dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

refactor(database): update MongoDB SSL configuration for improved security

Browse Source
This commit is contained in:
Andras Bacsai
2025-03-26 12:25:58 +01:00
parent 637c3982d1
commit 5693b59874
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Models/StandaloneMongodb.php
View File

@@ -248,9 +248,9 @@ class StandaloneMongodb extends BaseModel
$encodedPass = rawurlencode($this->mongo_initdb_root_password); $encodedPass = rawurlencode($this->mongo_initdb_root_password);
$url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->uuid}:27017/?directConnection=true"; $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->uuid}:27017/?directConnection=true";
if ($this->enable_ssl) { if ($this->enable_ssl) {
$url .= '&tls=true'; $url .= '&tls=true&tlsCAFile=/etc/mongo/certs/ca.pem';
if (in_array($this->ssl_mode, ['verify-full'])) { if (in_array($this->ssl_mode, ['verify-full'])) {
$url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt'; $url .= '&tlsCertificateKeyFile=/etc/mongo/certs/server.pem';
} }
} }
@@ -268,9 +268,9 @@ class StandaloneMongodb extends BaseModel
$encodedPass = rawurlencode($this->mongo_initdb_root_password); $encodedPass = rawurlencode($this->mongo_initdb_root_password);
$url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true"; $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
if ($this->enable_ssl) { if ($this->enable_ssl) {
$url .= '&tls=true'; $url .= '&tls=true&tlsCAFile=/etc/mongo/certs/ca.pem';
if (in_array($this->ssl_mode, ['verify-full'])) { if (in_array($this->ssl_mode, ['verify-full'])) {
$url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt'; $url .= '&tlsCertificateKeyFile=/etc/mongo/certs/server.pem';
} }
} }