In this tutorial we'll learn install and secure MongoDB on Ubuntu 24.04 Server.
We understand the importance of setting up a reliable and secure database for your applications. MongoDB, a popular NoSQL database, offers flexibility, scalability, and ease of use, making it ideal for various use cases. In this guide, we will walk you through the process of installing MongoDB on Ubuntu 24.04 and securing it for production use. Additionally, we’ll cover basic CRUD (Create, Read, Update, Delete) operations to help you get started.
Prerequisites
- A Ubuntu 24.04 installed dedicated server or KVM VPS.
- A root user or normal user with administrative privileges.
- Basic Linux command knowledge.
Step 1: Install MongoDB
To get started, we will first install MongoDB on our Ubuntu 24.04 server. Follow these steps to install MongoDB:
sudo apt update
Import the public key
To import the MongoDB public GPG key, run the following command:
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg \
--dearmor
Add the MongoDB repository to your system.
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
Update the package list again to include the MongoDB repository.
sudo apt update
Install MongoDB
Now, install MongoDB using the following command:
sudo apt-get install -y mongodb-org
This will install MongoDB and its associated tools, such as the mongod daemon and the mongo shell.
Start MongoDB
After installation, we need to start the MongoDB service.
sudo systemctl start mongod
Enable MongoDB to Start on Boot
To ensure that MongoDB starts automatically when the server reboots, run the following command:
sudo systemctl enable mongod
Verify MongoDB Installation
Check the status of the MongoDB service to ensure it’s running.
sudo systemctl status mongod
You should see that the service is active (running).
Step 2: Secure MongoDB
By default, MongoDB listens on all IP addresses and does not require authentication. For security reasons, it is important to configure MongoDB to require authentication and bind it to a specific IP address. Here's how we can secure MongoDB:
- Configure MongoDB to Require Authentication
- Open the MongoDB configuration file.
sudo nano /etc/mongod.conf
In this file, locate the following section:
security:
authorization: "enabled"
Ensure that the authorization setting is enabled. This ensures that MongoDB will require authentication for all connections.
Bind MongoDB to Localhost
In the same configuration file, find the bindIp setting under net and change it to only listen on localhost (127.0.0.1). This ensures that MongoDB is only accessible from the local machine by default.
net:
bindIp: 127.0.0.1
Restart MongoDB
After making these changes, restart MongoDB to apply the configuration.
sudo systemctl restart mongod
Create an Admin User
Now, we need to create an admin user to authenticate against MongoDB. First, connect to the MongoDB shell as the default admin.
mongosh
Switch to the admin database.
use admin
Create an admin user with the following command:
db.createUser({
user: "admin",
pwd: "your_secure_password",
roles: [{ role: "root", db: "admin" }]
})
Replace "your_secure_password" with a strong password of your choice.
Enable Remote Access (Optional)
If you need to access MongoDB from other servers, you can bind MongoDB to additional IP addresses. To allow connections from specific IP addresses, modify the bindIp setting in /etc/mongod.conf and restart MongoDB.
Step 3: Basic CRUD Operations in MongoDB
Now that MongoDB is installed and secured, let’s cover basic CRUD operations using the MongoDB shell.
Connect to MongoDB
To start working with MongoDB, connect to the database using the mongo shell.
mongosh -u admin -p your_secure_password --authenticationDatabase admin
Create a Database
To create a new database, use the use command:
use myDatabase
MongoDB will automatically create the database when you first insert data.
Create a Collection
Collections are equivalent to tables in relational databases. To create a collection, insert a document into it.
db.createCollection("users")
Insert Documents
To insert documents into the collection, use the insertOne or insertMany methods:
db.users.insertOne({
name: "John Doe",
email: "john@example.com",
age: 30
})
Query Documents
To retrieve documents from a collection, use the find method:
db.users.find({ name: "John Doe" })
This will return all documents where the name field matches "John Doe."
Update Documents
To update documents, use the updateOne or updateMany method:
db.users.updateOne(
{ name: "John Doe" },
{ $set: { age: 31 } }
)
Delete Documents
To delete documents, use the deleteOne or deleteMany method:
db.users.deleteOne({ name: "John Doe" })
Step 4: Additional Security Measures
- To further enhance the security of your MongoDB instance, consider the following measures:
- Enable TLS/SSL Encryption: This encrypts data in transit between MongoDB and clients.
- Use Role-Based Access Control (RBAC): Assign specific roles and permissions to users based on the principle of least privilege.
- Configure IP Whitelisting: Limit access to MongoDB by specifying which IP addresses can connect.
Conclusion
In this tutorial we've learnt install and secure MongoDB on Ubuntu 24.04 server and basic CRUD operations of MongoDB on an Ubuntu 24.04 server. Securing MongoDB with authentication and binding it to localhost is crucial for protecting your data. By following this guide, you are now ready to utilize MongoDB in a secure production environment.
Feel free to explore further MongoDB features and security best practices to ensure your database remains robust and secure.
