This gist contains files and instructions to setup MongoDB on a simple docker host.
Connections to Mongo are secured using TLS, and the certificate is signed using Let's Encrypt.
MongoExpress is included as well, but should only be used over an SSH tunnel.
-
Update
.env
-
Make sure docker-compose is available
# Required on GCP Cloud Optimized OS # Add alias for docker-compose that runs the tool inside a container echo alias docker-compose="'"'docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$PWD:$PWD" -w="$PWD" docker/compose:1.24.0'"'" >> ~/.bashrc # Reload to make the alias available source ~/.bashrc
-
Run:
docker-compose up [-d]
This will take a long time to initialize. Here's what it's doing: (cursive denotes a docker container)- cloudflare registers an A record in Cloudflare that points to this machine
- letsencrypt generates a certificate, and gets it signed by Let'sEncrypt
- mongo uses the private key to start up a TLS secured MongoDB instance
- mongo-express spins up a HTML frontend to mongo
mongo and mongo-express will keep restarting until the private key becomes available.
-
Open port
27017
(MongoDB) to the Internet.
Also open ports 443 and 80 so Let's Encrypt can authenticate over HTTP
Do not open port81
(MongoExpress).
Use an SSH tunnel if you want to access MongoExpress. -
Connect to Mongo and create desired users and databases
# Opens the terminal of the container running mongo
docker exec -it mongo bash
# Connects to mongo client
mongo -u root --authenticationDatabase admin --ssl --sslAllowInvalidHostnames
# Creates a database 'mydatabase'
use mydatabase
# Adds a user 'USER123' with password 'ABC123' to database 'mydatabase'
db.createUser(db.createUser({user: "USER123",pwd: "ABC123",roles:[{role:"readWrite",db:"mydatabase"}]})