I have a flow that uses node-red-node-mongodb to connect to a mongodb database. I want to use this flow in node-red on IBM cloud. Unfortunately mongodb running in IBM cloud foundry requires the use of a TLS certificate. I cannot find any way of configuring this in node-red-node-mongodb. Does anyone have any ideas how to get round this, either from the node-red end or from the mongodb end?
Thanks,
Roger
In the mongodb configuration node, the "Connect options" are the options directly added to the end of the connection string. So, by looking at some related documentation, https://mongodb.github.io/node-mongodb-native/3.6/tutorials/connect/tls/, it seems that adding tls=true and adding the other options needed (like tls=true&otheroption=... should be the answer. Depending on the certificate needed, the other connection options to add are described under the first tls option in http://mongodb.github.io/node-mongodb-native/3.6/api/MongoClient.html#MongoClient, like tlsCAFile, tlsCertificateKeyFile, or tlsCertificateKeyFilePassword. (Or look at some more descriptions here: https://docs.mongodb.com/manual/reference/connection-string/#tls-options)
The remaining information to find out, is how to properly encode the paths in the Connect Options. Probably URL encoded, and a path relative to the Node-RED editor's working directory. Absolute path may be easier to debug. The first link showed an example using a path to a certificate file, but the options were not all added in the connection string, but I found that most of them are parsed correctly even if not added as an object.
I suggest you try out using the Connect option useUnifiedTopology=true first, as it changes the way the connection and discovery process is handled in the driver the node-red-node-mongodb uses, to a more recent and robust process without any updates, and might handle your recent MongoDB deployment easier. The structure of node-red-node-mongodb node mostly didn't change from when they used really older versions back in 2015, but mongodb has changed.
Im having the exact same issue right now. Did you managed to establish the connection?
If so, i would really appreciate your answer on how did you do it.
I've tried some tags on the connection options but sadly it didn't work.
Sadly, I don't use certificates for my configuration, but maybe by showing how you entered the connection options we could find out if there was an error or not. Or, could you describe what worked or not, and what you had as error? For now, there is nothing more with the original post or your reply to help us out. 
Sadly, I tried various options like you but could could not get anything to work. I have given up on it for the time being.
I have had another look at this and got a bit further.
In the resources list on ibm cloud I clicked on my mongodb instance in the "services" section. This brings up a page with info about the service. At the bottom of that page is a section called endpoints. Click on the mongodb tab in that section.
In the information about public connections. Take a note of one of the hostname and port combinations and download the TLS certificate.
I fed that information into a mongo client on a linux box as was able to connect, like this.
mongo -u admin -p ********* --tls --tlsCAFile /home/roger/Downloads/mongodb-ibm.pem --tlsAllowInvalidCertificates --host 8e6f8cac-ddb9-43cd-99a4-8fbca3baa61d-0.bmo1leol0d54tib7un7g.databases.appdomain.cloud:30361
That is as far as I have got. It complains about the server being a slave when I try to do things but that is just a parameter to allow slave data that I need to specify somewhere.
Looking at the certificate using openssl I can see that it is a self signed certificate containing the servers public key. That is why you need to fool mongo into thinking it is a trusted CA by using the --tlsCAFile parameter.
I would hope that feeding this same information into the node-red mongodb config would work but I have not tried it yet.
The next step is encoding this back into a mongodb url, and properly handling the replset stuff.
I can get replicaSets working, tls connections working, or authentication working but not together. I am going round in circles.
It should be just a case of decomposing the mongodb URI and putting the bits in the node red connection settings
i've tried this string in the connection settings:
"authSource=admin&replicaSet=replset&tls=true&tlsAllowInvalidCertificates=true"
The MongoDB Node now it's connected. At first it showed at error but now its connected and working. Maybe it helps someone else with this same issue that i had.
PS. I've used the Connection Topology: Direct. And specified the port
I think that if you're going to use the node for a little moment, adding this will still save you a lot of trouble, it just helps. It made me reconnections way more robust, is the recommended option by MongoDB's tutorials, and they warned that this will be enabled as default mode for some versions (years) yet it should be the only mode in their 4.0 driver soon to be released.
The useUnifiedTopology settings does not influence the settings for encryption and authentication. However it is the way to go.
These are the mongodb configuration settings that work for me. Edit to your own values
Host: 8e6f8cac-ddb9-43cd-99a4-baadf00d-0.bmo1leol0d54tib7un7g.databases.appdomain.cloud:30361,8e6f8cac-ddb9-43cd-99a4-baadf00d-1.bmo1leol0d54tib7un7g.databases.appdomain.cloud:30361,8e6f8cac-ddb9-43cd-99a4-baadf00d-2.bmo1leol0d54tib7un7g.databases.appdomain.cloud:30361
Connection topology: ReplicaSet/Cluster
Connect options: authSource=admin&replicaSet=replset&tls=true&tlsAllowInvalidCertificates=true&tlsCAFile=/home/roger/ibm-test/mongodb-ibm.pem
This is connecting from an external host into ibm cloud. However, the same principles should apply with node-red running on ibm cloud.
That is the next thing I want to try. But I have no idea how to save the certificate in place where node-red can access it and no idea of what path to put in the config settings!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy