sync configuration part with origin mong-express README for Docker secrets

fengdasuk19 commented 2 years ago

I try to use secrets and docker-compose to start mongo-express. At first I ONLY follow the offical docker README page, so my docker-compose.yml looks like:

  mongo-express:
    image: mongo-express
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: /run/secrets/mongo_admin_user
      ME_CONFIG_MONGODB_ADMINPASSWORD: /run/secrets/mongo_admin_pass
    secrets:
      - mongo_admin_user
      - mongo_admin_pass
  secrets:
    mongo_admin_user:
      file: mongo_admin_user.txt
    mongo_admin_pass:
      file: mongo_admin_pass.txt

which results in the container restarting repeatedly, whose logs look like:

(node:8) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Could not connect to database using connectionString: mongodb:///run/secrets/mongo_admin_user:/run/secrets/mongo_admin_pass@mongo:27017/"
(node:7) UnhandledPromiseRejectionWarning: MongoParseError: Unescaped slash in userinfo section
Welcome to mongo-express

After that, I read a relevant issue, a PR, and README of mongo-express. It seems that any variable pointing to Docker secrets in mongo-express-docker is valid only if it has a _FILE postfix.

  mongo-express:
    image: mongo-express
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME_FILE: /run/secrets/mongo_admin_user
      ME_CONFIG_MONGODB_ADMINPASSWORD_FILE: /run/secrets/mongo_admin_pass
    secrets:
      - mongo_admin_user
      - mongo_admin_pass
  secrets:
    mongo_admin_user:
      file: mongo_admin_user.txt
    mongo_admin_pass:
      file: mongo_admin_pass.txt

Therefore, I suggest that README of the offical mongo-express Docker image should be synced with the README of the origin mongo-express , otherwise people would be confused.

Jean-Baptiste-Lasselle commented 2 years ago

I try to use secrets and docker-compose to start mongo-express. At first I ONLY follow the offical docker README page, so my docker-compose.yml looks like:
  mongo-express:
    image: mongo-express
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: /run/secrets/mongo_admin_user
      ME_CONFIG_MONGODB_ADMINPASSWORD: /run/secrets/mongo_admin_pass
    secrets:
      - mongo_admin_user
      - mongo_admin_pass
  secrets:
    mongo_admin_user:
      file: mongo_admin_user.txt
    mongo_admin_pass:
      file: mongo_admin_pass.txt
which results in the container restarting repeatedly, whose logs look like:
(node:8) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Could not connect to database using connectionString: mongodb:///run/secrets/mongo_admin_user:/run/secrets/mongo_admin_pass@mongo:27017/"
(node:7) UnhandledPromiseRejectionWarning: MongoParseError: Unescaped slash in userinfo section
Welcome to mongo-express
After that, I read a relevant issue, a PR, and README of mongo-express. It seems that any variable pointing to Docker secrets in mongo-express-docker is valid only if it has a _FILE postfix.
  mongo-express:
    image: mongo-express
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME_FILE: /run/secrets/mongo_admin_user
      ME_CONFIG_MONGODB_ADMINPASSWORD_FILE: /run/secrets/mongo_admin_pass
    secrets:
      - mongo_admin_user
      - mongo_admin_pass
  secrets:
    mongo_admin_user:
      file: mongo_admin_user.txt
    mongo_admin_pass:
      file: mongo_admin_pass.txt
Therefore, I suggest that README of the offical mongo-express Docker image should be synced with the README of the origin mongo-express , otherwise people would be confused.

Hello @thomasleveil , thank you for the informations your provided from your research, it all gave me the guts to solve the issue : getting a docker-compose where mongo-express will work out of the box.

Ok, so to thank you and all team, here is the doker-compose that i tested, which makes use of docker secrets for all secrets used by mongo-express :

version: "3.7"
# version: "3"
networks:
  mongo_net:
    driver: bridge
volumes:
  mongodb_server_data:

services:
#   node:
#     build:
#       context: .
#       dockerfile: ./docker/node/Dockerfile
#     # volumes:
#     # # https://stackoverflow.com/a/32785014/232619
#       # - .:/app
#       # - /app/node_modules
#     command: /usr/local/wait-for-it.sh mongo:27017 -- npm start
#     env_file:
#       - .env
#     ports:
#       - 9099:3000
#     depends_on:
#       - mongo
  mongo:
    image: mongo
    container_name: mongo
    restart: always
    ports:
      - 0.0.0.0:27017:27017
    env_file: .env
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
      MONGO_INITDB_DATABASE: ${MONGO_INITDB_DATABASE}
    volumes:
      - mongodb_server_data:/data/db
      - $PWD/docker/run/mongo/mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js
    extra_hosts:
      - "mongo.pok-us.io:${DOCK_HOST_IP_ADDR}"
      - "mongo:${DOCK_HOST_IP_ADDR}"
    networks:
      mongo_net:
        aliases:
          - mongo.pok-us.io
          - mongo
# ---------- ---------- ---------- ---------- ---------- ---------- ---------- #
# https://hub.docker.com/_/mongo-express
# ---------- ---------- ---------- ---------- ---------- ---------- ---------- #
  mongo_webui:
    image: mongo-express:0.54.0
    container_name: mongo_webui
    restart: always
    ports:
      - 0.0.0.0:8084:8081
    env_file: .env
    environment:
      ME_CONFIG_OPTIONS_EDITORTHEME: ${ME_CONFIG_OPTIONS_EDITORTHEME}
      ME_CONFIG_MONGODB_ENABLE_ADMIN: "true"
      # --- all secrets :
      ME_CONFIG_MONGODB_URL: ${ME_CONFIG_MONGODB_URL}
      ME_CONFIG_MONGODB_AUTH_DATABASE: ${ME_CONFIG_MONGODB_AUTH_DATABASE}
      ME_CONFIG_MONGODB_AUTH_USERNAME: ${ME_CONFIG_MONGODB_AUTH_USERNAME}
      ME_CONFIG_MONGODB_AUTH_PASSWORD: ${ME_CONFIG_MONGODB_AUTH_PASSWORD}
      ME_CONFIG_BASICAUTH_USERNAME: ${ME_CONFIG_BASICAUTH_USERNAME}
      ME_CONFIG_BASICAUTH_PASSWORD: ${ME_CONFIG_BASICAUTH_PASSWORD}
      ME_CONFIG_MONGODB_ADMINUSERNAME: ${ME_CONFIG_MONGODB_ADMINUSERNAME}
      ME_CONFIG_MONGODB_ADMINPASSWORD: ${ME_CONFIG_MONGODB_ADMINPASSWORD}
      # - same secrets, but as files :
      ME_CONFIG_MONGODB_URL_FILE: /run/secrets/mongodb_url
      ME_CONFIG_MONGODB_AUTH_DATABASE_FILE: /run/secrets/mongodb_auth_database
      ME_CONFIG_MONGODB_AUTH_USERNAME_FILE: /run/secrets/mongodb_auth_username
      ME_CONFIG_MONGODB_AUTH_PASSWORD_FILE: /run/secrets/mongodb_auth_password
      ME_CONFIG_BASICAUTH_USERNAME_FILE: /run/secrets/basicauth_username
      ME_CONFIG_BASICAUTH_PASSWORD_FILE: /run/secrets/basicauth_password
      ME_CONFIG_MONGODB_ADMINUSERNAME_FILE: /run/secrets/mongodb_adminusername
      ME_CONFIG_MONGODB_ADMINPASSWORD_FILE: /run/secrets/mongodb_adminpassword

      # --- More of them
      # ME_CONFIG_MONGODB_SERVER: ${ME_CONFIG_MONGODB_SERVER}
      # ME_CONFIG_SITE_BASEURL: http://0.0.0.0:8084/
      # ME_CONFIG_REQUEST_SIZE: ${ME_CONFIG_REQUEST_SIZE}
      # ME_CONFIG_SITE_SSL_ENABLED: "false"
      # ME_CONFIG_MONGODB_SSLVALIDATE: ${ME_CONFIG_MONGODB_SSLVALIDATE}
      # ME_CONFIG_SITE_SSL_CRT_PATH: ${ME_CONFIG_SITE_SSL_CRT_PATH}
      # ME_CONFIG_SITE_SSL_KEY_PATH: ${ME_CONFIG_SITE_SSL_KEY_PATH}
      # --> File Injected secrets with docker secrets
      # ME_CONFIG_MONGODB_CA_FILE: ${ME_CONFIG_MONGODB_CA_FILE}
      # ME_CONFIG_BASICAUTH_USERNAME_FILE: /run/secrets/basicauth_username
      # ME_CONFIG_BASICAUTH_PASSWORD_FILE: /run/secrets/basicauth_password
      # ME_CONFIG_MONGODB_ADMINUSERNAME_FILE: /run/secrets/mongo_admin_user
      # ME_CONFIG_MONGODB_ADMINPASSWORD_FILE: /run/secrets/mongo_admin_pass
      # ME_CONFIG_MONGODB_AUTH_USERNAME_FILE: /run/secrets/mongodb_auth_username
      # ME_CONFIG_MONGODB_AUTH_PASSWORD_FILE: /run/secrets/mongodb_auth_password
      # ME_CONFIG_SITE_COOKIESECRET_FILE: /run/secrets/site_cookiesecret
      # ME_CONFIG_SITE_SESSIONSECRET_FILE: /run/secrets/site_sessionsecret
      # ME_CONFIG_MONGODB_URL_FILE: /run/secrets/mongodb_url

      # ME_CONFIG_MONGODB_AUTH_DATABASE_FILE: /run/secrets/mongodb_auth_database
      # ME_CONFIG_MONGODB_AUTH_USERNAME_FILE: /run/secrets/mongodb_auth_username
      # ME_CONFIG_MONGODB_AUTH_PASSWORD_FILE: /run/secrets/mongodb_auth_password
    secrets:
      - mongo_admin_user
      - mongo_admin_pass
      - basicauth_username
      - basicauth_password
      - site_cookiesecret
      - site_sessionsecret
      - mongodb_url
      - mongodb_auth_database
      - mongodb_auth_username
      - mongodb_auth_password
    volumes:
      - mongodb_server_data:/data/db
      - $PWD/docker/run/mongo/mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js
    # extra_hosts:
      # - "mongo.pok-us.io:${DOCK_HOST_IP_ADDR}"
      # - "mongo:${DOCK_HOST_IP_ADDR}"
    networks:
      mongo_net:
        aliases:
          - mongoui.pok-us.io
#       webui_net:
#         aliases:
#           - mongo.pok-us.io
#           # - alias3
secrets:
  mongo_admin_user:
    file: ./docker/run/.secrets/mongo_admin_user.txt
  mongo_admin_pass:
    file: ./docker/run/.secrets/mongo_admin_pass.txt
  basicauth_username:
    file: ./docker/run/.secrets/basicauth_username.txt
  basicauth_password:
    file: ./docker/run/.secrets/basicauth_password.txt
  site_cookiesecret:
    file: ./docker/run/.secrets/site_cookiesecret.txt
  site_sessionsecret:
    file: ./docker/run/.secrets/site_sessionsecret.txt
  mongodb_url:
    file: ./docker/run/.secrets/mongodb_url.txt
  mongodb_auth_database:
    file: ./docker/run/.secrets/mongodb_auth_database.txt
  mongodb_auth_username:
    file: ./docker/run/.secrets/mongodb_auth_username.txt
  mongodb_auth_password:
    file: ./docker/run/.secrets/mongodb_auth_password.txt

Now, you do have to prepare your secrets files on the filesystem before running :

docker-compose down --volumes && docker-compose up --force-recreate -d && docker-compose logs -f mongo_webui | more

Jean-Baptiste-Lasselle commented 2 years ago

Addendum: the exact same docker-compose , only wit _Filesuffixed env vars for all secrets :

version: "3.7"
# version: "3"
networks:
  mongo_net:
    driver: bridge
volumes:
  mongodb_server_data:

services:
#   node:
#     build:
#       context: .
#       dockerfile: ./docker/node/Dockerfile
#     # volumes:
#     # # https://stackoverflow.com/a/32785014/232619
#       # - .:/app
#       # - /app/node_modules
#     command: /usr/local/wait-for-it.sh mongo:27017 -- npm start
#     env_file:
#       - .env
#     ports:
#       - 9099:3000
#     depends_on:
#       - mongo
  mongo:
    image: mongo
    container_name: mongo
    restart: always
    ports:
      - 0.0.0.0:27017:27017
    env_file: .env
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
      MONGO_INITDB_DATABASE: ${MONGO_INITDB_DATABASE}
    volumes:
      - mongodb_server_data:/data/db
      - $PWD/docker/run/mongo/mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js
    extra_hosts:
      - "mongo.pok-us.io:${DOCK_HOST_IP_ADDR}"
      - "mongo:${DOCK_HOST_IP_ADDR}"
    networks:
      mongo_net:
        aliases:
          - mongo.pok-us.io
          - mongo
# ---------- ---------- ---------- ---------- ---------- ---------- ---------- #
# https://hub.docker.com/_/mongo-express
# ---------- ---------- ---------- ---------- ---------- ---------- ---------- #
  mongo_webui:
    image: mongo-express:0.54.0
    container_name: mongo_webui
    restart: always
    ports:
      - 0.0.0.0:8084:8081
    env_file: .env
    environment:
      ME_CONFIG_OPTIONS_EDITORTHEME: ${ME_CONFIG_OPTIONS_EDITORTHEME}
      ME_CONFIG_MONGODB_ENABLE_ADMIN: "true"
      # - same secrets, but as files :
      ME_CONFIG_MONGODB_URL_FILE: /run/secrets/mongodb_url
      ME_CONFIG_MONGODB_AUTH_DATABASE_FILE: /run/secrets/mongodb_auth_database
      ME_CONFIG_MONGODB_AUTH_USERNAME_FILE: /run/secrets/mongodb_auth_username
      ME_CONFIG_MONGODB_AUTH_PASSWORD_FILE: /run/secrets/mongodb_auth_password
      ME_CONFIG_BASICAUTH_USERNAME_FILE: /run/secrets/basicauth_username
      ME_CONFIG_BASICAUTH_PASSWORD_FILE: /run/secrets/basicauth_password
      ME_CONFIG_MONGODB_ADMINUSERNAME_FILE: /run/secrets/mongodb_adminusername
      ME_CONFIG_MONGODB_ADMINPASSWORD_FILE: /run/secrets/mongodb_adminpassword
      ME_CONFIG_SITE_COOKIESECRET_FILE: /run/secrets/site_cookiesecret
      ME_CONFIG_SITE_SESSIONSECRET_FILE: /run/secrets/site_sessionsecret

      # --- More of them
      # ME_CONFIG_MONGODB_SERVER: ${ME_CONFIG_MONGODB_SERVER}
      # ME_CONFIG_SITE_BASEURL: http://0.0.0.0:8084/
      # ME_CONFIG_REQUEST_SIZE: ${ME_CONFIG_REQUEST_SIZE}
      # ME_CONFIG_SITE_SSL_ENABLED: "false"
      # ME_CONFIG_MONGODB_SSLVALIDATE: ${ME_CONFIG_MONGODB_SSLVALIDATE}
      # ME_CONFIG_SITE_SSL_CRT_PATH: ${ME_CONFIG_SITE_SSL_CRT_PATH}
      # ME_CONFIG_SITE_SSL_KEY_PATH: ${ME_CONFIG_SITE_SSL_KEY_PATH}
      # --> File Injected secrets with docker secrets
      # ME_CONFIG_MONGODB_CA_FILE: ${ME_CONFIG_MONGODB_CA_FILE}
      # ME_CONFIG_BASICAUTH_USERNAME_FILE: /run/secrets/basicauth_username
      # ME_CONFIG_BASICAUTH_PASSWORD_FILE: /run/secrets/basicauth_password
      # ME_CONFIG_MONGODB_ADMINUSERNAME_FILE: /run/secrets/mongo_admin_user
      # ME_CONFIG_MONGODB_ADMINPASSWORD_FILE: /run/secrets/mongo_admin_pass
      # ME_CONFIG_MONGODB_AUTH_USERNAME_FILE: /run/secrets/mongodb_auth_username
      # ME_CONFIG_MONGODB_AUTH_PASSWORD_FILE: /run/secrets/mongodb_auth_password
      # ME_CONFIG_SITE_COOKIESECRET_FILE: /run/secrets/site_cookiesecret
      # ME_CONFIG_SITE_SESSIONSECRET_FILE: /run/secrets/site_sessionsecret
      # ME_CONFIG_MONGODB_URL_FILE: /run/secrets/mongodb_url

      # ME_CONFIG_MONGODB_AUTH_DATABASE_FILE: /run/secrets/mongodb_auth_database
      # ME_CONFIG_MONGODB_AUTH_USERNAME_FILE: /run/secrets/mongodb_auth_username
      # ME_CONFIG_MONGODB_AUTH_PASSWORD_FILE: /run/secrets/mongodb_auth_password
    secrets:
      - mongo_admin_user
      - mongo_admin_pass
      - basicauth_username
      - basicauth_password
      - site_cookiesecret
      - site_sessionsecret
      - mongodb_url
      - mongodb_auth_database
      - mongodb_auth_username
      - mongodb_auth_password
    volumes:
      - mongodb_server_data:/data/db
      - $PWD/docker/run/mongo/mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js
    # extra_hosts:
      # - "mongo.pok-us.io:${DOCK_HOST_IP_ADDR}"
      # - "mongo:${DOCK_HOST_IP_ADDR}"
    networks:
      mongo_net:
        aliases:
          - mongoui.pok-us.io
#       webui_net:
#         aliases:
#           - mongo.pok-us.io
#           # - alias3
secrets:
  mongo_admin_user:
    file: ./docker/run/.secrets/mongo_admin_user.txt
  mongo_admin_pass:
    file: ./docker/run/.secrets/mongo_admin_pass.txt
  basicauth_username:
    file: ./docker/run/.secrets/basicauth_username.txt
  basicauth_password:
    file: ./docker/run/.secrets/basicauth_password.txt
  site_cookiesecret:
    file: ./docker/run/.secrets/site_cookiesecret.txt
  site_sessionsecret:
    file: ./docker/run/.secrets/site_sessionsecret.txt
  mongodb_url:
    file: ./docker/run/.secrets/mongodb_url.txt
  mongodb_auth_database:
    file: ./docker/run/.secrets/mongodb_auth_database.txt
  mongodb_auth_username:
    file: ./docker/run/.secrets/mongodb_auth_username.txt
  mongodb_auth_password:
    file: ./docker/run/.secrets/mongodb_auth_password.txt

mongo-express / mongo-express-docker

sync configuration part with origin mong-express README for Docker secrets #74