WebsiteLoginKostenloser TestzugangCommunity

TLS encryption database

To ensure that communication from the APP server to the database is encrypted, the following steps must be taken:

  1. Create csr.cnf in /etc/enginsight/ssl

    [req]
default_bits = 4096
default_md = sha256
distinguished_name = req_dn
req_extensions = v3_req
 
[v3_req]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
 
[alt_names]
DNS.1 = 
IP.1 = 
 
[req_dn]
countryName = DE
organizationName = Enginsight
commonName =

  2. Generate certificate Execute the following commands to generate a certificate.

    if [ ! -f ./passwd ]
then
echo $(openssl rand -base64 16) > ./passwd
fi

passwd=$(cat ./passwd)

openssl genrsa -des3 -out mongodbCA.key -passout pass:$(echo ${passwd}) 4096

openssl req -x509 -new -nodes -key mongodbCA.key -sha256 -days 3650 -subj "/C=DE/ST=CA/O=Enginsight/CN=enginsight.com" -passin pass:$(echo ${passwd}) -out mongodbCA.crt

openssl genrsa -out mongodb.key -passout pass:$(echo ${passwd}) 2048

openssl req -new -sha256 -key mongodb.key -out mongodb.csr -config csr.cnf -subj "/C=DE/O=Enginsight/CN=enginsight.com"

openssl x509 -sha256 -req -days 3650 -passin pass:$(echo ${passwd}) -in mongodb.csr -CA mongodbCA.crt -CAkey mongodbCA.key -CAcreateserial -out mongodb.crt -extfile csr.cnf -extensions v3_req

cat mongodb.key mongodb.crt > mongodb.pem

  3. Customizing MongoDB Adjust your Mongo configuration as shown below.

    sudo nano etc/mongod.conf

net:
  port: 27017
  bindIp: 0.0.0.0
  tls:
    mode: requireTLS
    certificateKeyFile: /etc/enginsight/ssl/mongodb.pem
    CAFile: /etc/enginsight/ssl/mongodbCA.crt

  4. Restart service Use the following command to restart your MongoDB.

    sudo service mongodb restart

  5. Open Mongo Shell Then open the Mongo shell.

    mongosh --tls --host  --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem

  6. Transfer certificates Copy the certificates created in /etc/enginsight/ssl to the app server in /etc/enginsight/ssl so that they can be used by Docker.

  7. Customize Docker-Compose.yml Also mount a new volume for each container.

    volumes:
    - "./conf/ssl/:/etc/enginsight/ssl/"
PreviousLoggernaut-ConfigurationsNextSystem Requirements

Last updated

Was this helpful?