Enhancement: allow users to setup password on mongodb

[CXwudi]

What features would you like to see added?

Support username and password for mongo DB from docker compose

More specifically, support the following mongo DB URI format in MONGO_URI environment variables:

mongodb://<username>:<password>@<host>/<database>

More details

LibreChat/docker-compose.yml

Line 35 in e7f6b22

command: mongod --noauth

It is not secured to run any database without a password.

However, currently LibreChat doesn't support locally hosted mongo DB with a password. Doing so will results in the following error:

[email protected] backend
cross-env NODE_ENV=production node api/server/index.js

2024-02-04 16:42:15 info: [Optional] Redis not initialized. Note: Redis support is experimental.
2024-02-04 16:42:19 error: KeyvMongo connection error: Authentication failed.
2024-02-04 16:42:19 error: There was an uncaught error: Authentication failed.

The example docker compose yaml file I used is following:

  librechat:
    # librechat configs...

  mongodb:
    image: mongo
    container_name: librechat-mongodb
    environment:
      - MONGO_INITDB_ROOT_USERNAME=my_admin
      - MONGO_INITDB_ROOT_PASSWORD=my_password
    volumes:
      - librechat-mongodb-data:/data/db

And for the LibreChat config, I simply set MONGO_URI=mongodb://my_admin:my_password@mongodb:27017/LibreChat

Which components are impacted by your request?

General

Pictures

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[danny-avila]

This is the perfect use case for using the docker-compose.override.yml file: https://docs.librechat.ai/install/configuration/docker_override.html

It's more than possible to authenticate the database and passing credentials to the URI. It's not working for you because you need to add the admin user to the database.

This part cannot be automated which is why we use --no-auth; otherwise, we would be determining the database password for others which is arguably just as or more insecure: every docker instance of LibreChat would have a default user:pass enabled for their setup. The ports are closed by default to help mitigate access to the non-authenticated local database.

I'm doing a write up on how to authenticate the DB in response to your concern, as more steps are needed, and the docs are lacking at the moment.

[berry-13]

It is not secured to run any database without a password

btw @CXwudi, I don't want to be rude, but in our docker-compopse it wasn't exposed, so even without a password, there wouldn't have been any problems

[CXwudi]

@danny-avila thanks for your fast and informative response to my question. I see the problem is still on my side and guess I will have to deep in more to figure out the proper way to setup the mongo DB container with a password. Also thanks for your PR for adding documentation on mongo DB authentication. I will definitely check it out once it is merged.

@berry-13 no worry, and yes I knew the port is not exposed, so I am not too worrying. I am just too used to adding an authentication to the database, which I always do when setting up a relational SQL DB container

[CXwudi]

I've returned with a workaround regarding the issue of setting up user authentication with Docker's official MongoDB image, which seems to have a few quirks.

For reference, see these discussions:

• Initialization of a user defined database, username, and password using environment variables docker-library/mongo#329
• Initialize admin username/password and DB doesn't seems to be working ... docker-library/mongo#174

A straightforward alternative is to switch to the Bitnami MongoDB image. Below is a sample docker-compose configuration that works with this image:

services:
  librechat:
    # Additional LibreChat configurations...
    env_file:
      - db.env # Uses an environment file for MongoDB to prevent MONGO_URI hardcoding.
      - .env
    environment:
      - MONGO_URI=mongodb://${MONGODB_USERNAME}:${MONGODB_PASSWORD}@mongodb:27017/${MONGODB_DATABASE}

  mongodb:
    image: bitnami/mongodb
    container_name: librechat-mongodb
    volumes:
      - librechat-mongodb-data:/bitnami/mongodb/
    env_file:
      - db.env

volumes:
  librechat-mongodb-data:

The db.env should be set up as follows:

# You must specify either MONGODB_ROOT_PASSWORD with a value or ALLOW_EMPTY_PASSWORD=yes
MONGODB_ROOT_PASSWORD=<a robust root password>
MONGODB_USERNAME=<desired username>
MONGODB_PASSWORD=<desired password>
MONGODB_DATABASE=LibreChat

For those who prefer to stick with the official MongoDB image despite its setup quirks, one needs to craft a basic .js script that the MongoDB container will execute during initialization to establish user credentials. An example script can be found in this comment on issue #174.

[danny-avila]

Thanks @CXwudi

if you'd like to submit a PR, please write a guide within and making use of the docker-override file: docs/install/configuration/docker_override.md, which points to: https://docs.librechat.ai/install/configuration/docker_override.html

one needs to craft a basic .js script

I followed along some guides/posts on stackoverflow for this, but they didn't work for me. However, I have a fairly simple method that works through just terminal setup that I will be closing this issue with in #1724

[danny-avila]

Docs now live: https://docs.librechat.ai/install/configuration/docker_override.html#mongodb-authentication

[CXwudi]

Wow, I didn't realize the setup is way complex than I thought until I read your new documentation. Thanks for writing this up