So I finally decided to take my server online but not without a few hiccups.
The problem is I wanted to begin with mLabs but somehow my firewall was blocking it. So I decided to host it on my server and connect directly into it.
Installing it was not a problem. If you are used to Ubuntu or a linux OS, you would be very familiar with it. Although you would need to add few firewall rules as you don’t want everyone to access your instance remotely. So at the end we will add our own IP to the firewall rule.
Step 1 — Adding the MongoDB Repository
MongoDB is already included in Ubuntu package repositories, but the official MongoDB repository provides most up-to-date version and is the recommended way of installing the software. In this step, we will add this official repository to our server.
Ubuntu ensures the authenticity of software packages by verifying that they are signed with GPG keys, so we first have to import they key for the official MongoDB repository.
- sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv EA312927
After successfully importing the key, you will see:
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Next, we have to add the MongoDB repository details so apt
will know where to download the packages from.
Issue the following command to create a list file for MongoDB.
- echo “deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
After adding the repository details, we need to update the packages list.
- sudo apt-get update
Step 2 — Installing and Verifying MongoDB
Now we can install the MongoDB package itself.
- sudo apt-get install -y mongodb-org
This command will install several packages containing latest stable version of MongoDB along with helpful management tools for the MongoDB server.
In order to properly launch MongoDB as a service on Ubuntu 16.04, we additionally need to create a unit file describing the service. A unit file tells systemd
how to manage a resource. The most common unit type is a service, which determines how to start or stop the service, when should it be automatically started at boot, and whether it is dependent on other software to run.
We’ll create a unit file to manage the MongoDB service. Create a configuration file named mongodb.service
in the /etc/systemd/system
directory using nano
or your favorite text editor.
- sudo nano /etc/systemd/system/mongodb.service
Paste in the following contents, then save and close the file.
[Unit]
Description=High-performance, schema-free document-oriented database
After=network.target
[Service]
User=mongodb
ExecStart=/usr/bin/mongod --quiet --config /etc/mongod.conf
[Install]
WantedBy=multi-user.target
This file has a simple structure:
- The Unit section contains the overview (e.g. a human-readable description for MongoDB service) as well as dependencies that must be satisfied before the service is started. In our case, MongoDB depends on networking already being available, hence
network.target
here. - The Service section how the service should be started. The
User
directive specifies that the server will be run under themongodb
user, and theExecStart
directive defines the startup command for MongoDB server. - The last section, Install, tells
systemd
when the service should be automatically started. Themulti-user.target
is a standard system startup sequence, which means the server will be automatically started during boot.
Next, start the newly created service with systemctl
.
- sudo systemctl start mongodb
While there is no output to this command, you can also use systemctl
to check that the service has started properly.
- sudo systemctl status mongodb
● mongodb.service - High-performance, schema-free document-oriented database
Loaded: loaded (/etc/systemd/system/mongodb.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2016-04-25 14:57:20 EDT; 1min 30s ago
Main PID: 4093 (mongod)
Tasks: 16 (limit: 512)
Memory: 47.1M
CPU: 1.224s
CGroup: /system.slice/mongodb.service
└─4093 /usr/bin/mongod --quiet --config /etc/mongod.conf
The last step is to enable automatically starting MongoDB when the system starts.
- sudo systemctl enable mongodb
The MongoDB server now configured and running, and you can manage the MongoDB service using the systemctl
command (e.g. sudo systemctl mongodb stop
, sudo systemctl mongodb start
).
Step 3 — Adjusting the Firewall (Optional)
Assuming you have followed the initial server setup tutorial instructions to enable the firewall on your server, MongoDB server will be inaccessible from the internet.
If you intend to use the MongoDB server only locally with applications running on the same server, it is a recommended and secure setting. However, if you would like to be able to connect to your MongoDB server from the internet, we have to allow the incoming connections in ufw
.
To allow access to MongoDB on its default port 27017
from everywhere, you could use sudo ufw allow 27017
. However, enabling internet access to MongoDB server on a default installation gives unrestricted access to the whole database server.
in most cases, MongoDB should be accessed only from certain trusted locations, such as another server hosting an application. To accomplish this task, you can allow access on MongoDB’s default port while specifying the IP address of another server that will be explicitly allowed to connect.
- sudo ufw allow from your_other_server_ip/32 to any port 27017
You can verify the change in firewall settings with ufw
.
- sudo ufw status
You should see traffic to 27017
port allowed in the output.If you have decided to allow only a certain IP address to connect to MongoDB server, the IP address of the allowed location will be listed instead of Anywhere in the output.
Status: active
To Action From
-- ------ ----
27017 ALLOW Anywhere
OpenSSH ALLOW Anywhere
27017 (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
More advanced firewall settings for restricting access to services are described in UFW Essentials: Common Firewall Rules and Commands.
Now we have successfully installed the DB on our server. The second part is how to access it.
You can’t just use the direct IP and login. What we will do is SSH into our VPS and connect as a localhost. Simple 🙂
In the “Connection” panel:
Address – localhost
Port – 27017
in the “SSH” panel:
Address – <your_ip_or_fqdn>:22
and use a private key auth or your password.
This will connect via port 22 and redirect traffic sent to port 27017
Mongo on your droplet is set to respond only to traffic from localhost which is where the ssh tunnel comes in handy. Running db.serverCmdLineOpts()
from the mongoshell will tell you what it is bound to.
There is another “LESS” secure way to connect which I don’t recommend. But if you are dev testing your app to your remote server, this might be the way to go.
You need to change the Bind IP option
Bind IP is a MongoDB option that restricts connections to specifics IPs.
Have a look at your mongod configuration file, most of the time bind.ip is set to 127.0.0.1 for obvious security reasons. You can:
- Add your desired IP by concatenating a list of comma separated values to bind MongoDB to multiple IP addresses.
- Remove or comment (with # character) the bind_ip line. But be aware that all remote connection will be able to connect your MongoDB server!
More about bind_ip configuration option: https://docs.mongodb.com/manual/reference/configuration-options/#net.bindIp
Bind IP can also be set as a command argument: http://docs.mongodb.org/manual/reference/program/mongod/#cmdoption–bind_ip
SSH into your server:
nano /etc/mongod.conf
Comment your bindIp snippet in the file. This is how it should look now:
network interfaces
net:
port: 27017
# bindIp: 127.0.0.1
You can also add your specific IP to bind IP. This actually is the better way to do it. As you will only be able to access it from your machine/IP. Change it to look like this:
network interfaces
net:
port: 27017
# bindIp: 127.0.0.1,your_ip_address_goes_here