-
Notifications
You must be signed in to change notification settings - Fork 2k
fix(mongodb): update ssl connection settings #1809
fix(mongodb): update ssl connection settings #1809
Conversation
I have updated the secure.js file and created the certificate as per the official mongodb documentation, but they provide mongodb-cert.key, mongodb-cert.crt and only one mongodb.pem file. I tried to match but it gives one error though. I am use having updated mongod.conf with:
Here is my shell script I used for mongod:
Running the app
|
Before jumping at the problem and concluding that it's a MEAN.JS configuration issue, can you connect to the MongoDB server with the mongo client using the ssl connection strings? Make sure that works first, and then we'll figure out the correct config items to put for MEAN.JS |
I can connect mongod to mongo server without any errors or warnings with the certificates generated for 127.0.0.1
Launching Mean now outputs the following error:
then the connection number iterates until 68th Edit: Now for some reason doesn't Iterate from connection 0. I even reverted my git repository. Here is my log file:
|
Which version do you have installed of mongoose now? Edit the The official docs actually still refer to a server object inside options: http://mongoosejs.com/docs/connections.html but rather this open issue is the only source of truth it seems: Automattic/mongoose#5442 |
My version of mongoose is
I don't have Where is this file supposed to be in regards to the project folder? |
which version of MEAN.js are you using? and the file I'm talking about should be found in |
It's from a stable 3.x MEAN.JS fork. Perhaps you can check it out? I've found occurence of mongoose.set in mongoose's folder index.js file and removed the comment though:
|
@staminna that link is broken and 3 is considerably old, moreover I don't understand why you have a minified version of... anything on the backend basically. How about you use the latest master branch version to test it out? |
I noticed the link has a dot in the end of the URL. I'll update as soon as to a computer. It's very Interesting though. It should work, but I can't abandon a MEAN. JS I have been working on for a year. It's the latest functionality I need to finish the project and security is crucial for the app. |
So it's a fork of old version of Mean.js: https://github.com/dreamerkumar/bizsitegenie @staminna so you should be looking at this: https://github.com/dreamerkumar/bizsitegenie/blob/master/website/server.js#L15-L21 I guess that instead of this: // Bootstrap db connection
var db = mongoose.connect(config.db, function(err) {
if (err) {
console.error(chalk.red('Could not connect to MongoDB!'));
console.log(chalk.red(err));
}
}); you'll need something like: // Bootstrap db connection
var db = mongoose.connect(config.db, {
// ssl options for Mongoose v4.10.x
}, function(err) {
if (err) {
console.error(chalk.red('Could not connect to MongoDB!'));
console.log(chalk.red(err));
}
}); To be honest this discussions shouldn't be under this pull request but somewhere else instead. |
Yes, I think we can safely say the referenced issue in Mongoose's project is correct. I'm sure these changes can be merged in without issue. However, it would be great if we can get confirmation.. @staminna As Mikael mentioned before, you will need to pass your config settings to the Mongoose |
I've added
and the secure options array to the second parameter of mongoose.connect() function. as suggested, then I lunched mongod with SSL certifications but even if I comment out the cert files with minimum amount of options still returns
I changed the path in the fs.readFileSync to check for errors to see if it would show errors and it did so I am sure they are being loaded as expected. Should I open a new issue and reference this pull? |
@staminna I don't understand what Try removing as much complications (like loading config objects) away from your app and try adding correct config objects directly to Actually even just running plain one file test which does nothing but connects to db with mongoose would probably help you to debug this. |
Yes
even after reading everything in stackoverflow. |
@staminna In your screen shot, the Mongoose SSL options are commented out. Was this intentional for just posting here? Otherwise, you'd need to un-comment the options for it to work. |
It's intentional only to make a point. There is no difference, the error and issue is the same either commenting or not.
Something is wrong. This is the most minimalist piece of code I could do and even without launching mongod without authentication and SSL options on the command line the error is "undefined"
Could not connect to MongoDB!
Undefined
I also have updated my mongod.conf file:
net:
security:
enableEncryption: true
ssl:
mode: requireSSL
PEMKeyFile: /app/website/config/sslcerts/mongodb.pem
sslCAFile: /app/website/config/sslcerts/mongodb-cert.crt
bindIp: 127.0.0.1
port: 27017
allowInvalidCertificates: true
allowInvalidHostnames: true
I will reverse the invalid certificates and hostnanes to false once I am sure it works.
|
@staminna can you make sure you enable mongoose debugging (explained before with |
I think I finally found something in the logs.
|
those logs though are hardly helpful as they are the mongo server logs, not the mongo client. |
I looked at The error message are still the same. My production environment keeps getting hacked and I am losing data records on the db on a weekly basis. |
@staminna As this relates to MEANJS, it's merely a configuration change. Beyond that, if you're having issues with these settings not working, you'll need to confirm your setup is correct to be used with these settings. If you think this is an issue with Mongoose/MongoDB you should open an issue on either of those projects. This discussion, at the very least, should be moved to a new issue here in this repo. This PR is getting polluted with this back & forth. |
Sorry guys, I'm not a software Engineer. |
@lirantal any changes to get this in for 0.6.0 or should we just postpone? |
while we haven't tested the certificate use-case I think it's aligned with documentation for new mongodb. |
Ah right it's just a comment change! Just didn't expect that seeing coverage+Travis failed. Let's merge. |
I agree that we should merge. The production env settings are commented out anyways. I've re-ran the build a few times over the past weeks, and still it fails on the E2E tests. Seems odd to me, but it's not relevant to these changes. |
👍 |
thanks! |
Updating SSL connection settings to be in-par with new versions of Mongoose.
Related issue: c0f6cb3#commitcomment-22974350