Installing MongoDB on Debian Server


MongoDB is an open source NoSQL document database used usually in modern web applications and it comes as a free. In this article, you will come to know how to setup MongoDB on your server to be used in production application environment. You can install MongoDB and configure the firewall rules to limit the access to MongoDB.


1) Installing the MongoDB


MongoDB has been previously included in Debian's package repositories, however, the official MongoDB repository offers the recent up-to-date version and it is that the recommended method of installing the software. In this article, we will add the official repository to the server.  


Debian will ensure the authenticity of software packages by verifying either they are signed with GPG keys, now you need to import the key for the official MongoDB repository.


sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6


Once you have successfully imported the key, you will find:


Output


gpg: Total number processed: 2

gpg:  imported: 2  (RSA: 2)


Next, you need have to add the MongoDB repository information so the appropriate will come to know where to download the packages exactly from.


You can issue the following command to create a list of file for MongoDB.


echo "deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list

As soon as adding the repository details, update the list of packages:


sudo apt-get update


Now you need to install the MongoDB package itself with the command mentioned below:


sudo apt-get install -y mongodb-org


After adding the repository details, you need to update the package list:


sudo apt-get update


Now you have to install the MongoDB package with the below-mentioned command:


sudo apt-get install -y MongoDB-org


Later use systemctl to check whether the service has been started in a right manner:


sudo systemctl status mongod


You should be able to see the following output,which indicates that the service is running:


Output


● mongod.service - High-performance, schema-free document-oriented database

  Loaded: loaded (/lib/systemd/system/mongod.service; enabled)

  Active: active (running) since Wed 2016-10-29 15:42:10 UTC; 10s ago

    Docs: https://docs.mongodb.org/manual

Main PID: 8958 (mongod)

  CGroup: /system.slice/mongod.service

          └─8958 /usr/bin/mongod --quiet --config /etc/mongod.conf


Wed 2016-10-29 15:42:10 cart-61037 systemd[1]: Started High-performance, schema-free document-oriented database.


2) Securing MongoDB with the Firewall



In most of the cases, MongoDB will be accessed only from few of the trusted locations, like other server hosting an application. To accomplish this particular task, you'll enable access on MongoDB default port during the time of specifying the IP address of another server which will be clearly permitted to attach. You can use the iptables firewall to set up the rule, along with few other rules to secure the system.


Before writing any rules, you need to install the iptables-persistent package so that you will be able to save the rules which you create. In this manner, the rules would have been applied every time you restart the server. You need to execute the below command:


sudo apt-get install iptables-persistent


Next, you need to remove the existing rules which may be in place, just in the case:


sudo iptables -F


Then you need to add the rule which permits the established connections for continuing the talk. In this manner the existing SSH connection will not be interrupted:


sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT


And next, you need to ensure that SSH access is permitted:


sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT


If you have a plan of connecting to MongoDB from the remote server, you need to add these rules which will permit the access to MongoDB's default port from the application server:


sudo iptables -A INPUT -s your_other_server_ip -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT

sudo iptables -A OUTPUT -d your_other_server_ip -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT


Next, you need to add these rules which permits the traffic on the local loopback device:


sudo iptables -A INPUT -i lo -j ACCEPT

sudo iptables -A OUTPUT -o lo -j ACCEPT


And Finally, you need to alter the firewall policy to drop all other different traffic:


sudo iptables -P INPUT DROP


You need to verify whether the rules are correct:


sudo iptables -S


You should also see the same output similar to the below query:


Output


-P INPUT DROP

-P FORWARD ACCEPT

-P OUTPUT ACCEPT

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s your_other_server_ip/32 -p tcp -m tcp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A OUTPUT -d your_other_server_ip/32 -p tcp -m tcp --sport 27017 -m state --state ESTABLISHED -j ACCEPT

-A OUTPUT -o lo -j ACCEPT


At last, save the rules:


netfilter-persistent save


3) Enabling the access to external servers


You need to edit the MongoDB configuration file:


sudo nano /etc/mongod.conf


Locate this section:


Mongod.conf


# network interfaces

net:

 port: 27017

 bindIp: 000.0.0.0


Mongo is been listed on the local loopback address, so it is capable of only accepting the local connections. Change the bindIp value so that it will include the IP address of the specific MongoDB server:


mongod.conf


# network interfaces

net:

 port: 27017

 bindIp: 000.0.0.0, your_server_ip


You need to save the file and exit from the editor.


And then restart MongoDB to make any changes:


sudo systemctl restart mongod


Your remote machine will now be capable of connecting. Moreover, you may require enabling authentication to secure the database even further.