Skip to content

Secure MongoDB

For security reasons, we strongly recommend configuring the TLS encryption. For even more security, activate the user authentication for MongoDB.

Configure the TLS Encryption

In order to secure the connection with MongoDB, you need a combined PEM file containing both the TLS certificate and the private key.

  1. Combine the file containing the certificate:

    /opt/seal/etc/tls/cert.pem

    and the file containing the private key:

    /opt/seal/etc/tls/key.pem

  2. Save the combined file as:

    /opt/seal/etc/tls/cert-key-combined.pem

Specify the CA Certificate (If Available)

This step is only required if your certificate contains a CA certificate. If the certificate exists, it is checked for validity when the connection is established. The CA certificate is saved in /opt/seal/etc/tls/ca.pem.

  1. Open the configuration file of MongoDB on the PLOSSYS 5 server:

    /opt/seal/etc/mongod.conf

  2. Replace the following line:

    allowInvalidCertificates: true

    by the following line:

    CAFile: /opt/seal/etc/tls/ca.pem

  3. Save the configuration file.

  4. Restart the following service:

    • seal-mongodb

Configure the TLS Encryption in a Cluster

If you are running PLOSSYS 5 in a cluster, execute the configuration steps above on all PLOSSYS 5 servers.

Enable the User Authentication

After the installation, the user authentication of MongoDB is disabled. In order to make MongoDB more secure, activate the user authentication.

  1. Execute the following shell script as administrator:

    /opt/seal/seal-mongodb/secure-mongo.sh

Enable the User Authentication in a Cluster

If you are running PLOSSYS 5 in a cluster, execute the steps above on one of the servers and execute the following steps on all other servers belonging to the cluster:

  1. On all cluster servers, copy /opt/seal/etc/mongod.keyfile created by secure-mongo.sh on the first server into the following directory:

    /opt/seal/etc

  2. On all cluster servers, add the following lines to /opt/seal/etc/mongod.conf:

    security:
  authorization: enabled
  keyFile: /opt/seal/etc/mongod.keyfile

  3. On all cluster servers, restart the following service:

    • seal-mongodb

Next Step

Continue with: Secure Filebeat

Back to top