Compose for MongoDB oplog SSL connection

Hi all,
I am planing the migrating of my production Meteor application database, currently on MongoDB Classic (v3.0) to their “Compose for MongoDB” service (v3.6), due to the MongodB Classic EOL 30 June this year. Excited to be able to use SSL encryption to secure traffic between the db and the application. I have created an empty database to experiment with. So far, I have successfully connected my application (running locally) to the new MongoDB database using MONGO_URL connection strings with SSL enabled. Because they use Lets Encrypt, I did not need to provide a copy of a certificate. All is good.

BUT, I cannot figure out how to also connect to their the oplog add-in, also with SSL enabled. It seems that their oplog add-in still requires the use of a self-signed certificate, instead of using Lets Encrypt. How can I configure my Meteor application to use the certificate-less connection for MONGO_URL (which I have got working), but at the same time provide the self-signed certificate for the MONGO_OPLOG_URL connection? Has anyone out there figured this out? I have looked at the Mongo.setConnectionOptions api, but that does not seem configurable to apply only to the oplog connection made by the oplog observe driver.

I have contacted support, but appear to be having difficulty in describing what I want to achieve. I assume wanting to use SSL for both the MONGO_URL and MONGO_OPLOG_URL connections is a common use case, so I would be very grateful if someone in the community can give me some pointers. Thanks!

Update (3rd April 2020): I removed and re-added the oplog add-in, but this time without SSL (but still using SSL for the MONGO_URL connection). Using the new MONGO_OPLOG_URL connection string (ie. now without the ?ssl=true parameter) worked seemingly fine. So, that seems to confirm my understanding of the underlying problem … uses two different mechanisms to SSL- secure the main db connection (Lets Encrypt) and the oplog connection (self-signed certificate). Is there a workround in Meteor to handle that (ie. provide a separate cert to the Meteor MongoDB connection used for connecting to the oplog)?

Hi @rsbatech, see if this PR would help. We’re discussing a couple of ways to configure mongoDB options.

@filipenevola might be a good person to answer this.

Just looping @hanley in. He’s had some recent experience with Compose.
And the relevant conversation: [solved] Mongo error after updating to 1.10.1

@paulishca We haven’t enabled oplog yet so I’m of no help here.

Realizing the oplog is recommended for meteor apps we tried enabling it and ran into the same issue with Compose. Someone suggested switching to Atlas so we did. I highly recommend doing so because:

  1. No self-signing certs for the oplog so it was easy to implement
  2. There’s a helpful step-by-step walkthrough, including oplog-specific steps at: It’s a little dated but still helpful.
  3. Easy migration (they have several docs to help walk you through migrating from other DB providers including Compose)
  4. Their metrics are miles beyond compose. Everything you need to know about how your database is performing in real time, including automatic indexing suggestions.

Thanks! I was already thinking along the same lines…

Great articles thanks for sharing this awesome blogs

Did you reach out to Compose on this? It seems weird to use two different SSL mechanisms here.