您的位置: 首页  >  技术问答  >  猫鼬SSL,不接受连接

猫鼬SSL,不接受连接

分类: 技术问答 2022-07-24 15:45:22
问题描述:

因此,我花了一些时间来设置带有SSL和授权的repl集.但是,我已经设置好并可以正常工作,并且可以通过提供适当参数的命令行进行连接.我正在尝试对猫鼬做同样的事情,但是在mongodb日志中仍然出现错误,如下所示:AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections即使我指定了所有ssl选项.

So it took me a bit to set up a repl set with SSL and authorization. However, I have it set up and working finally, and can connect via command line providing the appropriate parameters. I'm trying to do the same thing with mongoose, however I keep getting an error in the mongodb logs, as follows: AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections Even though I specified all the ssl options.

我的代码如下:

var m = require('mongoose');

var key = fs.readFileSync('/home/node/mongodb/mongodb.pem');
var ca = [fs.readFileSync('/home/node/mongodb/ca.pem')];

var o = {
    server: {
        sslValidate:true,
        sslCA: ca,
        sslKey: key,
        sslCert:key
    },
    user: '****',
    pass: '****'
};

m.connect('mongodb://dbAddr/dbName', o)

我尝试将sslValidate设置为false,同样的问题.我尝试过不使用CA,证书和/或密钥的多种组合.当我通过命令行连接时,它要求我提供CA和key + cert PEM文件.因此,我认为猫鼬客户也将需要这些.我试过serverreplset键都具有相同的准确结果.我什至指定了authSource(authDB),尽管看起来这不是问题的一部分,但这仍然会产生相同的结果.

I've tried setting sslValidate to false, same issue. I've tried without CA, cert, and/or key in multiple combinations. When I connect via command line it requires me to provide CA, and key+cert PEM file. So I figured the mongoose client would require these as well. I've tried both server and replset keys with the same exact outcome. I've even specified authSource(authDB), even though it appears this is not part of the problem, this still yields the same results.

我真的很困惑,尤其是因为我没有问题可以通过mongo命令执行相同的操作.

I'm really confused especially since I have no problem doing this exact same thing via the mongo command.

我的mongo shell命令如下:

My mongo shell command is as follows: 

mongo --host db1 --ssl --sslPEMKeyFile /etc/mongodb/mongodb.pem  --sslCAFile /etc/mongodb/ca.pem -u *** -p *** --authenticationDatabase dbName

未在

Not depicted in the mongoDB node driver documentation, you must also provide the option {server: {ssl: true} in order to connect via SSL. If you do not, the other options are simple ignored.

但是,如果您在github上深入研究猫鼬问题跟踪器,则会发现,它会为您推荐.

However, if you dig into the mongoose issue tracker on github you'll find this, which recommends this exactly.

相关推荐