mongodb - Mongo-Express 容器可以使用 TLS 连接到 MongoDB 吗？

Question

我有一个 mongo 容器，从requireTLSTLS 模式开始，还有一个 mongo-express 容器。Mongo-express 似乎无法使用 TLS 连接到 mongo。

我的docker-compose.yml：

version: '3.1'
services:
  mongodb1:
    image          : "mongo:4.2"
    container_name : "mongodb-001"
    ports:
      - '27017:27017'
    environment:
      MONGO_INITDB_ROOT_USERNAME : "admin"
      MONGO_INITDB_ROOT_PASSWORD : "adminpasswd"
    volumes:
      - "./mongo-data:/data/db"
      - "./etc_mongod.conf:/etc/mongod.conf"
      - "./certificates:/etc/certificates:ro"
    command:
      - "--tlsMode"
      - "preferTLS"
      - "--tlsDisabledProtocols"
      - "none"
      - "--tlsCertificateKeyFile"
      - "/etc/certificates/certificateKey.pem"
      - "--tlsCAFile"
      - "/etc/certificates/CA.crt"
      - "--tlsAllowConnectionsWithoutCertificates"

  mongo-express:
    image          : "mongo-express:latest"
    container_name : "mongo-express-001"
    ports:
      - '8081:8081'
    depends_on:
      - mongodb1
    volumes:
      - "./certificates/CA.crt:/etc/certificates/CA.crt:ro"
    environment:
      ME_CONFIG_MONGODB_SERVER: "mongodb-001"
      ME_CONFIG_MONGODB_PORT: "27017"
      ME_CONFIG_MONGODB_ENABLE_ADMIN: "false"
      ME_CONFIG_MONGODB_AUTH_DATABASE: "admin"
      ME_CONFIG_MONGODB_AUTH_USERNAME: "admin"
      ME_CONFIG_MONGODB_AUTH_PASSWORD: "adminpasswd"
      ME_CONFIG_MONGODB_ADMINUSERNAME: "admin"
      ME_CONFIG_MONGODB_ADMINPASSWORD: "adminpasswd"
      ME_CONFIG_SITE_SSL_ENABLED: "true"
      ME_CONFIG_MONGODB_CA_FILE: "/etc/certificates/CA.crt"

...以及我收到的错误消息：

mongodb-001      | 2020-10-09T14:16:13.299+0000 I  NETWORK  [listener] connection accepted from 172.31.0.3:44774 #2 (1 connection now open)
mongodb-001      | 2020-10-09T14:16:13.305+0000 I  NETWORK  [conn2] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 172.31.0.3:44774 (connection id: 2)
mongodb-001      | 2020-10-09T14:16:13.305+0000 I  NETWORK  [conn2] end connection 172.31.0.3:44774 (0 connections now open)
mongo-express-001 | 
mongo-express-001 | /node_modules/mongodb/lib/server.js:265
mongo-express-001 |         process.nextTick(function() { throw err; })
mongo-express-001 |                                       ^
mongo-express-001 | Error [MongoError]: connection 0 to mongodb-001:27017 closed
mongo-express-001 |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:29:11)
mongo-express-001 |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:200:22)
mongo-express-001 |     at Object.onceWrapper (events.js:422:26)
mongo-express-001 |     at Socket.emit (events.js:315:20)
mongo-express-001 |     at TCP.<anonymous> (net.js:674:12)
mongo-express-001 exited with code 1

注意：

• 我可以使用与传递给 mongo-express 的相同参数的 mongo shell 连接到 MongoDB：

mongo "mongodb://admin:adminpasswd@mongodb-001:27017/admin?authSource=admin" --tls --tlsCAFile certificates/CA.crt

• 如果我以模式启动 MongoDB preferTLS，则 mongo-express 连接有效