To antecipate the question: do I need to get SSL support on Heroku in order to establish a connection between Heroku and Atlas MongoDB Cloud using SSL? (TSL/SSL connection is a requirement to access Atlas MongoDB Cloud service).
I am trying to connect my Heroku App, written in node.js, to a cluster hosted at Atlas MongoDB Cloud.
My current database is hosted at mLab (as a Heroku Add-on), and the MongoDB URI used to access the cluster through mongoose is (using xxx to omit confidential info):
MONGODB_URI="mongodb://xxx:[email protected]:23266,xxx-a1.mlab.com:xxx/xxx?replicaSet=rs-xxx"
Now that I've migrated my data from mLab to Atlas MongoDB Cloud, I am currently accessing the cluster using the URI:
MONGODB_URI="mongodb://xxx:[email protected]:xxx,cluster0-shard-xxx.mongodb.net:xxx,cluster0-shard-xxx.mongodb.net:xxx/xxx?replicaSet=xxx&ssl=true&authSource=admin"
When running my Heroku App locally in my machine I can access the database with no problem. I'm also able to connect to the cluster using mongo shell.
However, when running the App in Heroku, the connection cannot be established. In the Browser JS console, I get the 503 service unavailable message. In heroku, I get the error:
no primary found in replica set
I am aware that Atlas MongoDB Cloud requires SSL connection, differently from mLab. In my local machine, I suppose a self signed certificate is being used to connect successfully to the cluster.
My question is: do I need to get SSL support in Heroku in order to be able to access establish the secure connection between Heroku and MongoDB Atlas? Or the SSL suport in Heroku is only required to client/Heroku secure connection?
ObjectRocket for MongoDB can be attached to a Heroku application via the CLI: A list of all plans available can be found here. $ heroku addons:create ormongo:5-mmap Creating ormongo-infinite-92036...
To connect to a MongoDB, retrieve the hostname and port information from Cloud Manager and then use a MongoDB client, such as mongosh or a MongoDB driver, to connect. To connect to a cluster, retrieve the hostname and port for the mongos process.
Solution. Go to Network Access in Security section. Click + Add IP Address button. Click Add current IP address .
Disclaimer: I have used neither Heroku nor MongoDB Atlas but I am looking into them.
According to a Github issue I found, you will get that error message if you haven't whitelisted the server IP addresses in MongoDB Atlas.
Reading the MongoDB Atlas docs, the only way I see to do this in combination with Heroku dynos is to add 0.0.0.0/0
(i.e. all addresses) to your MongoDB Atlas whitelist.
Give that a try and please report back whether you can instantiate a connection.
Trying to reply to the SSL question, I do not think that you need to enable it on Heroku based on what I read, although I am not totally sure.
If the MongoDB server performed certificate validation, the Node.js code for connecting to it would have to look like the following (taken from the Node.js driver documentation):
var MongoClient = require('mongodb').MongoClient, f = require('util').format, fs = require('fs'); // Read the certificates var ca = [fs.readFileSync(__dirname + "/ssl/ca.pem")]; var cert = fs.readFileSync(__dirname + "/ssl/client.pem"); var key = fs.readFileSync(__dirname + "/ssl/client.pem"); // Connect validating the returned certificates from the server MongoClient.connect("mongodb://localhost:27017/test?ssl=true", { server: { sslValidate:true , sslCA:ca , sslKey:key , sslCert:cert , sslPass:'10gen' } }, function(err, db) { db.close(); });
If the MongoDB server does not check for any SSL certificates, you can simply use code like the following (also taken from the Node.js driver documentation):
var MongoClient = require('mongodb').MongoClient; MongoClient.connect("mongodb://localhost:27017/test?ssl=true", function(err, db) { db.close(); });
Given that the Atlas documentation contains the following example code for connecting to it from Node.js, I think that you do not have to enable SSL on Heroku:
var MongoClient = require('mongodb').MongoClient; var uri = "mongodb://kay:[email protected]:27017,mycluster0-shard-00-01-wpeiv.mongodb.net:27017,mycluster0-shard-00-02-wpeiv.mongodb.net:27017/admin?ssl=true&replicaSet=Mycluster0-shard-0&authSource=admin"; MongoClient.connect(uri, function(err, db) { db.close(); });
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With