Open SachaG opened 2 years ago
Any advice on this?
Hi Sacha, I use mup as well and connect to DigitalOcean's new MongoDB, I store the cert in the meteor private folder: "private/DO-ca-certificate.crt", and then add to the settings file the following:
"packages": {
"mongo": {
"options": {
"tls": true,
"tlsCAFileAsset": "DO-ca-certificate.crt"
}
}
}
Oh thanks! So if you do this you can drop the tlsCAFile
option from the MONGO_URL
env variable?
Hi James, Thanks for the info.
I'm also having an issue trying to get an existing application connecting to Digital Ocean MongoDB
From local shell, I can connect to the Mongo database using this command
mongo "mongodb+srv://user:password@blah.mongo.ondigitalocean.com/admin?otherSettings" --tls --tlsCAFile /pathTo/ca-certificate.crt
But I get this error when I try to run the application
Yeah, so I use this flag on the MONGO_URL: &tlsAllowInvalidCertificates=true
and it seems to be the only thing that gets it to work. @RobGordon406 I am not sure if that will solve your specific issue. I have about 20 apps connect to DigitalOcean now, so it does work. Also if you are interested I use SolarWinds DPM ( VividCortex ) for monitoring the MongoDB, I had to work with their tech support to get the monitoring working because of the TLS but we did get it eventually.
@jamesgibson14 Thanks - &tlsAllowInvalidCertificates=true
did the trick!
I'm trying to test the tlsCAFileAsset
setting, and running the app locally with meteor
it seems to work. However, when deploying the app (running Meteor 2.6.1, Mup version 1.5.5) with mup, I get:
2022-03-14 23:25:07 | path: '/built_app/programs/server/assets/app/ca.pem'
-- | --
| | 2022-03-14 23:25:07 | code: 'ENOENT',
| | 2022-03-14 23:25:07 | syscall: 'open',
| | 2022-03-14 23:25:07 | errno: -2,
| | 2022-03-14 23:25:07 | at module (packages/test:logger/server.js:1:743) {
| | 2022-03-14 23:25:07 | at Module.moduleLink [as link] (/built_app/programs/server/npm/node_modules/meteor/modules/node_modules/@meteorjs/reify/lib/runtime/index.js:52:22)
| | 2022-03-14 23:25:07 | at Module.require (packages/modules-runtime.js:238:14)
| | 2022-03-14 23:25:07 | at fileEvaluate (packages/modules-runtime.js:336:7)
| | 2022-03-14 23:25:07 | at module (packages/test:logger/collection.js:3:21)
| | 2022-03-14 23:25:07 | at new Collection (packages/mongo/collection.js:106:40)
| | 2022-03-14 23:25:07 | at Object.defaultRemoteCollectionDriver (packages/underscore.js:784:19)
| | 2022-03-14 23:25:07 | at Object.<anonymous> (packages/mongo/remote_collection_driver.js:37:10)
| | 2022-03-14 23:25:07 | at new MongoInternals.RemoteCollectionDriver (packages/mongo/remote_collection_driver.js:4:16)
| | 2022-03-14 23:25:07 | at new MongoConnection (packages/mongo/mongo_driver.js:184:3)
| | 2022-03-14 23:25:07 | at new MongoClient (/built_app/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/mongo_client.js:62:63)
| | 2022-03-14 23:25:07 | at parseOptions (/built_app/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/connection_string.js:296:9)
| | 2022-03-14 23:25:07 | at setOption (/built_app/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/connection_string.js:432:36)
| | 2022-03-14 23:25:07 | at transform (/built_app/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/connection_string.js:917:23)
| | 2022-03-14 23:25:07 | at Object.readFileSync (fs.js:393:35)
| | 2022-03-14 23:25:07 | at Object.openSync (fs.js:497:3)
| | 2022-03-14 23:25:07 | Error: ENOENT: no such file or directory, open '/built_app/programs/server/assets/app/ca.pem'
EDIT: It seems the problem could be that the package test:logger
is trying to create a Mongo collection, but since packages cannot access assets outside of the package itself, it fails to find the required certificate file. However, I can't get rid of the error by simply deleting any Mongo-related code from the test:logger
package. I still get the errors from packages/test:logger/collection.js
, which now no longer exists in the code base. I tried removing all temp builds from cache and deleting .meteor/local
, didn't help 🤷
tlsAllowInvalidCertificates=true is not working anymore!!! Digital ocean has started to require always working file
@jamesgibson14, do you have any workaround by a chance?
It is still working for me.
I'm trying to connect to a DigitalOcean MongoDB instance, which requires providing a certificate file in the form of a
tlsCAFile
option added to theMONGO_URL
connection string.The issue is that I don't know where to put that file or how to reference it. I tried putting it in my DO instance's
root
directory but then got apermission denied, open '/root/ca-certificate.crt'
error. I guess the app doesn't run as root when it needs to load that file, since it's inside a Docker container? How can I make this work?