Category: How do I do X?
Updated

This solution is summarized from an archived support forum post. This information may have changed. If you notice an error, please let us know in Discord.

How Do I Connect to External Mongodb with Tlscafile Parameter in Connection URL?

Issue

I am having trouble connecting an external MongoDB with my self-hosted Appsmith instance. The database requires the tlsCAFile parameter in the connection URL, but the backend does not support it. I have tried importing my certificate to the keystore, but with no success. After several hours of debugging, I discovered that a node-js script runs on deploy and also uses APPSMITH_MONGODB_URI, so I need both the tlsCAFile parameter in APPSMITH_MONGODB_URI and also an imported cert.

Resolution

To connect your external MongoDB with a custom certificate, follow these steps:

  1. Copy the Custom Certificate:
    • Place the custom certificate file in the stacks folder of your Appsmith instance.
    • Rename the certificate for easy access, if desired.
  2. Modify the MongoDB URI:
    • Open the stacks/configuration/docker.env file.
    • Update the APPSMITH_MONGODB_URI variable to include the tlsCAFile parameter with the path to the custom certificate file. Ensure the entire URI is enclosed in double quotes.
      Example: 
    • APPSMITH_MONGODB_URI="mongodb://<username>:<password>@<host>:<port>/<database>?tls=true&tlsCAFile=/path/to/custom/cert"

  3. Restart Appsmith:  Execute the following command to restart your Appsmith instance:

    docker-compose restart appsmith

  4. Import Certificate into TrustStore (if needed): If the connection to MongoDB is still unsuccessful, import the custom certificate into the trustStore with this command:

    docker-compose exec appsmith keytool -import -noprompt -trustcacerts -alias customProxy -file /appsmith-stacks/myRootCert.cer -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts -storepass changeit
  5. Restart Appsmith Again: Restart the Appsmith instance again with: docker-compose restart appsmith

 

Check Deployment Scripts:

  • If your Appsmith instance runs a check_replica_set.js script during deployment, ensure that the APPSMITH_MONGODB_URI variable in that script also includes the tlsCAFile parameter.
  • Confirm the custom certificate is imported into the trustStore using the same command from step 4.
  • By following these steps, you should be able to successfully connect your external MongoDB instance with a custom certificate to your self-hosted Appsmith.