408 views
asked in MongoDB by
Install MongoDB 8, Authentication and allow access from remote server on AlmaLinux-9.4

1 Answer

answered by

inchirags@gmail.com   Chirag's MongoDB DBA Tutorial        https://www.chirags.in

*****************************************************************************************

*Install MongoDB 8, Authentication and allow access from remote server on AlmaLinux-9.4*

*****************************************************************************************

https://youtu.be/BSxnQuzWSq8

MongoDB Database server:

Server IP: 192.168.224.159

Part 1:

MongoDB Database - Install and access from mongoDB compass from Windows step by step process

Step 1: Install MongoDB Community Edition in AlmaLinux-9.4

Follow these steps to install MongoDB Community Edition using the yum package manager.

1. Configure the Repository

Create a /etc/yum.repos.d/mongodb-org-8.0.repo file so that you can install MongoDB directly using yum:

$ vi /etc/yum.repos.d/mongodb-org-8.0.repo

[mongodb-org-8.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc

2. Install MongoDB Community Server

To install the latest stable version of MongoDB, issue the following command:

$ sudo yum install -y mongodb-org

Alternatively, to install a specific release of MongoDB, specify each component package individually and append the version number to the package name, as in the following example:

$ sudo yum install -y mongodb-org-8.0.0 mongodb-org-database-8.0.0 mongodb-org-server-8.0.0 mongodb-mongosh mongodb-org-mongos-8.0.0 mongodb-org-tools-8.0.0

3. Directory Paths

To Use Default Directories

By default, MongoDB runs using the mongod user account and uses the following default directories:

/var/lib/mongo (the data directory)

/var/log/mongodb (the log directory)

The package manager creates the default directories during installation. The owner and group name are mongod.

To Use Non-Default Directories

To use a data directory and/or log directory other than the default directories:

Create the new directory or directories.

Edit the configuration file /etc/mongod.conf and modify the following fields accordingly:

storage.dbPath to specify a new data directory path (e.g. /some/data/directory)

systemLog.path to specify a new log file path (e.g. /some/log/directory/mongod.log)

Ensure that the user running MongoDB has access to the directory or directories:

sudo chown -R mongod:mongod <directory>

If you change the user that runs the MongoDB process, you must give the new user access to these directories.

Configure SELinux if enforced.

Install the SELinux Policy

Ensure you have the following packages installed:

sudo yum install git make checkpolicy policycoreutils selinux-policy-devel

Download the policy repository.

git clone https://github.com/mongodb/mongodb-selinux

Build the policy.

cd mongodb-selinux

make

Apply the policy.

sudo make install

Init System

To run and manage your mongod process, you will be using your operating system's built-in init system. Recent versions of Linux tend to use systemd (which uses the systemctl command), while older versions of Linux tend to use System V init (which uses the service command).

If you are unsure which init system your platform uses, run the following command:

ps --no-headers -o comm 1

Then select the appropriate tab below based on the result:

systemd - select the systemd (systemctl) tab below.

init - select the System V Init (service) tab below.

Start MongoDB.

You can start the mongod process by issuing the following command:

sudo systemctl start mongod

If you receive an error similar to the following when starting mongod:

Failed to start mongod.service: Unit mongod.service not found.

Run the following command first:

sudo systemctl daemon-reload

Then run the start command above again.

2. Verify that MongoDB has started successfully.

You can verify that the mongod process has started successfully by issuing the following command:

sudo systemctl status mongod

You can optionally ensure that MongoDB will start following a system reboot by issuing the following command:

sudo systemctl enable mongod

3. Stop MongoDB.

As needed, you can stop the mongod process by issuing the following command:

sudo systemctl stop mongod

4. Restart MongoDB.

You can restart the mongod process by issuing the following command:

sudo systemctl restart mongod

You can follow the state of the process for errors or important messages by watching the output in the /var/log/mongodb/mongod.log file.

tail -f /var/log/mongodb/mongod.log

5. Begin using MongoDB.

Start a mongosh session on the same host machine as the mongod. You can run mongosh without any command-line options to connect to a mongod that is running on your localhost with default port 27017.

mongosh

Part 2: 

To allow MongoDB connections from a remote server or IP address, you'll need to make some changes to the MongoDB configuration and ensure that your system firewall or cloud security settings permit access. Here's a step-by-step guide on how to do this:

1. Modify MongoDB Configuration (mongod.conf)

MongoDB by default binds to localhost (127.0.0.1), which means it's only accessible locally. To allow remote connections, you'll need to modify the bind IP in the MongoDB configuration file (mongod.conf).

Steps:

Locate the mongod.conf file:

On Linux, it's typically located at /etc/mongod.conf.

Edit the mongod.conf file: Open the file in your preferred text editor.

Look for the following line under the net section:

sudo vi /etc/mongod.conf

bindIp: 127.0.0.1

Modify it to bind to all IP addresses (or specify specific IP addresses). To allow connections from any IP:

bindIp: 0.0.0.0

If you want to restrict access to a specific IP (e.g., 192.168.1.100), set it as follows:

bindIp: 127.0.0.1,192.168.1.100

Save the changes.

2. Open MongoDB Port (Default: 27017) in Firewall

MongoDB typically uses port 27017. You need to ensure this port is open on your server.

For Linux with AlmaLinux:

sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.3" port protocol="tcp" port=" 27017 " accept'

Reload Service:

sudo firewall-cmd --reload

If you are using cloud services (AWS, Azure, etc.), make sure the security group or firewall rule allows access to port 27017 from the remote IPs.

3. Restart MongoDB

After modifying the mongod.conf file, restart the MongoDB service for the changes to take effect.

sudo systemctl restart mongod

4. Configure MongoDB User Authentication (Optional but Recommended)

Allowing remote access makes your MongoDB instance more vulnerable to unauthorized access. It’s highly recommended to set up user authentication to secure your database.

Create an Admin User:

Start the MongoDB shell:

mongosh

Switch to the admin database:

use admin

Create an admin user with username and password:

db.createUser({
  user: "admin",
  pwd: "admin@123",
  roles: [{ role: "userAdminAnyDatabase", db: "admin" }]
});

Enable authorization by adding the following line to mongod.conf:

security:
  authorization: enabled

Restart MongoDB for the changes to take effect.

5. Connect to MongoDB Remotely

Now that MongoDB is configured to allow remote connections, you can connect from a remote machine.

To allow access to port 27017 from any IP address (less secure):

sudo firewall-cmd --zone=public --add-port=27017/tcp --permanent

To allow access to port 27017 only from a specific IP address (more secure):

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.x.x" port protocol="tcp" port="27017" accept' --permanent

Reload Firewalld

After adding the rules, reload firewalld to apply the changes:

sudo firewall-cmd --reload

6. Verify the Rule

You can verify that the rule has been added successfully by running:

sudo firewall-cmd --list-all

6. Test Remote Connection

Try to connect to MongoDB from a remote machine using the mongosh shell or a MongoDB client like MongoDB Compass.

Example (From Command Line):

mongosh --host <remote-ip> --port 27017

For any doubts and query, please write on YouTube video comments section.

Note : Flow the Process shown in video.

Please, Subscribe and like for more videos:

https://youtube.com/@chiragstutorial

Don't forget to, Follow, Like,  Share &, Comment

Thanks & Regards,

Chitt Ranjan Mahto "Chirag"

_________________________________________________________________________________________

Note: All scripts used in this demo will be available in our website.

Link will be available in description.

Most popular tags

laravel postgresql laravel-10 replication ha postgresql mongodb laravel-11 mongodb database mongodb tutorial ubuntu 24.04 lts streaming-replication mysql database laravel postgresql backup laravel login register logout database mysql php laravel 11 - login with otp valid for 10 minutes. user and admin registration user and admin login multiauth technlogy asp.net asp.net c# mysql master slave replication centos linux laravel sql server schedule backup autobackup postgresql django python haproxy load balancer install self sign ssl laravel 11 gaurds zabbix 7 how to install graylog on ubuntu 24.04 lts | step-by-step asp.net core mvc .net mvc network upload c# ssl integration sql server on ubuntu 22.04 lts mssql server ms sql server sql server user access in postgres mysql password change cent os linux configure replica laravel 11 socialite login with google account google login kubernetes (k8s) install nginx load balancer install install and configure .net 8.0 in ubuntu 24.04 lts php in iis php with iis php tutorial chirags php tutorials chirags php tutorial chirags tutorial laravel 11 guards mongodb sharding metabase business analytics metabase postgresql 16 to postgresql 17 postgresql migration letsencrypt mongodb crud rocky linux laravel custom captcha laravel 11 captcha laravel captcha mongo dll php.ini debian 12 nginx apache nextcloud gitea in ubuntu git gitea npm error node js mysql ndb cluster mysql cluster ssl oracle login register logout in python debian windows shell batch file bat file time stamp date time shopping cart in laravel centos rhel swap memeory rhel 5.5
...