For installing MongoDB on a Linux operating system, you first need to add the MongoDB repositories to your system.
Linux Redhat / CentOS
Step 1: You need to add the following information into the file /etc/yum.repos.d/mongodb-org.repo. Currently, the latest version is 4.0. If a different version is released later, you will need to add the repository for that version. You can find the latest MongoDB version from here.
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
Step 2: Installation
yum install -y mongodb-org
Ubuntu
Step 1: Import the public key for the MongoDB service into your operating system
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
Step 2: You need to add the following information into the file /etc/apt/sources.list.d/mongodb-org.list.
For Ubuntu 14.04:
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
For Ubuntu 16.04:
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
Step 3: Update the packages
sudo apt-get update
Step 4: Installation
sudo apt-get install -y mongodb-org
I'll continue with CentOS for this topic. After the installation process, you can start the service by issuing the command service mongod start
. MongoDB installation is complete and ready to use. You can enter the MongoDB shell by issuing the command mongo in the terminal. As mentioned in the previous section, MongoDB is generally managed via the shell, and by default, it allows connections to the service without asking for a username or password. If you want to access this service from outside, you should restrict the IP addresses with iptables and, most importantly, increase the security of the MongoDB service by defining a username and password.
How to Define Username and Password for MongoDB Service?
First, we enter the MongoDB command line with the mongo command. By default, there is an admin database that comes with the initial installation. We need to select this database.
use admin
After selecting the database, we need to create a user who will be authorized for this database.
db.createUser(
{
user: "yourusername",
pwd: "yourpassword",
roles: ["readWrite","dbAdmin"]
}
)
The roles part specifies the permissions of the added user. readWrite grants all read and write permissions, while dbAdmin provides the most authorized user settings (similar to the Administrator user in Windows or the root user in Linux).
You can find more information about MongoDB user authorizations at this link.
The user is defined, but the connection to the database still does not require user authentication. We need to activate the authorization from the /etc/mongod.conf file and restart the service. We need to add the following lines to the relevant file.
security:
authorization: 'enabled'
After this operation, you need to restart the service with the command service mongod restart
. After this step, the database connection can be made with user authorization. Additionally, you can encrypt your connection by installing an SSL certificate for the MongoDB service.
How to Install an SSL Certificate for MongoDB Service?
To install an SSL certificate, you need to specify the path of the file containing the private key, certificate key, and CA certificate key in pem format under the net: section in the /etc/mongod.conf file.
net:
port: 27017
bindIp: 0.0.0.0
ssl:
mode: requireSSL
PEMKeyFile: /path/to/certificate.pem
The bindIP value should be specified as 0.0.0.0 or the IP address of your server because the connection request will come with the address of the SSL certificate. For those using Plesk panel, they can specify the path of the Plesk service's certificate. The certificate path of the Plesk panel is as follows:
/usr/local/psa/admin/conf/httpsd.pem
Users of Plesk panel can install SSL certificates for services using Lets Encrypt for free. This method would be more cost-effective.
Now let's connect to the MongoDB service and create a new database and a new user to add data.
mongo --port 27017 -u username -p 'password' --ssl --host your_server_address_defined_in_your_ssl_certificate --authenticationDatabase admin
With this command, we made our connection with SSL and user authorization. To create a new database, you only need to use the use command.
use yourdatabase
We created a database named 'yourdatabase'. To add data to this database by creating a document, we use the db.collection.insert() command.
db.collection.insert({"title": "topic title"})
This command has created a document named 'collection' and assigned the value "topic title" to the 'title' field in this document.
So far, everything is okay, but we are connected to this database with the admin user. Let's create a new user for this database.
db.createUser({ user: "user", pwd: "password", roles: ["readWrite"] })
Now you can connect to this database with the newly created username and password.
Türkçe: https://niyazi.net/tr/mongodb-kurulum-ve-konfigurasyonu-kullanici-yetkilendirmesi-ve-ssl-kurulumu
Muhammed Niyazi ALPAY - Cryptograph
Senior Software Developer & Senior Linux System Administrator
Meraklı
PHP MySQL MongoDB Python Linux Cyber Security
There are none comment