inchirags@gmail.com Chirag's MongoDB DBA Tutorial https://www.chirags.in
*****************************************************************************************
*Install MongoDB 8, Authentication and allow access from remote server on AlmaLinux-9.4*
*****************************************************************************************
MongoDB Database server:
Server IP: 192.168.224.159
Part 1:
MongoDB Database - Install and access from mongoDB compass from Windows step by step process
Step 1: Install MongoDB Community Edition in AlmaLinux-9.4
Follow these steps to install MongoDB Community Edition using the yum package manager.
1. Configure the Repository
Create a /etc/yum.repos.d/mongodb-org-8.0.repo file so that you can install MongoDB directly using yum:
$ vi /etc/yum.repos.d/mongodb-org-8.0.repo
[mongodb-org-8.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc
2. Install MongoDB Community Server
To install the latest stable version of MongoDB, issue the following command:
$ sudo yum install -y mongodb-org
Alternatively, to install a specific release of MongoDB, specify each component package individually and append the version number to the package name, as in the following example:
$ sudo yum install -y mongodb-org-8.0.0 mongodb-org-database-8.0.0 mongodb-org-server-8.0.0 mongodb-mongosh mongodb-org-mongos-8.0.0 mongodb-org-tools-8.0.0
3. Directory Paths
To Use Default Directories
By default, MongoDB runs using the mongod user account and uses the following default directories:
/var/lib/mongo (the data directory)
/var/log/mongodb (the log directory)
The package manager creates the default directories during installation. The owner and group name are mongod.
To Use Non-Default Directories
To use a data directory and/or log directory other than the default directories:
Create the new directory or directories.
Edit the configuration file /etc/mongod.conf and modify the following fields accordingly:
storage.dbPath to specify a new data directory path (e.g. /some/data/directory)
systemLog.path to specify a new log file path (e.g. /some/log/directory/mongod.log)
Ensure that the user running MongoDB has access to the directory or directories:
sudo chown -R mongod:mongod <directory>
If you change the user that runs the MongoDB process, you must give the new user access to these directories.
Configure SELinux if enforced.
Install the SELinux Policy
Ensure you have the following packages installed:
sudo yum install git make checkpolicy policycoreutils selinux-policy-devel
Download the policy repository.
git clone https://github.com/mongodb/mongodb-selinux
Build the policy.
cd mongodb-selinux
make
Apply the policy.
sudo make install
Init System
To run and manage your mongod process, you will be using your operating system's built-in init system. Recent versions of Linux tend to use systemd (which uses the systemctl command), while older versions of Linux tend to use System V init (which uses the service command).
If you are unsure which init system your platform uses, run the following command:
ps --no-headers -o comm 1
Then select the appropriate tab below based on the result:
systemd - select the systemd (systemctl) tab below.
init - select the System V Init (service) tab below.
Start MongoDB.
You can start the mongod process by issuing the following command:
sudo systemctl start mongod
If you receive an error similar to the following when starting mongod:
Failed to start mongod.service: Unit mongod.service not found.
Run the following command first:
sudo systemctl daemon-reload
Then run the start command above again.
2. Verify that MongoDB has started successfully.
You can verify that the mongod process has started successfully by issuing the following command:
sudo systemctl status mongod
You can optionally ensure that MongoDB will start following a system reboot by issuing the following command:
sudo systemctl enable mongod
3. Stop MongoDB.
As needed, you can stop the mongod process by issuing the following command:
sudo systemctl stop mongod
4. Restart MongoDB.
You can restart the mongod process by issuing the following command:
sudo systemctl restart mongod
You can follow the state of the process for errors or important messages by watching the output in the /var/log/mongodb/mongod.log file.
tail -f /var/log/mongodb/mongod.log
5. Begin using MongoDB.
Start a mongosh session on the same host machine as the mongod. You can run mongosh without any command-line options to connect to a mongod that is running on your localhost with default port 27017.
mongosh
Part 2:
To allow MongoDB connections from a remote server or IP address, you'll need to make some changes to the MongoDB configuration and ensure that your system firewall or cloud security settings permit access. Here's a step-by-step guide on how to do this:
1. Modify MongoDB Configuration (mongod.conf)
MongoDB by default binds to localhost (127.0.0.1), which means it's only accessible locally. To allow remote connections, you'll need to modify the bind IP in the MongoDB configuration file (mongod.conf).
Steps:
Locate the mongod.conf file:
On Linux, it's typically located at /etc/mongod.conf.
Edit the mongod.conf file: Open the file in your preferred text editor.
Look for the following line under the net section:
sudo vi /etc/mongod.conf
bindIp: 127.0.0.1
Modify it to bind to all IP addresses (or specify specific IP addresses). To allow connections from any IP:
bindIp: 0.0.0.0
If you want to restrict access to a specific IP (e.g., 192.168.1.100), set it as follows:
bindIp: 127.0.0.1,192.168.1.100
Save the changes.
2. Open MongoDB Port (Default: 27017) in Firewall
MongoDB typically uses port 27017. You need to ensure this port is open on your server.
For Linux with AlmaLinux:
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.3" port protocol="tcp" port=" 27017 " accept'
Reload Service:
sudo firewall-cmd --reload
If you are using cloud services (AWS, Azure, etc.), make sure the security group or firewall rule allows access to port 27017 from the remote IPs.
3. Restart MongoDB
After modifying the mongod.conf file, restart the MongoDB service for the changes to take effect.
sudo systemctl restart mongod
4. Configure MongoDB User Authentication (Optional but Recommended)
Allowing remote access makes your MongoDB instance more vulnerable to unauthorized access. It’s highly recommended to set up user authentication to secure your database.
Create an Admin User:
Start the MongoDB shell:
mongosh
Switch to the admin database:
use admin
Create an admin user with username and password:
db.createUser({
user: "admin",
pwd: "admin@123",
roles: [{ role: "userAdminAnyDatabase", db: "admin" }]
});
Enable authorization by adding the following line to mongod.conf:
security:
authorization: enabled
Restart MongoDB for the changes to take effect.
5. Connect to MongoDB Remotely
Now that MongoDB is configured to allow remote connections, you can connect from a remote machine.
To allow access to port 27017 from any IP address (less secure):
sudo firewall-cmd --zone=public --add-port=27017/tcp --permanent
To allow access to port 27017 only from a specific IP address (more secure):
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.x.x" port protocol="tcp" port="27017" accept' --permanent
Reload Firewalld
After adding the rules, reload firewalld to apply the changes:
sudo firewall-cmd --reload
6. Verify the Rule
You can verify that the rule has been added successfully by running:
sudo firewall-cmd --list-all
6. Test Remote Connection
Try to connect to MongoDB from a remote machine using the mongosh shell or a MongoDB client like MongoDB Compass.
Example (From Command Line):
mongosh --host <remote-ip> --port 27017
For any doubts and query, please write on YouTube video comments section.
Note : Flow the Process shown in video.
Please, Subscribe and like for more videos:
https://youtube.com/@chiragstutorial
Don't forget to, Follow, Like, Share &, Comment
Thanks & Regards,
Chitt Ranjan Mahto "Chirag"
_________________________________________________________________________________________
Note: All scripts used in this demo will be available in our website.
Link will be available in description.
