MongoDB is a document-oriented NoSQL database used for high volume data storage. Instead of using tables and rows as in the traditional relational databases, MongoDB makes use of collections and documents. Documents consist of key-value pairs which are the basic unit of data in MongoDB. Collections contain sets of documents and function which is the equivalent of relational database tables.
In today's tutorial, we will learn how to install and secure MongoDB on Ubuntu 22.04. To install and secure MongoDB on Ubuntu 22.04, follow these steps
Before start, please make sure that you have a fresh installation of Ubuntu 22.04 and a non-root user with sudo privileges. Also, make sure your system is up-to-date by running the following command:
sudo apt update
sudo apt upgrade
sudo apt install gnupg2
Once your system is up-to-date, we can proceed with the installation of MongoDB.
Deploying MongoDB on Ubuntu proves to be a straightforward endeavor, with the option to either utilize the Ubuntu package manager or directly obtain it from the MongoDB website.
The below steps will configure the official MongoDB PPA to your Ubuntu system and install it:
Import the MongoDB GPG key:
wget -nc https://www.mongodb.org/static/pgp/server-6.0.asc
cat server-6.0.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/mongodb.gpg >/dev/null
These commands serve the purpose of importing the GPG key associated with the MongoDB repository, a crucial step in ensuring the legitimacy and integrity of the packages contained within the repository.
Add the MongoDB repository to your system’s package manager:
sudo sh -c 'echo "deb [ arch=amd64,arm64 signed-by=/etc/apt/keyrings/mongodb.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" >> /etc/apt/sources.list.d/mongo.list'
This command will add the MongoDB repository to the list of repositories in your system’s package manager.
Update the list of available packages:
sudo apt update
This command will update the list of available packages to include the packages in the MongoDB repository.
Install MongoDB:
sudo apt install mongodb-org
This command will install the latest stable version of MongoDB from the MongoDB repository.
Start the MongoDB service:
sudo systemctl start mongod
This command will start the MongoDB service.
The above steps will successfully install MongoDB on a Ubuntu system.
Subsequently, it's essential to enable authentication for the MongoDB database. This precaution necessitates users to provide a username and password for database access. Without authentication, unrestricted server access could lead to unauthorized data viewing and modification.
While MongoDB typically operates without a mandatory password for database access by default, it is strongly advised to establish a password for enhanced database security and to thwart unauthorized access.
To establish a password for MongoDB, adhere to these procedural steps:
Connect to the MongoDB shell:
mongosh
This command initiates the MongoDB shell, a command-line interface used for interacting with the database.
Switch to the admin database:
use admin
Executing this command will transition to the admin
database, specifically designed for overseeing users and roles within the database.
db.createUser({
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
})
Substitute admin
and password
with your chosen username and password. This command will generate a new user endowed with the root
role within the admin
database, granting comprehensive access to all database resources and functions.
Exit the MongoDB shell:
exit
While MongoDB typically allows database access without requiring authentication by default, it is strongly recommended to enable authentication as a security measure to safeguard the database and prevent unauthorized access.
To enable authentication for MongoDB, follow these steps:
sudo nano /etc/mongod.conf
This command opens the MongoDB configuration file using the Nano text editor.
Find the security section in the configuration file and add the following lines:
security:
authorization: enabled
This action will activate the authorization feature in MongoDB, compelling users to authenticate using a username and password before gaining access to the database.
Save the changes and exit the text editor.
Restart the MongoDB service:
sudo systemctl restart mongod
Executing this command will enforce the alterations made to the MongoDB configuration and subsequently restart the service.
MongoDB, by default, permits connections from any IP address. Nonetheless, it is advisable to enhance security by limiting database access exclusively to designated IP addresses or predefined ranges.
To impose restrictions on MongoDB access, follow these outlined steps:
Edit the MongoDB configuration file:
sudo nano /etc/mongod.conf
Execute this command to launch the MongoDB configuration file within the Nano text editor.
net:
bindIp: 127.0.0.1,192.168.1.0/24
Substitute 127.0.0.1
and 192.168.1.0/24
with your preferred IP addresses or ranges. This action will confine database access exclusively to the specified IP addresses or ranges.
Save the changes and exit the text editor.
Restart the MongoDB service:
sudo systemctl restart mongod
Execute this command to implement the adjustments to the MongoDB configuration and subsequently restart the service.
To unblock the MongoDB port (27017) within the firewall on a system utilizing ufw, adhere to these steps:
Check the status of the firewall:
sudo ufw status
This command will display the current status of the firewall. In case the firewall is inactive, you must initiate it before proceeding to open the MongoDB port.
If the firewall is not active, start it by running the following command:
sudo ufw enable
This command will activate the firewall and permit incoming connections to the system.
Open the MongoDB port in the firewall:
sudo ufw allow 27017
This command will unblock the MongoDB port (27017) in the firewall, permitting incoming connections to that port.
Check the list of open ports to verify that the MongoDB port is open:
sudo ufw status
Following these procedures, the MongoDB port should be accessible through the firewall, enabling you to establish connections to the database from other systems.
In this article, we have comprehensively addressed the installation and security aspects of MongoDB on Ubuntu 22.04.
Thanks for reading !!!