Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/smallstep/mongo-tls

Complete setups for MongoDB single-node TLS, cluster TLS, and X.509 user authentication, using the step-ca online Certificate Authority.
https://github.com/smallstep/mongo-tls

Last synced: 3 months ago
JSON representation

Complete setups for MongoDB single-node TLS, cluster TLS, and X.509 user authentication, using the step-ca online Certificate Authority.

Awesome Lists containing this project

README 

        
# Securing MongoDB with TLS



These scripts can be used to set up various example MongoDB server configurations that require TLS and use certificates issued by an internal CA.



These scripts were tested on Ubuntu 23.10 and Debian Bookworm



**[See our blog series, Securing MongoDB with TLS, for a detailed introduction and walkthrough of these scripts](https://www.mongodb.com/developer/article/securing-mongodb-with-tls/)**.



All of these Mongo configurations require an online [`step-ca` Certificate Authority](https://github.com/smallstep/certificates/).

Configure and run `0-step-ca.sh` to set one up.



Next, you can run the following examples on separate machines:



* A simple server with Client <-> Server TLS (`1-mongo-server-with-tls.sh`)

* -OR- A three-member replica set cluster (Primary-Secondary-Secondary toplogy) with both Client <-> Server and Cluster Member TLS (run `2-mongo-pss-cluster.sh` on system init, then manually follow the instructions in `create-replica-set.sh`)



Both examples use Docker Compose for simplicity.

In a production environment, you'd obviously want to run a cluster on several machines.



Finally, you can enable X509 Certificate Authentication (for both service users and human users) by following the instructions in `add-x509-user-authenticaiton.sh`.