I'm trying to open a MongoDB container with docker-compose while having a reverse-proxy, Traefik, to have TLS.
Here is my configuration:
docker-compose.yml:
networks:
frontend:
external: true
services:
mongo:
container_name: mongodb
image: mongo
restart: always
#ports:
# - 27017:27017
expose:
- 27017
networks:
- mongodb
volumes:
- ./dbdata:/data/db
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: password
labels:
- 'traefik.enable=true'
- 'traefik.tcp.routers.mongodb.rule=HostSNI(`sub.domain.com`)'
- 'traefik.tcp.routers.mongodb.entrypoints=mongo'
- 'traefik.tcp.routers.mongodb.tls=true'
- "traefik.tcp.routers.mongodb.tls.certresolver=production"
- 'traefik.tcp.services.mongodb.loadbalancer.server.port=27017'
The traefik config for the entrypoint is here: traefik.yml:
entryPoints:
mongo:
address: :27017
There is no problem in the traefik log, and nothing out of normal in the mongodb container's log neither.
The TCP route of the mongo container does appear in the traefik dashboard.
My problem is while connecting with MongoDB Compass, the connection is refused
connect ECONNREFUSED ipv4:27017
And this happens using SSL/TLS true and default with the following connection string:
mongodb://username:password@sub.domain.com/?authMechanism=DEFAULT&authSource=db_name&tls=true
Again the &tls=true part does not solve the issue.
Can someone explain to me what I'm missing ?
I did research the subject but had no luck with what I tried.
I saw this How to setup mongodb with traefik and docker compose?
And researched for enabling tls on the mongodb container, however I'm not sure what to do in order to not have multiple certs (beside the traefik one) nor having self-signed cert.
I also tried to adapt this Is it possible to use Traefik to proxy PostgreSQL over SSL?
But with no luck.
