Mongo authentication inside Docker

Question

I am trying to run the mongo docker image with authentication. Following the most simple example from the documentation I ran the mongo and the mongo-express images by the docker-compose up command. My docker-compose.yml at this stage:

version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example

  mongo-express:
    image: mongo-express
    restart: always
    ports:
      - 8081:8081
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: example

This runs, both containers start ok and I can browse the contents of mongo from the mongo-express website. However, whenever I change the username or the password in the docker-compose.yml file, for example to this:

version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example123

  mongo-express:
    image: mongo-express
    restart: always
    ports:
      - 8081:8081
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: example123

the mongo-express throws an unauthotrized error message:

mongo-express_1  | Admin Database connected
mongo-express_1  | { MongoError: Authentication failed.
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at emitOne (events.js:116:13)
mongo-express_1  |     at Socket.emit (events.js:211:7)
mongo-express_1  |     at addChunk (_stream_readable.js:263:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1  |   name: 'MongoError',
mongo-express_1  |   message: 'Authentication failed.',
mongo-express_1  |   ok: 0,
mongo-express_1  |   errmsg: 'Authentication failed.',
mongo-express_1  |   code: 18,
mongo-express_1  |   codeName: 'AuthenticationFailed' }
mongo-express_1  | unable to list databases
mongo-express_1  | { MongoError: command listDatabases requires authentication
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at emitOne (events.js:116:13)
mongo-express_1  |     at Socket.emit (events.js:211:7)
mongo-express_1  |     at addChunk (_stream_readable.js:263:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1  |   name: 'MongoError',
mongo-express_1  |   message: 'command listDatabases requires authentication',
mongo-express_1  |   ok: 0,
mongo-express_1  |   errmsg: 'command listDatabases requires authentication',
mongo-express_1  |   code: 13,
mongo-express_1  |   codeName: 'Unauthorized' }

No matter what username or password I enter in docker-compose.yml, I cannot make mongo-express connect to mongo, only if I use the original root and example pair.

Note, that I am not getting the username and password as environment variables, but they are directly typed into the docker-compose.yml file as you can see here.

Also note, that when I change the MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD (mongo's) variables to anything, they don't seem to have an effect, I can still connect with mongo-express using the original root and example credentials.

What causes this behaviour? How can I make this work?

Answer 1

Your docker-compose command:

docker-compose up --build --force-recreate    

Mongo image uses anonymous volumes, so you need also --renew-anon-volumes (doc):

docker-compose up --build --force-recreate --renew-anon-volumes

Otherwise previous volume with already initialized DB is used => INITDB env variables won't be used.

Answer 2

What worked for me was just adding the environment variable for the mongodb server.

ME_CONFIG_MONGODB_SERVER: mongo

like this:

version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example

  mongo-express:
    image: mongo-express
    restart: always
    ports:
      - 8081:8081
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: example
      ME_CONFIG_MONGODB_SERVER: mongo

Answer 3

If you create the mongodb container (docker-compose up will build/pull the image and start a container) giving it the username and password, mongodb will configure itself on the first run and never again! Until you create a new container for that service, the default user/pass will be the ones set initially. If you want to change the default, a new container must be created. You can also add users after the container has started.

Only stopping the service containers (docker-compose stop) will not destroy de container. To do so, call docker-compose down or, when starting, call docker-compose up --force-recreate.

Regards