How to Install and Secure MongoDB 3.6 on Ubuntu 17.10

This tutorial guides you through the installation of MongoDB.

Photo by Samuel Zeller on Unsplash

MongoDB is an open-source document database (NoSQL) that provides high performance and is commonly used for scalable web applications.

Before you install MongoDB, you may be interested in creating a sudo users on your VM. Check out my other tutorial to learn how to create a user with root privileges on Ubuntu. Use this user to install applications going forward.

I’ve personally installed MongoDB on an Ubuntu droplet with DigitalOcean. They offer excellent infrastructure (data centers around the world) and extensive documentation. If you want to start a droplet with a $100 credit, simply follow this link:

DigitalOcean - The developer cloud

1. Import the public key used by the package management system

The Ubuntu package management tools (i.e. dpkg and apt) ensure package consistency and authenticity by requiring that distributors sign packages with GPG keys.

Issue the following command to import the MongoDB public GPG Key:

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5

2. Create a list file for MongoDB

Create the /etc/apt/sources.list.d/mongodb-org-3.6.list list file using the command appropriate for Ubuntu 17.10:

$ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list

3. Reload local package database and install MongoDB

Reload the local package database with this command:

$ sudo apt-get update

Then install MongoDB:

$ sudo apt-get install -y mongodb-org

4. Verify that MongoDB runs and starts at system reboot

Next, start MongoDB with systemctl.

$ sudo systemctl start mongod

You can also use systemctl to check that the service has started properly.

$ sudo systemctl status mongod

The output is likely going to look something like this:

● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/lib/systemd/system/mongod.service; disabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-06 09:33:09 UTC; 1min 31s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 16479 (mongod)
    Tasks: 23
   Memory: 68.8M
      CPU: 393ms
   CGroup: /system.slice/mongod.service
           └─16479 /usr/bin/mongod --config /etc/mongod.conf

If the previous status check command runs into any errors, check if mongod.service exists in the system’s services directory by using ls /lib/systemd/system

The last step of the installation process is to enable the automatic launch of MongoDB when the system starts.

$ sudo systemctl enable mongod

The MongoDB server is now installed and running. You can manage the MongoDB service using the systemctl commands. For example sudo systemctl mongod stop to stop the service or sudo systemctl mongod start to start it again.

5. Create a new MongoDB admin user

If you were to run the mongo command in the terminal, you will most likely notice a warning looking something like this:

2018–01–06T09:33:09.397+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018–01–06T09:33:09.397+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.

We will now create a new MongoDB admin user to rectify the situation. If not already done, connect to your MongoDB again using the mongo command and after the > sign, add these queries (replace the user and pwd values with your own):

use admin
db.createUser({
  user: "matt",
  pwd: "yourPassword",
  roles: [
    { role: "dbAdminAnyDatabase", db: "admin" },
    { role: "userAdminAnyDatabase", db: "admin" },
  ]
})

This switches to the admin database and creates a new user with dbAdminAnyDatabase and userAdminAnyDatabase roles therein. Find out more about these two roles in the official MongoDB documentation.

Optionally, you may want to give the user root permission. You can do so using the root role by replacing dbAdminAnyDatabase with root in the above query.

6. Secure database access control on MongoDB

To remove the aforementioned warning message, we will now modify the MongoDB configuration slightly. Edit the mongod.conf with this command:

$ sudo nano /etc/mongod.conf

Below the #security comment, add the following lines:

security:
  authorization: "enabled"

Then restart the MongoDB service:

$ sudo service mongod restart

Now your database is secured with username and password and the warning message should have disappeared upon your next connection to MongoDB. Try to connect to your database using the new user we created earlier. Replace with your login credentials, but leave the quotation marks intact:

$ mongo -u “matt” -p “yourPassword” --authenticationDatabase “admin”

Congratulations! You have now installed and secured your MongoDB service. Proceed to the next tutorial if you want to add individual users and privileges to a MongoDB database. As a reminder, if you want a $50 credit when signing up with DigitalOcean, just use this link and you should be set.