This is a working instructional to deploy a Mongo 3.2.7 remote database with the following (as of January 8th, 2017):
- DigitalOcean Ubuntu 14.04 One-click Mongo app
- DB Connection Authentiation
- Server Firewall
The following are missing from this instructional:
- SSL setup
- Clusters/Sharding
This is Part 2 of the Meteor/MongoDB deployment instructions where we'll setup a remote Mongo database to use for our production Meteor application. Meteor setup instructions as Part 1 can be found here.
Although the intent is to get it set up for the Meteor app, you can still basically use the entirety of this guideline for any other application.
Please feel free to leave comments, questions, or edits as you see fit! I am by no means claiming to be an expert in anything. I just wanted to share a truly end-to-end working solution. Cheers!
- Login to DigitalOcean
- Create a new droplet
- Select "One-click Apps"
- Select "MongoDB 3.2.7 on 14.04"
ssh root@xxx.xxx.xx.xxx
- Shutdown current mongod process:
$ mongo
> use admin;
> db.shutdownServer();
mkdir /data; mkdir /data/db1- Start Mongo daemon without auth:
mongod --port 27017 --dbpath /data/db1 - Open a new terminal tab and add user:
$ mongo
> use admin;
> db.createUser({user: "your_username", pwd: "your_password", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]});
> db.auth("your_username", "your_password"); // login
- Create a separate database for your app:
> use yourappname;
> db.createUser({user: "your_username", pwd: "your_password", roles: ["dbOwner"]});
> db.auth("your_username", "your_password");
- Shutdown mongod in previous tab:
mongod --shutdown --dbpath /data/db1 sudo nano /etc/mongod.confand edit the following:
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /data/db // <- HERE
journal:
enabled: true
# engine: wiredTiger
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
processManagement: // <- HERE
fork: true // <- HERE
pidFilePath: /var/log/mongodb/mongod-pid.log // <- HERE
# network interfaces
net:
port: [5_DIGIT_PORT_#_OF_CHOICE] // <- HERE
# ssl:
# mode: requireSSL
# PEMKeyFile: /etc/ssl/mongodb.pem
# CAFile: /etc/ssl/mongodb-cert.crt
# allowInvalidCertificates: true
bindIp: 0.0.0.0 // <- HERE
security: // <- HERE
authorization: enabled // <- HERE
operationProfiling: // <- HERE
mode: slowOp // <- HERE
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
- Add input/output firewall settings for production server. If you want to add more addresses, enter separately as needed:
iptables -A INPUT -s xxx.xxx.xx.xxx -p tcp --destination-port YOUR_PORT_# -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -d xxx.xxx.xx.xxx -p tcp --source-port YOUR_PORT_# -m state --state ESTABLISHED -j ACCEPT
(Here is where you'll want to add your Meteor DigitalOcean droplet IP address if you're also following [these instructions)[https://gist.github.com/sunlee-newyork/b4d2a57fd2bb44fdf5f8b7e0f0a5ff52].)
- Check iptables:
sudo iptables -L --line-numbers - If you need to delete an accidental entry, get the line number and run:
sudo iptables -D INPUT 1whereINPUTis either INPUT or OUTPUT, and1is the line number. - Run forked mongo daemon:
mongod --config /etc/mongod.conf
- [MongoDB - Enable Auth](https://docs.mongodb .com/manual/tutorial/enable-authentication/)
- MongoDB - db.createUser()
- MongoDB - db.updateUser()
- MongoDB - Users
- MongoDB - Manage Users and Roles
- MongoDB - Enable Auth
- MongoDB - Manage mongod Processes
- MongoDB - Configure Linux iptables Firewall for MongoDB
- MongoDB - Connection String URI Format
- How To Use the MongoDB One-Click Application
- How to Install MongoDB on Ubuntu 16.04
- How to secure MongoDB with username and password
- Deploy ignoring external mongodb / url
- How To List and Delete Iptables Firewall Rules
- How do I specify mongodb's config file?
- MongoDB “root” user