From 5693b59874b15a7e90edc427201f90417038443d Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Wed, 26 Mar 2025 12:25:58 +0100
Subject: [PATCH] refactor(database): update MongoDB SSL configuration for
 improved security

---
 app/Models/StandaloneMongodb.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/Models/StandaloneMongodb.php b/app/Models/StandaloneMongodb.php
index 1b181e7d5..3092216bd 100644
--- a/app/Models/StandaloneMongodb.php
+++ b/app/Models/StandaloneMongodb.php
@@ -248,9 +248,9 @@ class StandaloneMongodb extends BaseModel
                 $encodedPass = rawurlencode($this->mongo_initdb_root_password);
                 $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->uuid}:27017/?directConnection=true";
                 if ($this->enable_ssl) {
-                    $url .= '&tls=true';
+                    $url .= '&tls=true&tlsCAFile=/etc/mongo/certs/ca.pem';
                     if (in_array($this->ssl_mode, ['verify-full'])) {
-                        $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt';
+                        $url .= '&tlsCertificateKeyFile=/etc/mongo/certs/server.pem';
                     }
                 }
 
@@ -268,9 +268,9 @@ class StandaloneMongodb extends BaseModel
                     $encodedPass = rawurlencode($this->mongo_initdb_root_password);
                     $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
                     if ($this->enable_ssl) {
-                        $url .= '&tls=true';
+                        $url .= '&tls=true&tlsCAFile=/etc/mongo/certs/ca.pem';
                         if (in_array($this->ssl_mode, ['verify-full'])) {
-                            $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt';
+                            $url .= '&tlsCertificateKeyFile=/etc/mongo/certs/server.pem';
                         }
                     }