Authors Top

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

1. Overview

In this tutorial, we’ll learn to connect to MongoDB running on a remote machine. MongoDB’s default configuration only allows connections from the same server where it is installed. MongoDB can be managed remotely or connected to a separate application server by making a few changes to the default configuration.

First, we’ll install the MongoDB using the docker container, then configure the MongoDB installation to access from a trusted remote machine securely. Importantly as we are enabling the remote connection, we’ll also need to secure the MongoDB installation by creating an administrative user account for the database.

Let’s look into the remote connections for the MongoDB server.

2. MongoDB Installation Using Docker

To set up the remote connection in MongoDB, we first need to install MongoDB. The easiest way to set up MongoDB on a Linux machine is to use the docker container. One of the benefits of using docker for MongoDB is that the containerized database is consistent across multiple environments, enabling a faster development setup.

The command to pull the latest Mongo Docker image:

$ sudo docker pull mongo
Using default tag: latest
latest: Pulling from library/mongo
Digest: sha256:ad947856db716ddd0b9cc525e341c77208ed8dafcb4a6ad23f9b3addd7a4f71c
Status: Image is up to date for mongo:latest
docker.io/library/mongo:latest

Here, in the above command, we pulled the Docker image, now to illustrate, let’s run a container using it:

$ docker run -itd --name mongodb mongo
fda9c14e96a2e35e3daf89b5772d2fb2205c2679a1dc0c4a831c32690d40391c

We’ll start the container with the container name “mongodb“.

3. Creating an Administrative User

Before we move forward to open the remote connections for MongoDB, we first need to enable the authentication in MongoDB. However, authentication is disabled in default configurations, which means any user with access to the server containing MongoDB has full access to all the databases. To secure the databases, we’ll create an administrative user and enable the authentication to connect to the database using the administrative user securely.

We first need to enter the shell using the below command to create the administrative user:

$ mongo

To enable the authentication, we need to use the database admin:

use admin

Here, we’ll use the createUser method of the admin database. Using this, we can assign multiple roles to a single user. Roles assigned to an admin user grant them all the necessary privileges to create and modify users and read and write to any database.

The createUser method requires a username and password for the user and any roles we want the user to have. Here we need to create a document that holds all the details related to user credentials and roles.

To demonstrate, let’s invoke the createUser method to assign the role to an administrate user:

db.createUser(
{
    user: "baeldung",
    pwd: "baeldung",
    roles: [
        { 
            role: "userAdminAnyDatabase", db: "admin" 
        },
        { 
            role: "readWriteAnyDatabase", db: "admin" 
        },
        {
            role: "dbAdminAnyDatabase",   db: "admin"
        }
    ]
});

In this case, the output of the above command will be:

Successfully added user: 
{
    "user" : "baeldung", 
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
	    "db" : "admin"
        },
	{
	    "role" : "readWriteAnyDatabase",
	    "db" : "admin"
	},
        { 
             "role" : "dbAdminAnyDatabase",
	     "db" : "admin"
	}
    ]
}

In the above command, we created a user baeldung with the password “baeldung” and provided full access to this user. The passwordPrompt can also be used to prompt the password on the terminal instead of providing it in the JSON:

db.createUser(
{
    user: "baeldung",
    pwd: passwordPrompt(),
    roles: [
        { 
            role: "userAdminAnyDatabase", db: "admin" 
        },
        { 
            role: "readWriteAnyDatabase", db: "admin" 
        },
        {
            role: "dbAdminAnyDatabase",   db: "admin"
        }
    ]
});

One key point to note is that we also need to restart the MongoDB daemon. Otherwise, the changes will not be reflected.

4. Enable MongoDB Authentication

Now, our admin is set up, and database-specific users have been created. Next, we have to enable MongoDB to start using these access controls. Specifically, here we need to update the configuration of mongod.conf file:

$ sudo vi /etc/mongod.conf

In the mongod.conf file, we have first to comment the operationProfiling and then enable the authorization under security:

#operationProfiling:
security:
  authorization: enabled

Lastly, MongoDB enforces database access control using the roles we created in the previous step on restarting the server.

5. Configuring Public Bind IP

So far, we installed MongoDB using the docker and enabled the mongo auth configurations. By default, MongoDB only accepts connections from localhost. Therefore, we need to allow remote connections. In the mongod.conf file, we need to go to the network interfaces section and change the bindIp to 0.0.0.0, which means to allow connections from any IP address:

# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0

Furthermore, we have to restart the MongoDB daemon to see the changes.

6. Remote Connectivity

Now that we have configured the MongoDB to listen for the remote connections on its publicly-routable IP address. Here we can test whether the remote machine is able to connect. To demonstrate, let’s check out the command to connect to the remote MongoDB:

$ mongo mongodb://baeldung:[email protected]:27017/admin

Using the above command, we can access MongoDB with authentication.

7. Conclusion

In this article, we learned to configure the remote access of MongoDB. First, we installed MongoDB using the docker container. In addition to that, we also explored user authentication assigning different roles.

Finally, we enabled the authentication and configured the public binding IP. In short, we installed MongoDB and enabled remote connectivity.

Authors Bottom

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

Comments are closed on this article!