Install and Secure MongoDB on Ubuntu 22.04

MongoDB is a document-oriented NoSQL database used for high volume data storage. Instead of using tables and rows as in the traditional relational databases, MongoDB makes use of collections and documents. Documents consist of key-value pairs which are the basic unit of data in MongoDB. Collections contain sets of documents and function which is the equivalent of relational database tables.

In today's tutorial, we will learn how to install and secure MongoDB on Ubuntu 22.04. To install and secure MongoDB on Ubuntu 22.04, follow these steps

  • Step 1: Installing MongoDB
  • Step 2: Securing MongoDB with a Password
  • Step 3: Enabling Authentication
  • Step 4: Restricting Access to MongoDB

Before start, please make sure that you have a fresh installation of Ubuntu 22.04 and a non-root user with sudo privileges. Also, make sure your system is up-to-date by running the following command:

sudo apt update
sudo apt upgrade 
sudo apt install gnupg2

Once your system is up-to-date, we can proceed with the installation of MongoDB.

Step 1: Installing MongoDB

Deploying MongoDB on Ubuntu proves to be a straightforward endeavor, with the option to either utilize the Ubuntu package manager or directly obtain it from the MongoDB website.

The below steps will configure the official MongoDB PPA to your Ubuntu system and install it:

 Import the MongoDB GPG key:

wget -nc https://www.mongodb.org/static/pgp/server-6.0.asc 
cat server-6.0.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/mongodb.gpg >/dev/null 

These commands serve the purpose of importing the GPG key associated with the MongoDB repository, a crucial step in ensuring the legitimacy and integrity of the packages contained within the repository.

Add the MongoDB repository to your system’s package manager:

sudo sh -c 'echo "deb [ arch=amd64,arm64 signed-by=/etc/apt/keyrings/mongodb.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" >> /etc/apt/sources.list.d/mongo.list'

This command will add the MongoDB repository to the list of repositories in your system’s package manager.

Update the list of available packages:

sudo apt update

This command will update the list of available packages to include the packages in the MongoDB repository.

Install MongoDB:

sudo apt install mongodb-org

This command will install the latest stable version of MongoDB from the MongoDB repository.

Start the MongoDB service:

sudo systemctl start mongod

This command will start the MongoDB service.

The above steps will successfully install MongoDB on a Ubuntu system.

Subsequently, it's essential to enable authentication for the MongoDB database. This precaution necessitates users to provide a username and password for database access. Without authentication, unrestricted server access could lead to unauthorized data viewing and modification.

Step 2: Securing MongoDB with a Password

While MongoDB typically operates without a mandatory password for database access by default, it is strongly advised to establish a password for enhanced database security and to thwart unauthorized access.

To establish a password for MongoDB, adhere to these procedural steps:

Connect to the MongoDB shell:

mongosh

This command initiates the MongoDB shell, a command-line interface used for interacting with the database.

Switch to the admin database:

use admin

Executing this command will transition to the admin database, specifically designed for overseeing users and roles within the database.

db.createUser({
  user: "admin",
  pwd: "password",
  roles: [ { role: "root", db: "admin" } ]
})

Substitute admin and password with your chosen username and password. This command will generate a new user endowed with the root role within the admin database, granting comprehensive access to all database resources and functions.

Exit the MongoDB shell:

exit

Step 3: Enabling Authentication

While MongoDB typically allows database access without requiring authentication by default, it is strongly recommended to enable authentication as a security measure to safeguard the database and prevent unauthorized access.

To enable authentication for MongoDB, follow these steps:

1. Edit the MongoDB configuration file:

sudo nano /etc/mongod.conf

This command opens the MongoDB configuration file using the Nano text editor.

Find the security section in the configuration file and add the following lines:

security:
  authorization: enabled

This action will activate the authorization feature in MongoDB, compelling users to authenticate using a username and password before gaining access to the database.

Save the changes and exit the text editor.

Restart the MongoDB service:

sudo systemctl restart mongod

Executing this command will enforce the alterations made to the MongoDB configuration and subsequently restart the service.

Step 4: Restricting Access to MongoDB

MongoDB, by default, permits connections from any IP address. Nonetheless, it is advisable to enhance security by limiting database access exclusively to designated IP addresses or predefined ranges.

To impose restrictions on MongoDB access, follow these outlined steps:

Edit the MongoDB configuration file:

sudo nano /etc/mongod.conf

Execute this command to launch the MongoDB configuration file within the Nano text editor.

Find the net section in the configuration file and add the following lines:

net:
  bindIp: 127.0.0.1,192.168.1.0/24

Substitute 127.0.0.1 and 192.168.1.0/24 with your preferred IP addresses or ranges. This action will confine database access exclusively to the specified IP addresses or ranges.

Save the changes and exit the text editor.

Restart the MongoDB service:

sudo systemctl restart mongod

Execute this command to implement the adjustments to the MongoDB configuration and subsequently restart the service.

Step 5: Opening Firewall Port (UFW)

To unblock the MongoDB port (27017) within the firewall on a system utilizing ufw, adhere to these steps:

Check the status of the firewall:

sudo ufw status

This command will display the current status of the firewall. In case the firewall is inactive, you must initiate it before proceeding to open the MongoDB port.

If the firewall is not active, start it by running the following command:

sudo ufw enable

This command will activate the firewall and permit incoming connections to the system.

Open the MongoDB port in the firewall:

sudo ufw allow 27017

This command will unblock the MongoDB port (27017) in the firewall, permitting incoming connections to that port.

Check the list of open ports to verify that the MongoDB port is open:

sudo ufw status

Following these procedures, the MongoDB port should be accessible through the firewall, enabling you to establish connections to the database from other systems.

Conclusion

In this article, we have comprehensively addressed the installation and security aspects of MongoDB on Ubuntu 22.04. 

Thanks for reading !!!

#ubuntu #mongodb 

Install and Secure MongoDB on Ubuntu 22.04
1.10 GEEK