MongoDB is a cross-platform NoSQL database system written in C++. MongoDB is different from traditional table-based SQL databases like MySQL and PostgreSQL and is specially designed for high-volume data storage. MongoDB uses JSON-like documents with dynamic schemas and does not require a predefined schema before you add data to a database. MongoDB is free, open-source, and comes with a rich set of features including, storage, data replication, Ad-hoc queries, load balancing, and many more.
In this tutorial, we will explain how to install and secure MongoDB on CentOS 8.
Step 1 – Add the MongoDB Repository
By default, MongoDB is not available in the CentOS 8 default repository, so you will need to create a repo file for MongoDB.
You can create it with the following command:
nano /etc/yum.repos.d/mongodb-org.repo
Add the following lines:
[mongodb-org-4.2] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
Save and close the file when you are finished. Next, you can proceed to install MongoDB in your system.
Step 2 – Install MongoDB
Now, you can install the MongoDB by simply running the following command:
dnf install mongodb-org -y
Once the installation has been completed, start the MongoDB service and enable it to start after system reboot with the following command:
systemctl start mongod systemctl enable mongod
You can now check the status of the MongoDB service using the following command:
systemctl status mongod
You should see the following output:
● mongod.service - MongoDB Database Server Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2020-04-10 10:58:18 EDT; 7s ago Docs: https://docs.mongodb.org/manual Process: 2904 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=0/SUCCESS) Process: 2902 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS) Process: 2899 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS) Process: 2897 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS) Main PID: 2906 (mongod) Memory: 77.0M CGroup: /system.slice/mongod.service └─2906 /usr/bin/mongod -f /etc/mongod.conf Apr 10 10:58:17 centos8 systemd[1]: Starting MongoDB Database Server... Apr 10 10:58:17 centos8 mongod[2904]: about to fork child process, waiting until server is ready for connections. Apr 10 10:58:17 centos8 mongod[2904]: forked process: 2906 Apr 10 10:58:18 centos8 mongod[2904]: child process started successfully, parent exiting Apr 10 10:58:18 centos8 systemd[1]: Started MongoDB Database Server.
Now, MongoDB is running and listening on port 27017. You can verify it with the following command:
netstat -pnltu | grep 27017
You should get the following output:
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 2906/mongod
You can also access the MongoDB shell with the following command:
mongo
You should get the following output:
MongoDB shell version v4.2.5 connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb Implicit session: session { "id" : UUID("b0f7656f-f939-4f50-87d2-01cbeca0849a") } MongoDB server version: 4.2.5 Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user Server has startup warnings: 2020-04-10T10:58:18.521-0400 I CONTROL [initandlisten] 2020-04-10T10:58:18.521-0400 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2020-04-10T10:58:18.521-0400 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2020-04-10T10:58:18.521-0400 I CONTROL [initandlisten] 2020-04-10T10:58:18.521-0400 I CONTROL [initandlisten] 2020-04-10T10:58:18.521-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2020-04-10T10:58:18.521-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2020-04-10T10:58:18.522-0400 I CONTROL [initandlisten] --- Enable MongoDB's free cloud-based monitoring service, which will then receive and display metrics about your deployment (disk utilization, CPU, operation statistics, etc). The monitoring data will be available on a MongoDB website with a unique URL accessible to you and anyone you share the URL with. MongoDB may use this information to make product improvements and to suggest MongoDB products and deployment options to you. To enable free monitoring, run the following command: db.enableFreeMonitoring() To permanently disable this reminder, run the following command: db.disableFreeMonitoring() ---
You can exit from the MongoDB shell with the following command:
>exit
Step 3 – Enable MongoDB Authentication
By default, authentication is disabled in MongoDB. Any user can interact with the database, and create and destroy databases. It is a good idea to enable authentication in MongoDB. You can enable it by editing mongod.conf file:
nano /etc/mongod.conf
Add the following line at the end of the file:
security: authorization: enabled
Save and close the file when you are finished. Then, restart the MongoDB service to apply the changes:
systemctl restart mongod
Step 4 – Create a MongoDB Admin User
Next, you will need to create an administrative user with all privileges to perform administrative tasks.
First, access the MongoDB shell with the following command:
mongo
You should get the following output:
MongoDB shell version v4.2.5 connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb Implicit session: session { "id" : UUID("09e0e028-cd26-4f9d-9270-52b938925f99") } MongoDB server version: 4.2.5
Next, change the database to admin with the following command:
> use admin
Next, create a MongoDB admin user called myadmin with the following command:
> db.createUser( { user: "myadmin", pwd: "password", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
Once the user has been created, you should get the following output:
Successfully added user: { "user" : "myadmin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
Next, exit from the MongoDB shell with the following command:
>exit
Step 5 – Verify MongoDB Authentication
At this point, MongoDB is configured with authentication. Now you will be required to provide a username and password before interacting with MongoDB.
Next, connect the MongoDB without authentication:
mongo
You should get the following output:
MongoDB shell version v4.2.5 connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb Implicit session: session { "id" : UUID("fecf1846-13fd-4959-91da-5cf323781e13") } MongoDB server version: 4.2.5
Now, run the following command to list MongoDB users:
> show users
You should get the following error:
2020-04-10T11:08:04.598-0400 E QUERY [js] uncaught exception: Error: command usersInfo requires authentication : _getErrorWithCode@src/mongo/shell/utils.js:25:13 DB.prototype.getUsers@src/mongo/shell/db.js:1638:15 shellHelper.show@src/mongo/shell/utils.js:883:9 shellHelper@src/mongo/shell/utils.js:790:15 @(shellhelp2):1:1
This demonstrates that you can not list the users without authenticating.
Now, exit from MongoDB with the following command:
>exit
Step 6 – Access MongoDB with Administrative User
Now, let’s connect to the MongoDB with the administrative user:
mongo -u myadmin -p --authenticationDatabase admin
You will be asked to provide your admin password as shown below:
MongoDB shell version v4.2.5 Enter password:
Provide your admin password and hit Enter. You should get the following output:
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb Implicit session: session { "id" : UUID("a39f723c-f1b5-4c93-9e67-ff82379dfb62") } MongoDB server version: 4.2.5
Next, change the database to admin and list the users with the following command:
> use admin > show users
You should get the following output:
{ "_id" : "admin.myadmin", "userId" : UUID("bcd920c1-63fd-4b82-a8a6-eb6515d51a34"), "user" : "myadmin", "db" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ], "mechanisms" : [ "SCRAM-SHA-1", "SCRAM-SHA-256" ] }
Now, exit from the MongoDB shell with the following output:
> exit
Conclusion
In the above guide, we learned how to install MongoDB on CentOS 8. We have also shown how to enable MongoDB authentication and create an administrative user. Your MongoDB on your Atlantic.Net VPS is now secured with username and password – if you don’t have a VPS from Atlantic.Net, get started with VPS hosting today to install MongoDB!