This site is being rebuilt and designed in public. Please excuse placeholder content, broken design, etc.!

Blog post: Strapi, Azure Cosmos DB Emulator, and SSL

Random development note from another project I'm working on using Strapi as the back end. I'm going to set it up using Mongo DB but I'm going to use Azure to host the back end so I wanted to try Azure Cosmos DB.

However, setting up the local Azure Cosmos DB Emulator on Windows has been... difficult. Mostly it's because of SSL. The emulator sets up a self-signed certificate, but Node doesn't like that idea, it give you trouble with rejected certificates and connections at multiple points. This is just for local development, and is really just for a POC at this point so I do not want to go to the hassle of getting this working the "right" way.

Another complication is that Strapi assumes you'll be entering all of the Mongo DB connection parameters as individual values, but the DB emulator only gives you a connection string, not the individual parameters. Now, those parmeters are part of the connection string, but regardless of what I tried it wouldn't work. I even found a guide that claimed to work, but some of the details were different due to different versions.

Here's what I ended up doing. Note that this is for development only -- these changes are insecure and should not be used in production.

In my .env file, I added two values:

NODE_TLS_REJECT_UNAUTHORIZED=0

That tells Node to accept self-signed certificates. It triggers a security warning in the console at compile time (as well it should).

DATABASE_URI=mongodb://localhost:C2y6yDjf5%2FR%2Bob0N8A7Cgv30VRDJIWEHLM%2B4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw%2FJw%3D%3D@localhost:10255/admin?ssl=true&tlsInsecure=true

That sets the connection string for your local environment. Make sure you change "admin" (highlighted in bold) to match the name of the database you create in the emulator. It seems that this name must be purely alphanumeric—when I tried to use a hyphen, I got errors. Note, as far as I can tell, all instances of Azure Cosmos DB emulator seem to use the exact same password.

Make sure you add the tlsInsecure=true parameter to the end of the connection string. This tells Mongo DB to accept insecure connections (again, not production-safe!).

Then, in Strapi's database config file (/config/database.js), instead of specifying each value individually, just pass a "uri" as the only value in the settings object:

module.exports = ({ env }) => ({
defaultConnection: 'default',
connections: {
default: {
connector: 'mongoose',
settings: {
uri: env('DATABASE_URI', 'NO CONNECTION STRING FOUND'),
// host: env('DATABASE_HOST', '127.0.0.1'),
// srv: env.bool('DATABASE_SRV', false),
// port: env.int('DATABASE_PORT', 10255),
// database: env('DATABASE_NAME', 'chopin-list-db'),
// username: env('DATABASE_USERNAME', "localhost"),
// password: env('DATABASE_PASSWORD', ""),
},
options: {
// authenticationDatabase: env('AUTHENTICATION_DATABASE', ""),
// ssl: env.bool('DATABASE_SSL', true),
},
},
},
});

I left the original code in place but commented out so you can see the difference.

Next step will be to set up proper dev and production .env files with valid connection strings specific to each (and obviously no NODE_TLS_REJECT_UNAUTHORIZED setting in the production one!).

Socials