Is it possible to have different ports for TLS/SSL and plain text requests on the same MongoDB instance?

Dear Community,

I hope this message finds you well. I have a question regarding the configuration of MongoDB instances.

I am currently exploring the possibility of configuring MongoDB to listen on two different ports: one for TLS/SSL encrypted connections and another for plain text requests. Could you please provide guidance on how to achieve this configuration, if it’s possible? Additionally, if there are any potential implications or best practices associated with such a setup, I would greatly appreciate your insights.

Thank you in advance for your assistance.

Best regards,

Hi @Lynx

mongod can only bind to one port but mongod can accept both TLS and plain connections.

When the tlsMode is configured to allowTLS or preferTLS both plain and TLS connections are permitted. The intention of these modes is to allow a rolling transition from a non-tls cluster to one requiring TLS.

I think most people would advice in general to use TLS, but in particular if you are going through the trouble of configuring TLS then use it and don’t allow plain text.

Hi,

Thank you so much for your response and for clarifying the operation of tlsMode in MongoDB. It’s reassuring to know that MongoDB can accept both TLS and plaintext connections, which provides flexibility in configuration.

I understand the recommendation to use TLS as a general best practice, especially if it’s already being set up, but your point about the gradual transition is well taken.

I’d like to take this opportunity to ask if you have any alternative solutions in mind for achieving a listener with TLS and another with plaintext. For example, would it be feasible to use a load balancer like F5 to route connections, allowing some clients to access via TLS and others directly to MongoDB in plaintext?

I really appreciate your assistance and any additional insights you may have.

Best regards,

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.