generated is self-signed.