dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat: New mode implementation for MongoDB

Browse Source
This commit is contained in:
peaklabs-dev
2025-02-10 15:18:29 +01:00
parent 484fc5140b
commit 5c12f7273e
2 changed files with 51 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
app/Actions/Database/StartMongodb.php
View File

@@ -52,8 +52,7 @@ class StartMongodb
->get() ->get()
->filter(function ($storage) { ->filter(function ($storage) {
return in_array($storage->mount_path, [ return in_array($storage->mount_path, [
'/etc/mongo/certs/server.crt', '/etc/mongo/certs/server.pem',
'/etc/mongo/certs/server.key',
]); ]);
}) })
->each(function ($storage) { ->each(function ($storage) {
@@ -62,12 +61,11 @@ class StartMongodb
} else { } else {
$this->commands[] = "echo 'Setting up SSL for this database.'"; $this->commands[] = "echo 'Setting up SSL for this database.'";
$this->commands[] = "mkdir -p $this->configuration_dir/ssl"; $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
$server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->firstOrFail(); $server = $this->database->destination->server;
$this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass()) $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
->where('resource_id', $this->database->id)
->first(); $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {
$this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
@@ -80,6 +78,7 @@ class StartMongodb
caKey: $caCert->ssl_private_key, caKey: $caCert->ssl_private_key,
configurationDir: $this->configuration_dir, configurationDir: $this->configuration_dir,
mountPath: '/etc/mongo/certs', mountPath: '/etc/mongo/certs',
isPemKeyFileRequired: true,
); );
} }
} }
@@ -188,6 +187,20 @@ class StartMongodb
]] ]]
); );
if ($this->database->enable_ssl) {
$docker_compose['services'][$container_name]['volumes'] = array_merge(
$docker_compose['services'][$container_name]['volumes'] ?? [],
[
[
'type' => 'bind',
'source' => '/data/coolify/ssl/coolify-ca.crt',
'target' => '/etc/mongo/certs/ca.pem',
'read_only' => true,
],
]
);
}
// Add custom docker run options // Add custom docker run options
$docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options); $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
$docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network); $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
@@ -195,28 +208,35 @@ class StartMongodb
if ($this->database->enable_ssl) { if ($this->database->enable_ssl) {
$commandParts = ['mongod']; $commandParts = ['mongod'];
$commandParts[] = '--sslPEMKeyFile';
$commandParts[] = '/etc/mongo/certs/server.pem';
$commandParts[] = '--sslCAFile';
$commandParts[] = '/etc/mongo/certs/ca.pem';
$sslConfig = match ($this->database->ssl_mode) { $sslConfig = match ($this->database->ssl_mode) {
'verifyCA' => [ 'allow' => [
'--sslMode=requireSSL', '--tlsMode=allowTLS',
'--tlsAllowInvalidCertificates=false', '--tlsAllowConnectionsWithoutCertificates',
'--tlsAllowInvalidHostnames',
], ],
'verifyFull' => [ 'prefer' => [
'--sslMode=requireSSL', '--tlsMode=preferTLS',
'--tlsAllowInvalidCertificates=false', '--tlsAllowConnectionsWithoutCertificates',
'--tlsAllowInvalidHostnames=false', '--tlsAllowInvalidHostnames',
], ],
'requireSSL' => ['--sslMode=requireSSL'], 'require' => [
'preferSSL' => ['--sslMode=preferSSL'], '--tlsMode=requireTLS',
'allowSSL' => ['--sslMode=allowSSL'], '--tlsAllowConnectionsWithoutCertificates',
default => [] '--tlsAllowInvalidHostnames',
],
'verify-full' => [
'--tlsMode=requireTLS',
'--tlsAllowInvalidHostnames',
],
default => [],
}; };
$commandParts = [...$commandParts, ...$sslConfig]; $commandParts = [...$commandParts, ...$sslConfig];
$commandParts[] = '--tlsCAFile';
$commandParts[] = '/etc/mongo/certs/ca.pem';
$commandParts[] = '--tlsCertificateKeyFile';
$commandParts[] = '/etc/mongo/certs/server.pem';
$docker_compose['services'][$container_name]['command'] = $commandParts; $docker_compose['services'][$container_name]['command'] = $commandParts;
} }
@@ -229,7 +249,7 @@ class StartMongodb
$this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull"; $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
$this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d"; $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
if ($this->database->enable_ssl) { if ($this->database->enable_ssl) {
$this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->mongo_initdb_root_username}:{$this->database->mongo_initdb_root_username} /etc/mongo/certs/server.pem /etc/mongo/certs/ca.pem"); $this->commands[] = executeInDocker($this->database->uuid, 'chown mongodb:mongodb /etc/mongo/certs/server.pem');
} }
$this->commands[] = "echo 'Database started.'"; $this->commands[] = "echo 'Database started.'";

19
app/Models/StandaloneMongodb.php
View File

@@ -246,13 +246,11 @@ class StandaloneMongodb extends BaseModel
get: function () { get: function () {
$url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->uuid}:27017/?directConnection=true"; $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->uuid}:27017/?directConnection=true";
if ($this->enable_ssl) { if ($this->enable_ssl) {
$url .= '&ssl=true'; $url .= '&tls=true';
if (in_array($this->ssl_mode, ['verifyCA', 'verifyFull'])) { if (in_array($this->ssl_mode, ['verify-full'])) {
$url .= '&tlsAllowInvalidCertificates=false'; $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt';
}
if ($this->ssl_mode === 'verifyFull') {
$url .= '&tlsAllowInvalidHostnames=false';
} }
} }
return $url; return $url;
@@ -267,12 +265,9 @@ class StandaloneMongodb extends BaseModel
if ($this->is_public && $this->public_port) { if ($this->is_public && $this->public_port) {
$url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true"; $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
if ($this->enable_ssl) { if ($this->enable_ssl) {
$url .= '&ssl=true'; $url .= '&tls=true';
if (in_array($this->ssl_mode, ['verifyCA', 'verifyFull'])) { if (in_array($this->ssl_mode, ['verify-full'])) {
$url .= '&tlsAllowInvalidCertificates=false'; $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt';
}
if ($this->ssl_mode === 'verifyFull') {
$url .= '&tlsAllowInvalidHostnames=false';
} }
} }