Tools

Tools: Ultimate Guide: Install MongoDB on Ubuntu 24.04: Secure Setup with Authentication and UFW

2026-05-04 0 views admin
Tools: Ultimate Guide: Install MongoDB on Ubuntu 24.04: Secure Setup with Authentication and UFW

Prerequisites

Step 1 — Add the MongoDB Repository

Step 2 — Install MongoDB

Step 3 — Create the Admin User

Step 4 — Enable Authentication

Step 5 — Create an Application Database and User

Step 6 — Test Basic CRUD Operations

Step 7 — Configure the Firewall

Useful MongoDB Commands

Conclusion MongoDB is a document database that stores data as flexible JSON-like documents instead of fixed rows and columns. It is commonly used for web applications, REST APIs, content management systems, and real-time analytics where the data model changes frequently. This tutorial walks through installing MongoDB Community Edition on Ubuntu 24.04, enabling authentication, creating an admin user, creating an application database user, testing basic CRUD operations, and securing access with UFW. MongoDB is not included in Ubuntu 24.04's default repositories. To install the latest stable MongoDB Community Edition packages, add the official MongoDB APT repository. Import the MongoDB GPG key: Add the MongoDB repository for Ubuntu 24.04 Noble: Update the package index: You should see the MongoDB repository listed in the output without errors. Note: If you see a GPG key error, verify the key import command and try again. Install the MongoDB Community Edition meta-package: This installs the MongoDB server, shell, tools, and related packages. Enable MongoDB to start automatically on boot: Check the service status: You should see active (running). Check the installed version: If mongod fails to start, check the logs: Note: A common issue on fresh installs is a missing data directory. MongoDB expects /var/lib/mongodb to exist with the correct ownership. Now connect to the MongoDB shell: You should see the MongoDB shell prompt: Type exit to disconnect. Warning: At this point, MongoDB is running without authentication. Anyone with network access could connect, so authentication should be enabled before exposing MongoDB beyond localhost. Before enabling authentication, create an admin user. Connect to the MongoDB shell: Switch to the admin database: Create an admin user: Replace your_strong_admin_password with a strong password. You should see: You can generate a strong password with: Tip: Store the password securely. You will need it when connecting to MongoDB with authentication enabled. By default, MongoDB accepts connections without credentials. On a server, that is a serious security risk. Open the MongoDB configuration file: Find the commented security section and change it to: Note: Make sure authorization: enabled is indented with two spaces. YAML is whitespace-sensitive. Also verify the net section: This configuration makes MongoDB listen only on localhost. Save the file and restart MongoDB: Verify that MongoDB restarted successfully: Now test that authentication is enforced. Connect without credentials: Try to list databases: You should see an authorization error. This confirms that authentication is working. Exit and reconnect with the admin user: Enter your password when prompted. Now this command should work: You should see the admin, config, and local databases. Do not run your application as the admin user. Create a dedicated database and user for each application. While connected as the admin user, switch to a new database: MongoDB creates the database automatically when data is first written to it. Create an application user with read-write access only to this database: Exit and reconnect as the application user: Switch to the application database: This user can read and write in appdb, but does not have access to other databases. Verify that the database works by performing basic Create, Read, Update, and Delete operations. Insert documents into a collection: MongoDB creates the collection automatically. Count documents in the collection: Notice that you did not define a schema or create a table before inserting data. In MongoDB, the schema is implicit in the documents themselves. Clean up the test data: By default, MongoDB listens on port 27017 and accepts connections only from localhost. If your application runs on the same server, you do not need to open the MongoDB port. If you need to allow MongoDB connections from another server on a private network, first update the bind address in /etc/mongod.conf: Replace 10.0.0.5 with your server's private IP address. Restart MongoDB: Then allow access from the application server's private IP range: Warning: Never bind MongoDB to 0.0.0.0 or open port 27017 to the public internet without strict access controls. Unsecured MongoDB instances are actively scanned by automated bots and can be compromised quickly. Common shell commands: User administration commands: Important MongoDB paths: Service management commands: You have installed MongoDB Community Edition on Ubuntu 24.04, created an admin user, enabled authentication, created an application database with a dedicated user, tested the setup with CRUD operations, and configured firewall access. MongoDB is now ready to support applications that need flexible document storage on Ubuntu 24.04. I'm Serdar, co-founder of Raff — affordable and reliable cloud infrastructure built to be the one platform your app needs — compute, storage, and beyond. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

$ -weight: 500;">curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | -weight: 600;">sudo gpg --dearmor -o /usr/share/keyrings/mongodb-server-8.0.gpg -weight: 500;">curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | -weight: 600;">sudo gpg --dearmor -o /usr/share/keyrings/mongodb-server-8.0.gpg -weight: 500;">curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | -weight: 600;">sudo gpg --dearmor -o /usr/share/keyrings/mongodb-server-8.0.gpg echo "deb [signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg] https://repo.mongodb.org/-weight: 500;">apt/ubuntu noble/mongodb-org/8.0 multiverse" | -weight: 600;">sudo tee /etc/-weight: 500;">apt/sources.list.d/mongodb-org-8.0.list echo "deb [signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg] https://repo.mongodb.org/-weight: 500;">apt/ubuntu noble/mongodb-org/8.0 multiverse" | -weight: 600;">sudo tee /etc/-weight: 500;">apt/sources.list.d/mongodb-org-8.0.list echo "deb [signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg] https://repo.mongodb.org/-weight: 500;">apt/ubuntu noble/mongodb-org/8.0 multiverse" | -weight: 600;">sudo tee /etc/-weight: 500;">apt/sources.list.d/mongodb-org-8.0.list -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y mongodb-org -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y mongodb-org -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y mongodb-org -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod mongod --version mongod --version mongod --version db version v8.0.x db version v8.0.x db version v8.0.x -weight: 600;">sudo journalctl -u mongod -e -weight: 600;">sudo journalctl -u mongod -e -weight: 600;">sudo journalctl -u mongod -e db.createUser({ user: "admin", pwd: "your_strong_admin_password", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" } ] }) db.createUser({ user: "admin", pwd: "your_strong_admin_password", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" } ] }) db.createUser({ user: "admin", pwd: "your_strong_admin_password", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" } ] }) openssl rand -base64 24 openssl rand -base64 24 openssl rand -base64 24 -weight: 600;">sudo nano /etc/mongod.conf -weight: 600;">sudo nano /etc/mongod.conf -weight: 600;">sudo nano /etc/mongod.conf security: authorization: enabled security: authorization: enabled security: authorization: enabled net: port: 27017 bindIp: 127.0.0.1 net: port: 27017 bindIp: 127.0.0.1 net: port: 27017 bindIp: 127.0.0.1 -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod mongosh -u admin -p --authenticationDatabase admin mongosh -u admin -p --authenticationDatabase admin mongosh -u admin -p --authenticationDatabase admin db.createUser({ user: "appuser", pwd: "your_app_password", roles: [ { role: "readWrite", db: "appdb" } ] }) db.createUser({ user: "appuser", pwd: "your_app_password", roles: [ { role: "readWrite", db: "appdb" } ] }) db.createUser({ user: "appuser", pwd: "your_app_password", roles: [ { role: "readWrite", db: "appdb" } ] }) mongosh -u appuser -p --authenticationDatabase appdb mongosh -u appuser -p --authenticationDatabase appdb mongosh -u appuser -p --authenticationDatabase appdb db.products.insertMany([ { name: "Starter Plan", price: 5.00, cpu: 1, ram: 1 }, { name: "Growth Plan", price: 20.00, cpu: 2, ram: 4 }, { name: "Scale Plan", price: 60.00, cpu: 8, ram: 16 } ]) db.products.insertMany([ { name: "Starter Plan", price: 5.00, cpu: 1, ram: 1 }, { name: "Growth Plan", price: 20.00, cpu: 2, ram: 4 }, { name: "Scale Plan", price: 60.00, cpu: 8, ram: 16 } ]) db.products.insertMany([ { name: "Starter Plan", price: 5.00, cpu: 1, ram: 1 }, { name: "Growth Plan", price: 20.00, cpu: 2, ram: 4 }, { name: "Scale Plan", price: 60.00, cpu: 8, ram: 16 } ]) db.products.find() db.products.find() db.products.find() db.products.findOne({ name: "Growth Plan" }) db.products.findOne({ name: "Growth Plan" }) db.products.findOne({ name: "Growth Plan" }) db.products.updateOne( { name: "Starter Plan" }, { $set: { price: 6.00 } } ) db.products.updateOne( { name: "Starter Plan" }, { $set: { price: 6.00 } } ) db.products.updateOne( { name: "Starter Plan" }, { $set: { price: 6.00 } } ) db.products.deleteOne({ name: "Scale Plan" }) db.products.deleteOne({ name: "Scale Plan" }) db.products.deleteOne({ name: "Scale Plan" }) db.products.countDocuments() db.products.countDocuments() db.products.countDocuments() db.products.drop() exit db.products.drop() exit db.products.drop() exit net: port: 27017 bindIp: 127.0.0.1,10.0.0.5 net: port: 27017 bindIp: 127.0.0.1,10.0.0.5 net: port: 27017 bindIp: 127.0.0.1,10.0.0.5 -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo ufw allow from 10.0.0.0/24 to any port 27017 -weight: 600;">sudo ufw allow from 10.0.0.0/24 to any port 27017 -weight: 600;">sudo ufw allow from 10.0.0.0/24 to any port 27017 show dbs // List all databases use dbname // Switch to a database show collections // List collections in current database db.collection.find() // List all documents db.collection.find().pretty() // Formatted output db.collection.countDocuments() // Count documents db.collection.createIndex({ field: 1 }) // Create an index db.stats() // Database statistics db.collection.stats() // Collection statistics show dbs // List all databases use dbname // Switch to a database show collections // List collections in current database db.collection.find() // List all documents db.collection.find().pretty() // Formatted output db.collection.countDocuments() // Count documents db.collection.createIndex({ field: 1 }) // Create an index db.stats() // Database statistics db.collection.stats() // Collection statistics show dbs // List all databases use dbname // Switch to a database show collections // List collections in current database db.collection.find() // List all documents db.collection.find().pretty() // Formatted output db.collection.countDocuments() // Count documents db.collection.createIndex({ field: 1 }) // Create an index db.stats() // Database statistics db.collection.stats() // Collection statistics db.getUsers() // List users in current database db.createUser({...}) // Create a user db.dropUser("username") // Delete a user db.shutdownServer() // Graceful shutdown from admin db db.getUsers() // List users in current database db.createUser({...}) // Create a user db.dropUser("username") // Delete a user db.shutdownServer() // Graceful shutdown from admin db db.getUsers() // List users in current database db.createUser({...}) // Create a user db.dropUser("username") // Delete a user db.shutdownServer() // Graceful shutdown from admin db /etc/mongod.conf Main configuration file /var/lib/mongodb/ Data directory /var/log/mongodb/mongod.log Log file /etc/mongod.conf Main configuration file /var/lib/mongodb/ Data directory /var/log/mongodb/mongod.log Log file /etc/mongod.conf Main configuration file /var/lib/mongodb/ Data directory /var/log/mongodb/mongod.log Log file -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">stop mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">stop mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">stop mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart mongod -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status mongod - An Ubuntu 24.04 VPS or cloud server - A non-root user with -weight: 600;">sudo privileges - UFW installed and configured - At least 2 vCPU and 4 GB RAM for a comfortable MongoDB setup - Connect a Node.js application using the official MongoDB Node.js driver or Mongoose - Connect a Python application using PyMongo - Set up automated backups with mongodump - Create indexes on frequently queried fields - Monitor MongoDB with Prometheus and Grafana using the MongoDB exporter - Manage MongoDB alongside other services using tools such as Portainer

🏷️ Tags

toolsutilitiessecurity toolsultimateguideinstallmongodbubuntusecuresetup

More from Tools

Tools: Update: How to Deploy Llama 3.2 Vision with vLLM on a $20/Month DigitalOcean GPU Droplet: Multimodal AI at 1/100th API Cost

Tools: Update: How to Deploy Llama 3.2 Vision with vLLM on a $20/Month DigitalOcean GPU Droplet: Multimodal AI at 1/100th API Cost

2026-05-04 0
Tools: Moving Data from MySQL to BigQuery (Without Turning It Into a Side Project) (2026)

Tools: Moving Data from MySQL to BigQuery (Without Turning It Into a Side Project) (2026)

2026-05-04 0
Tools: Tar en macOS destroza archivos en Linux: lo validé en mi pipeline real de Railway y documenté los 3 casos que nadie menciona

Tools: Tar en macOS destroza archivos en Linux: lo validé en mi pipeline real de Railway y documenté los 3 casos que nadie menciona

2026-05-04 0
Tools: macOS tar destroys files on Linux: I validated it in my real Railway pipeline and documented the 3 cases nobody mentions - Guide

Tools: macOS tar destroys files on Linux: I validated it in my real Railway pipeline and documented the 3 cases nobody mentions - Guide

2026-05-04 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views