How to Install MongoDB on Debian 8

Introduction

Part of the MEAN stack MongoDB is the new NoSQL document database that is being implemented within modern web applications. So using MongoDB in your own application will give it the edge, you will be able to deal with a large amount of data. On top of all that you will be able to access that data with just a few commands with writing big queries to fire in your database. In this tutorial we will learn how to install MongoDB and configure it for safety purposes.

Step 1 — Installing MongoDB / Updating our repository

if you are thinking that Debian is pre-loaded with MongoDB’s repositories, you are not wrong, but still its always better to have an up-to-date version. So let us just add the official updated repository on our server.

Debian has to verify the software package’s authenticity by using GPG keys, so let’s import the key for the official MongoDB repository.

• sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv  0EKIDH450359A14518324HF23711F9B6534DSFE

Output

gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

Now to add MongoDB repository details so apt will know where to download the packages from.

Issue the following command to create a list file for MongoDB.

• echo “deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.4 main” | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list

After adding the repository details, update the packages list:

• sudo apt-get update

Now install the MongoDB package itself with the following command:

• sudo apt-get install -y mongodb-org

This installs the latest stable version of MongoDB, along with some helpful management tools for the MongoDB server.

Once MongoDB installs, start the service, and ensure it starts when your server reboots:

• sudo systemctl enable mongod.service
• sudo systemctl start mongod

Then use systemctl to check that the service has started properly:

• sudo systemctl status mongod

You should see the following output, indicating that the service is running:

● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/lib/systemd/system/mongod.service; enabled)
   Active: active (running) since Tue 2017-02-28 19:51:51 UTC; 7s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 8958 (mongod)
   CGroup: /system.slice/mongod.service
           └─8958 /usr/bin/mongod --quiet --config /etc/mongod.conf

Feb 28 19:51:51 cart-61037 systemd[1]: Started High-performance, schema-free document-oriented database.

Now that MongoDB is successfully installed, let’s secure it with the software firewall.

Step 2 — Securing MongoDB with a Firewall

MongoDB is the database for your website, and ofcourse your database should be secure and should only be accessed from certain locations. So you need to setup firewalls so that your precious database is safe. By can do that by specifying the IP addresses of the locations that it will be accessed from.  We’ll use the iptables firewall to set up this rule, as well as a few other rules to secure the system.

Before we write any rules, install the iptables-persistent package so you can save the rules you create. This way the rules will be applied every time you restart your server. Execute this command:

• sudo apt-get install iptables-persistent

Next, remove any existing rules that may be in place, just in case:

• sudo iptables -F

Then add a rule that allows established connections to continue talking. This way our existing SSH connection won’t be interrupted:

• sudo iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

Next, ensure that SSH access is allowed:

• sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT

If you plan to connect to MongoDB from a remote server, add these rules which will allow access to MongoDB’s default port from your application server:

• sudo iptables -A INPUT -s your_other_server_ip -p tcp –destination-port 27017 -m state –state NEW,ESTABLISHED -j ACCEPT
• sudo iptables -A OUTPUT -d your_other_server_ip -p tcp –source-port 27017 -m state –state ESTABLISHED -j ACCEPT

Next, add these rules which allow traffic on the local loopback device:

• sudo iptables -A INPUT -i lo -j ACCEPT
• sudo iptables -A OUTPUT -o lo -j ACCEPT

Finally, change the firewall policy to drop all other traffic:

• sudo iptables -P INPUT DROP

 

Verify that the rules look correct:

• sudo iptables -S

You should see output similar to this:

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s your_other_server_ip/32 -p tcp -m tcp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -d your_other_server_ip/32 -p tcp -m tcp --sport 27017 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

Finally, save the rules:

• netfilter-persistent save

To learn more about these firewall rules, take a look at How To Set Up a Firewall Using Iptables on Ubuntu 14.04.

Step 3 — Enabling Access to External Servers (Optional)

Current versions of MongoDB don’t accept external connections by default. If you’ve restricted access to specific IP addresses with the firewall, you can modify MongoDB’s configuration to accept remote connections.

Edit the MongoDB configuration file:

• sudo nano /etc/mongod.conf

Locate this section:

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1

Mongo is listening on the local loopback address, so it’ll only accept local connections. Change the bindIp value so it includes the IP address of your MongoDB server:

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1, your_server_ip

Save the file and exit the editor.

Then restart MongoDB to apply the change:

• sudo systemctl restart mongod

Your remote machine should now be able to connect. However, you may also want to enable authentication to secure your database even further.