MongoDB is a popular open-source, document-oriented NoSQL database that provides high performance, scalability, and flexibility. It is widely used in modern web applications due to its ability to store and manage large volumes of unstructured data. MongoDB can be installed on various operating systems, including Ubuntu 22.04.
In this tutorial, we will walk through the steps to install and secure MongoDB on Ubuntu 22.04. We will cover the installation process for both the Community and Enterprise editions of MongoDB. Additionally, we will go through the process of securing MongoDB with authentication, SSL/TLS encryption, and firewall rules.
In this article, we will cover the following topics:
- Installing MongoDB on Ubuntu 22.04
- Securing MongoDB with a password
- Enabling authentication for MongoDB
- Restricting access to MongoDB
- Opening Port in the Firewall with UFW
Prerequisites
Before we proceed, please make sure that you have a fresh installation of Ubuntu 22.04 and a non-root user with sudo privileges. Also, make sure your system is up-to-date by running the following command:
sudo apt update and sudo apt upgrade
sudo apt install gnupg2
Once your system is up-to-date, we can proceed with the installation of MongoDB.
Step 1: Installing MongoDB
Installing MongoDB on Ubuntu is a relatively simple process. You can either install it using the Ubuntu package manager, or you can download it directly from the MongoDB website.
The below steps will configure the official MongoDB PPA to your Ubuntu system and install it:
-
Import the MongoDB GPG key:
- Add the MongoDB repository to your system’s package manager:
sudo sh -c 'echo "deb [ arch=amd64,arm64 signed-by=/etc/apt/keyrings/mongodb.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" >> /etc/apt/sources.list.d/mongo.list'
This command will add the MongoDB repository to the list of repositories in your system’s package manager.
- Update the list of available packages:
sudo apt update
This command will update the list of available packages to include the packages in the MongoDB repository.
- Install MongoDB:
sudo apt install mongodb-org
This command will install the latest stable version of MongoDB from the MongoDB repository.
- Start the MongoDB service:
sudo systemctl start mongod
This command will start the MongoDB service.
wget -nc https://www.mongodb.org/static/pgp/server-6.0.asc
cat server-6.0.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/mongodb.gpg >/dev/null
These commands will import the GPG key for the MongoDB repository, which is used to verify the authenticity of the packages in the repository.
The above steps will successfully install MongoDB on a Ubuntu system.
Next, it is important to enabling authentication for the MongoDB database. This will require users to enter a username and password in order to access the database. Without authentication enabled, anyone with access to the server would be able to view and modify the data in the database.
Step 2: Securing MongoDB with a Password
By default, MongoDB does not require a password to access the database. However, it is recommended to set a password to secure the database and prevent unauthorized access.
To set a password for MongoDB, follow these steps:
- Connect to the MongoDB shell:
mongosh
This command will open the MongoDB shell, which is a command-line interface for interacting with the database.
- Switch to the admin database:
use admin
This command will switch to the
`admin`
database, which is used to manage the users and roles in the database. - Exit the MongoDB shell:
exit
db.createUser({
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
})
Replace `admin`
and `password`
with the desired username and password for the new user. This command will create a new user with the `root`
role in the `admin`
database. The root role has full access to all database resources and functions.
Step 3: Enabling Authentication
By default, MongoDB does not require authentication to access the database. However, it is recommended to enable authentication to secure the database and prevent unauthorized access.
To enable authentication for MongoDB, follow these steps:
- Edit the MongoDB configuration file:
sudo nano /etc/mongod.conf
This command will open the MongoDB configuration file in the Nano text editor.
- Find the security section in the configuration file and add the following lines:
security: authorization: enabled
This will enable the authorization feature for MongoDB, which requires users to authenticate with a username and password to access the database.
- Save the changes and exit the text editor.
- Restart the MongoDB service:
sudo systemctl restart mongod
This command will apply the changes to the MongoDB configuration and restart the service.
Step 4: Restricting Access to MongoDB
By default, MongoDB allows connections from any IP address. However, it is recommended to restrict access to the database to specific IP addresses or ranges to improve security.
To restrict access to MongoDB, follow these steps:
- Edit the MongoDB configuration file:
sudo nano /etc/mongod.conf
This command will open the MongoDB configuration file in the Nano text editor.
- Find the net section in the configuration file and add the following lines:
net: bindIp: 127.0.0.1,192.168.1.0/24
Replace 127.0.0.1,192.168.1.0/24 with the desired IP addresses or ranges to allow. This will restrict access to the database to the specified IP addresses or ranges.
- Save the changes and exit the text editor.
- Restart the MongoDB service:
sudo systemctl restart mongod
This command will apply the changes to the MongoDB configuration and restart the service.
Step 5: Opening Firewall Port (UFW)
To open the MongoDB port (27017) in the firewall on a system running ufw, follow these steps:
- Check the status of the firewall:
sudo ufw status
This command will show the current status of the firewall. If the firewall is not active, you will need to start it before you can open the MongoDB port.
- If the firewall is not active, start it by running the following command:
sudo ufw enable
This command will enable the firewall and allow incoming connections to the system.
- Open the MongoDB port in the firewall:
sudo ufw allow 27017
This command will open the MongoDB port (27017) in the firewall and allow incoming connections to the port.
- Check the list of open ports to verify that the MongoDB port is open:
sudo ufw status
After these steps, the MongoDB port should be open in the firewall and you should be able to connect to the database from other systems.
Conclusion
In this article, we covered how to install and secure MongoDB on Ubuntu 22.04. We covered how to install MongoDB, set a password, enable authentication for the database, and restrict access to specific IP addresses or ranges. By following these steps, you can ensure that your MongoDB installation is secure and only accessible to authorized users.
I hope this helps you understand how to install and secure MongoDB on Ubuntu 22.04. If you have any further questions, please don’t hesitate to ask.