Skip to content

Instantly share code, notes, and snippets.

@uxjp

uxjp/MongoDB.md

Forked from royz/MongoDB.md
Created June 20, 2023 19:13
Show Gist options
  • Save uxjp/e8a83cc0265f78c794cf6abe78afb6b1 to your computer and use it in GitHub Desktop.
Save uxjp/e8a83cc0265f78c794cf6abe78afb6b1 to your computer and use it in GitHub Desktop.
Download ZIP
MongoDB - install, enable authentication & remote access on Ubuntu 20.04
Raw
MongoDB.md

Install MongoDB 5.x

Source: MongoDB Docs

1. Import the public key used by the package management system

wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -

2. Create a list file for MongoDB

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list

3. Reload local package database

sudo apt update

4. Install the MongoDB packages

sudo apt install -y mongodb-org

5. Start MongoDB

sudo systemctl start mongod

6. Enable auto start on system boot

sudo systemctl enable mongod.service

Enable Authentication

1. Connect to DB

mongosh

2. Create the user administrator

Switch to admin db and create a new user with admin access to all databases.

use admin
db.createUser(
  {
    user: "myAdminUsername",
    pwd: passwordPrompt(), // or cleartext password
    roles: [
      { role: "userAdminAnyDatabase", db: "admin" },
      { role: "readWriteAnyDatabase", db: "admin" }
    ]
  }
)

Now exit out of mongo.

Below is the default /etc/mongod.conf file without any changes. This is here just for referance if we need to revert back any default configuration. No further things to do in this step.

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
#  engine:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1


# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

#security:

#operationProfiling:

#replication:

#sharding:

## Enterprise-Only Options:

#auditLog:

#snmp:

3. Update mongod.conf to enable authentication

Open the mongod.conf file

sudo nano /etc/mongod.conf

Uncomment the security section and add the following

security:
  authorization: enabled
3.1 Change port to something else (optional)

This is totally otpional. The default port for mongodb is 27017. To set this to something else, make the following change.

net:
  port: 12345

4. Restart mongod service

sudo systemctl restart mongod.service

5. Check the changes

After enabling authentication and changing to a custom port, try to connect using following command: mongosh --port <custom port> <auth db name> -u <admin username> -p <admin password> and once connected, make sure that the authentication worked by typing show dbs and it must list the default databses.

Example:

mongosh --port 12345 admin -u myUsername -p myPassword

Enable remote access

1. Update the bindIp property in mongod.conf

  • Allow access from any IP (less secure and not recommended)
net:
  port: 27017 // or any other custom port
  bindIp: 0.0.0.0
  • Allow access from specific IP(s)
net:
  port: 27017 // or any other custom port
  bindIp: 127.0.0.1,192.168.0.10,192.168.0.12

2. Restart mongod service

sudo systemctl restart mongod.service

Make sure to allow the mongo port through firewall

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment