时间戳

首页 > 解决方案 > 通过 docker-compose 使用 SSL 构建 mongodb

mongodb - 通过 docker-compose 使用 SSL 构建 mongodb

问题描述

在 docker 容器中使用 SSL 连接到 mongoDB 时出现问题

我已按照此链接上的指南进行操作,然后尝试使用 SSL https://ritesh-yadav.github.io/tech/docker-instance-of-mongodb-with-ssl-support/

MongoDB Self-为 mongodb 构建 docker 容器签名 SSL 连接:SSL 对等证书验证失败
我想通过 docker compose 使用以下配置文件构建 mongodb:

net:
  ssl:
    CAFile: /home/mongodb/ssl/rootCA.pem
    PEMKeyFile: /home/mongodb/ssl/mongodb-server.pem
    mode: requireSSL
    disabledProtocols: "TLS1_0,TLS1_1"
    allowConnectionsWithoutCertificates: true
storage:
  journal:
    enabled: true

version: '3'
services:
    mongoDB:
        build: 
            context: .
        image: mongoDB:latest
        container_name: mongoDB
        restart: always
        environment:
            MONGO_INITDB_ROOT_USERNAME: admin
            MONGO_INITDB_ROOT_PASSWORD: pass
        ports:
            - "27017:27017"

FROM mongo:3.4-xenial

COPY scripts /home/mongodb/scripts

COPY ssl /home/mongodb/ssl

COPY mongod.conf /home/mongodb

WORKDIR /home/mongodb

RUN ["chmod", "+x", "/home/mongodb/scripts/"]

RUN ["chmod", "+x", "/home/mongodb/scripts/run.sh"]

RUN ["chmod", "+x", "/home/mongodb/scripts/setup_user.sh"]

CMD ["/home/mongodb/scripts/run.sh"]

EXPOSE 27017

#!/bin/bash

sleep 5

chown -R mongodb:mongodb /home/mongodb

nohup gosu mongodb mongod --dbpath=/data/db &

nohup gosu mongodb mongo admin --eval "help" > /dev/null 2>&1
RET=$?

while [[ "$RET" -ne 0 ]]; do
  echo "Waiting for MongoDB to start..."
  mongo admin --eval "help" > /dev/null 2>&1
  RET=$?
  sleep 2
done

bash /home/mongodb/scripts/setup_user.sh

gosu mongodb mongod --dbpath=/data/db --config mongod.conf -auth

#!/bin/bash

echo "************************************************************"
echo "Setting up users..."
echo "************************************************************"

# create root user
nohup gosu mongodb mongo db_name --eval "db.createUser({user: 'admin', pwd: 'pass', roles:[{ role: 'root', db: 'db_name' }]});"

# create app user/database
nohup gosu mongodb mongo db_name --eval "db.createUser({ user: 'user', pwd: 'pass', roles: [{ role: 'readWrite', db: 'db_name' }]});"

echo "************************************************************"
echo "Shutting down"
echo "************************************************************"
nohup gosu mongodb mongo admin --eval "db.shutdownServer();"

当我使用 docker-compose up 创建数据库后在 docker 容器中运行此命令时

mongo --port 27017 -u admin -p pass --authenticationDatabase db_name --ssl --sslPEMKeyFile /home/mongodb/ssl/mongodb-server.pem --sslCAFile /home/mongodb/ssl/rootCA.pem --host localhost

然后我收到:

MongoDB shell version v3.4.20
connecting to: mongodb://localhost:27017/
2019-04-16T08:13:55.296+0000 E NETWORK  [thread1] SSL peer certificate validation failed: self signed certificate
2019-04-16T08:13:55.297+0000 E QUERY    [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: self signed certificate :
connect@src/mongo/shell/mongo.js:240:13
@(connect):1:6
exception: connect failed

我做错什么了吗?

标签: mongodbssl

解决方案

推荐阅读