Requiring TLS only for certain IPs

Hi! I am seeing how to best expose a MongoDB instance which previously only ran on localhost so that it is accessible from outside of the server.

The current setup we have has the app server and MongoDB on the same server so the app connects through localhost:27017. Since the communication never even leaves the server, we did not bother with setting up TLS.

Now we want another component to communicate with the database from another server, so it needs to be exposed. We want to use TLS. No problem there, I was able to get it working. The problem is that when I configure mongod to use TLS and require it, the connection to localhost no longer works, because the hostname, of course, does not match.

Is there a way to allow localhost traffic to not require TLS and all external traffic to do? Or is my only option to change the apps to connect through the server’s external hostname instead of localhost?


1 Like