I am having trouble connecting an external MongoDB with my self-hosted Appsmith instance. The database requires the tlsCAFile parameter in the connection URL, but the backend does not support it. I have tried importing my certificate to the keystore, but with no success. After several hours of debugging, I discovered that a node-js script runs on deploy and also uses APPSMITH_MONGODB_URI, so I need both the tlsCAFile parameter in APPSMITH_MONGODB_URI and also an imported cert.
To connect an external MongoDB with a custom certificate to a self-hosted Appsmith instance, the following steps can be followed:
-
Copy the custom certificate file to the stacks folder in Appsmith instance and rename it for easy access.
Modify the APPSMITH_MONGODB_URI variable in the stacks/configuration/docker.env file to include the tlsCAFile parameter with the path to the custom certificate file. The variable should be enclosed with double quotes.
Restart the Appsmith instance with the command docker-compose restart appsmith.
If the connection to the external MongoDB still does not work, import the custom certificate into the trustStore using the following command:
docker-compose exec appsmith keytool -import -noprompt -trustcacerts -alias customProxy -file /appsmith-stacks/myRootCert.cer -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts -storepass changeit
Restart the Appsmith instance again with docker-compose restart appsmith.
If the Appsmith instance is running a check_replica_set.js script during deployment, ensure that the APPSMITH_MONGODB_URI variable in that script also includes the tlsCAFile parameter and import the custom certificate into the trustStore using the same command in step 4.
These steps should enable the connection between the external MongoDB with custom certificate and the Appsmith instance.