version: '3.9'

services:
  mongo_server_tls:
    container_name: mongo-tls
    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
    restart: always
    environment:
      MONGO_INITDB_DATABASE: mqtt
    volumes:
      - ./certs/server.crt:/etc/certs/cert.pem
      - ./certs/server.key:/etc/certs/key.pem
      - ./certs/ca.crt:/etc/certs/cacert.pem
    networks:
      - emqx_bridge
    ports:
      - "27018:27017"
    command:
      - /bin/bash
      - -c
      - |
        cat /etc/certs/key.pem /etc/certs/cert.pem > /etc/certs/mongodb.pem
        mongod --ipv6 --bind_ip_all \
          --tlsOnNormalPorts \
          --tlsMode requireSSL \
          --tlsCertificateKeyFile /etc/certs/mongodb.pem \
          --tlsCAFile /etc/certs/cacert.pem \
          --tlsDisabledProtocols TLS1_0,TLS1_1 \
          --setParameter opensslCipherConfig='HIGH:!EXPORT:!aNULL:!DHE:!kDHE@STRENGTH'