This repository contains the configuration for deploying a NoSQL cluster of a MongoDB database with sharding and replication. Connections between all shards in a replica are authenticated using x509 certificates and communicate with each other over a TLS connection. Communication between replicas occurs in a similar way. Communications with Config Server and MongoS are protected in a similar way. The client side connection to MongoS is protected in a similar way.

This project automatically deploys a MongoDB cluster in Docker containers, creates its own certificate authority, generates and distributes authentication keys and keys for a TLS connection for each element of the MongoDB cluster, as well as for a client that will connect to MongoS. The cluster consists of a MongoS router, three Config Server, three replicas, each with 3 shards.

The general scheme of the MongoDB cluster is shown in the image:

Step 1

1. Go to home directory and clone repository from github: cd ~ && git clone https://[email protected]/SergeyIvanovDevelop/MongoDB-Cluster-TLS

Step 2

2. Go to the directory of the downloaded repository: cd ~/MongoDB-Cluster-TLS

Step 3

3. You must have installed openssl, docker, docker-compose and MongoDB.

Step 4

4. You need to build Docker images/containers and generate keys: ./run_all.sh build

Step 5

5. You need to recreate/run Docker containers: ./run_all.sh run

Step 6

6. Check the connection from the client with MongoS: ./connect_tls_to_mongos.sh

If you manage to enter the MongoDB command line, then everything is done correctly and the cluster is functioning correctly.

Mongodb logs from Docker containers can be viewed in the shared folder SHARE_WITH_ALL_DOCKER_CONTAINERS.

Note: Since this project is a demo, it was decided to put the test generated private keys in the github repository as well (of course, you can’t upload non-test keys) to visualize the whole picture to the person who will use this project for their personal developments

MongoDB-Cluster-TLS is CC BY-NC-SA 3.0 licensed.