MongoDB stands as a renowned open-source, document-oriented NoSQL database, renowned for its exceptional performance, scalability, and adaptability. It enjoys widespread popularity among modern web applications, thanks to its adeptness in handling substantial amounts of unstructured data. For those operating on Ubuntu 22.04.
This article will guide you through the steps of not only installing MongoDB but also fortifying its security. We'll delve into installation instructions for both the Community and Enterprise editions of MongoDB, while also exploring the vital aspects of bolstering MongoDB's security through authentication, SSL/TLS encryption, and firewall rules.
Prerequisites
Before we proceed, please make sure that you have a fresh installation of Ubuntu 22.04 and a non-root user with sudo privileges. Also, make sure your system is up-to-date by running the following command:
sudo apt update
sudo apt upgrade
sudo apt install gnupg2
Once your system is up-to-date, we can proceed with the installation of MongoDB.
Step 1: Installing MongoDB
Deploying MongoDB on Ubuntu proves to be a straightforward endeavor, with the option to either utilize the Ubuntu package manager or directly obtain it from the MongoDB website.
The below steps will configure the official MongoDB PPA to your Ubuntu system and install it:
1. Import the MongoDB GPG key:
wget -nc https://www.mongodb.org/static/pgp/server-6.0.asc
cat server-6.0.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/mongodb.gpg >/dev/null
These commands serve the purpose of importing the GPG key associated with the MongoDB repository, a crucial step in ensuring the legitimacy and integrity of the packages contained within the repository.
2. Add the MongoDB repository to your system’s package manager:
sudo sh -c 'echo "deb [ arch=amd64,arm64 signed-by=/etc/apt/keyrings/mongodb.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" >> /etc/apt/sources.list.d/mongo.list'
This command will add the MongoDB repository to the list of repositories in your system’s package manager.
3. Update the list of available packages:
sudo apt update
This command will update the list of available packages to include the packages in the MongoDB repository.
4. Install MongoDB:
sudo apt install mongodb-org
This command will install the latest stable version of MongoDB from the MongoDB repository.
5. Start the MongoDB service:
sudo systemctl start mongod
This command will start the MongoDB service.
The above steps will successfully install MongoDB on a Ubuntu system.
Subsequently, it's essential to enable authentication for the MongoDB database. This precaution necessitates users to provide a username and password for database access. Without authentication, unrestricted server access could lead to unauthorized data viewing and modification.
Step 2: Securing MongoDB with a Password
While MongoDB typically operates without a mandatory password for database access by default, it is strongly advised to establish a password for enhanced database security and to thwart unauthorized access.
To establish a password for MongoDB, adhere to these procedural steps:
1. Connect to the MongoDB shell:
mongosh
This command initiates the MongoDB shell, a command-line interface used for interacting with the database.
2. Switch to the admin database:
use admin
Executing this command will transition to the admin database, specifically designed for overseeing users and roles within the database.
db.createUser({
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
})
Substitute admin and password with your chosen username and password. This command will generate a new user endowed with the root role within the admin database, granting comprehensive access to all database resources and functions.
3. Exit the MongoDB shell:
exit
Step 3: Enabling Authentication
While MongoDB typically allows database access without requiring authentication by default, it is strongly recommended to enable authentication as a security measure to safeguard the database and prevent unauthorized access.
To enable authentication for MongoDB, follow these steps:
1. Edit the MongoDB configuration file:
sudo nano /etc/mongod.conf
This command opens the MongoDB configuration file using the Nano text editor.
2. Find the security section in the configuration file and add the following lines:
security:
authorization: enabled
This action will activate the authorization feature in MongoDB, compelling users to authenticate using a username and password before gaining access to the database.
Save the changes and exit the text editor.
3. Restart the MongoDB service:
sudo systemctl restart mongod
Executing this command will enforce the alterations made to the MongoDB configuration and subsequently restart the service.
Step 4: Restricting Access to MongoDB
MongoDB, by default, permits connections from any IP address. Nonetheless, it is advisable to enhance security by limiting database access exclusively to designated IP addresses or predefined ranges.
To impose restrictions on MongoDB access, follow these outlined steps:
1. Edit the MongoDB configuration file:
sudo nano /etc/mongod.conf
Execute this command to launch the MongoDB configuration file within the Nano text editor.
2. Find the net section in the configuration file and add the following lines:
net:
bindIp: 127.0.0.1,192.168.1.0/24
Substitute 127.0.0.1 and 192.168.1.0/24 with your preferred IP addresses or ranges. This action will confine database access exclusively to the specified IP addresses or ranges.
Save the changes and exit the text editor.
3. Restart the MongoDB service:
sudo systemctl restart mongod
Execute this command to implement the adjustments to the MongoDB configuration and subsequently restart the service.
Step 5: Opening Firewall Port (UFW)
To unblock the MongoDB port (27017) within the firewall on a system utilizing ufw, adhere to these steps:
1. Check the status of the firewall:
sudo ufw status
This command will display the current status of the firewall. In case the firewall is inactive, you must initiate it before proceeding to open the MongoDB port.
2. If the firewall is not active, start it by running the following command:
sudo ufw enable
This command will activate the firewall and permit incoming connections to the system.
3. Open the MongoDB port in the firewall:
sudo ufw allow 27017
This command will unblock the MongoDB port (27017) in the firewall, permitting incoming connections to that port.
4. Check the list of open ports to verify that the MongoDB port is open:
sudo ufw status
Following these procedures, the MongoDB port should be accessible through the firewall, enabling you to establish connections to the database from other systems.
Conclusion
In this article, we have comprehensively addressed the installation and security aspects of MongoDB on Ubuntu 22.04. We've walked through MongoDB installation, password setup, authentication activation for the database, and access restriction to designated IP addresses or ranges. By diligently following these steps, you can bolster the security of your MongoDB installation, guaranteeing that it remains accessible solely to authorized users.
We trust this tutorial has provided you with a clear understanding of how to both install and secure MongoDB on Ubuntu 22.04. Should you have any additional inquiries, please feel free to reach out; we are here to assist you further.
