Navigation
This documentation refers to the on premises version of MongoDB Charts. For documentation on the MongoDB Charts SaaS application in Atlas, click here.

Configure Charts Web Server to Use HTTPS

On this page

You can configure the MongoDB Charts web server to use the HTTPS protocol, as opposed to the default HTTP protocol. With the HTTPS protocol, the web server encrypts your data using SSL, which ensures that the host transmits data securely.

This process differs from configuring SSL for data sources, because this process enables TLS/SSL on the Charts web server itself, rather than configuring a connection to a specific MongoDB deployment with TLS/SSL enabled. When HTTPS is configured, Charts uses the standard HTTPS port 443 by default, and the Charts web server redirects any requests over HTTP (port 80) to the equivalent HTTPS port.

Prerequisites

Before you can configure HTTPS for your MongoDB Charts web server, you must first obtain an SSL key and certificate from an appropriate certification authority. Instructions for obtaining an SSL key and providing a list of trusted certificate authorities are out of scope for this tutorial.

Procedure

To configure the MongoDB Charts web server to use the HTTPS protocol:

1

Uncomment necessary lines of the Docker Compose file.

Uncomment the following variables in the services.charts.environment section of the Compose file you downloaded as part of the Charts installation procedure:

  • CHARTS_HTTPS_CERTIFICATE_FILE
  • CHARTS_HTTPS_CERTIFICATE_KEY_FILE

Replace the values of these variables with the names of your certificate file and key file respectively. The certificate must be in the .pem format and the key file must be a .key file.

Important

The values of these variables must be filenames, not complete file paths. These files are always loaded from the web-certs volume.

2

Copy the certificate and key file to the Charts Docker volume.

The following command copies certificate and key file in the C:\path\to\certs directory to the Charts host. This example uses a wildcard (*) in the file extension of the certificate to copy both mycert.pem and mycert.key to the host:

docker run -it -v mongodb-charts_web-certs:/volume -v /c/path/to/certs:/localcerts alpine sh -c 'cp /localcerts/mycert.* /volume'

Note

This Docker command uses Unix-style paths on Windows.

The following command copies certificates in the /path/to/certs directory to the Charts host. This example uses a wildcard (*) in the file extension of the certificate to copy both mycert.pem and mycert.key to the host:

docker run -it -v mongodb-charts_web-certs:/volume -v /path/to/certs:/localcerts alpine sh -c 'cp /localcerts/mycert.* /volume'

The following command copies certificates in the /path/to/certs directory to the Charts host. This example uses a wildcard (*) in the file extension of the certificate to copy both mycert.pem and mycert.key to the host:

docker run -it -v mongodb-charts_web-certs:/volume -v /path/to/certs:/localcerts alpine sh -c 'cp /localcerts/mycert.* /volume'
3

Redeploy the Charts Docker stack.

If MongoDB Charts is already running, remove the Charts Docker stack using the following command:

docker stack rm mongodb-charts

Before redeploying, execute docker ps a few times until it shows no running Charts containers. It can take a little while for the containers to shut down. Then, relaunch the stack using:

docker stack deploy -c charts-docker-compose-v0.10.0.yml mongodb-charts

Note

If you are using a different version of Charts, replace v0.10.0 with the version number of your release.

4

Check Docker logs to ensure that you have correctly configured HTTPS

First, run the following command to obtain the Docker service ID for MongoDB Charts:

docker service ls

Retrieve the service logs by running the following command using the service ID from the previous step:

docker service logs <service ID>

If there are no errors reported in the logs, MongoDB Charts should now be configured to use HTTPS and will now automatically redirect from the HTTP address to the HTTPS address in a web browser. If the logs return any errors, see the Troubleshooting section for possible solutions to the issues listed.