M. Niyazi Alpay
M. Niyazi Alpay
M. Niyazi Alpay

I've been interested in computer systems since a very young age, and I've been programming since 2005. I have knowledge in PHP, MySQL, Python, MongoDB, and Linux.

 

about.me/Cryptograph

MongoDB Installation and Configuration (User Authorization and SSL Installation)

MongoDB Installation and Configuration (User Authorization and SSL Installation)

For installing MongoDB on a Linux operating system, you first need to add the MongoDB repositories to your system.

Linux Redhat / CentOS

Step 1: You need to add the following information into the file /etc/yum.repos.d/mongodb-org.repo. Currently, the latest version is 4.0. If a different version is released later, you will need to add the repository for that version. You can find the latest MongoDB version from here.

[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

Step 2: Installation

yum install -y mongodb-org

Ubuntu

Step 1: Import the public key for the MongoDB service into your operating system

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4

Step 2: You need to add the following information into the file /etc/apt/sources.list.d/mongodb-org.list.

For Ubuntu 14.04:

echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list

For Ubuntu 16.04:

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list

Step 3: Update the packages

sudo apt-get update

Step 4: Installation

sudo apt-get install -y mongodb-org

I'll continue with CentOS for this topic. After the installation process, you can start the service by issuing the command service mongod start. MongoDB installation is complete and ready to use. You can enter the MongoDB shell by issuing the command mongo in the terminal. As mentioned in the previous section, MongoDB is generally managed via the shell, and by default, it allows connections to the service without asking for a username or password. If you want to access this service from outside, you should restrict the IP addresses with iptables and, most importantly, increase the security of the MongoDB service by defining a username and password.

How to Define Username and Password for MongoDB Service?

First, we enter the MongoDB command line with the mongo command. By default, there is an admin database that comes with the initial installation. We need to select this database.

use admin

After selecting the database, we need to create a user who will be authorized for this database.

db.createUser(
  {
    user: "yourusername",
    pwd: "yourpassword",
    roles: ["readWrite","dbAdmin"]
  }
)

The roles part specifies the permissions of the added user. readWrite grants all read and write permissions, while dbAdmin provides the most authorized user settings (similar to the Administrator user in Windows or the root user in Linux).

You can find more information about MongoDB user authorizations at this link.

The user is defined, but the connection to the database still does not require user authentication. We need to activate the authorization from the /etc/mongod.conf file and restart the service. We need to add the following lines to the relevant file.

security:
  authorization: 'enabled'

After this operation, you need to restart the service with the command service mongod restart. After this step, the database connection can be made with user authorization. Additionally, you can encrypt your connection by installing an SSL certificate for the MongoDB service.

How to Install an SSL Certificate for MongoDB Service?

To install an SSL certificate, you need to specify the path of the file containing the private key, certificate key, and CA certificate key in pem format under the net: section in the /etc/mongod.conf file.

net:
  port: 27017
  bindIp: 0.0.0.0
  ssl:
     mode: requireSSL
     PEMKeyFile: /path/to/certificate.pem

The bindIP value should be specified as 0.0.0.0 or the IP address of your server because the connection request will come with the address of the SSL certificate. For those using Plesk panel, they can specify the path of the Plesk service's certificate. The certificate path of the Plesk panel is as follows:

/usr/local/psa/admin/conf/httpsd.pem

Users of Plesk panel can install SSL certificates for services using Lets Encrypt for free. This method would be more cost-effective.

Now let's connect to the MongoDB service and create a new database and a new user to add data.

mongo --port 27017 -u username -p 'password' --ssl --host your_server_address_defined_in_your_ssl_certificate --authenticationDatabase admin

With this command, we made our connection with SSL and user authorization. To create a new database, you only need to use the use command.

use yourdatabase

We created a database named 'yourdatabase'. To add data to this database by creating a document, we use the db.collection.insert() command.

db.collection.insert({"title": "topic title"})

This command has created a document named 'collection' and assigned the value "topic title" to the 'title' field in this document.

So far, everything is okay, but we are connected to this database with the admin user. Let's create a new user for this database.

db.createUser({ user: "user", pwd: "password", roles: ["readWrite"] })

Now you can connect to this database with the newly created username and password.

Muhammed Niyazi ALPAY - Cryptograph

Senior Software Developer & Senior Linux System Administrator

Meraklı

PHP MySQL MongoDB Python Linux Cyber Security

You may also want to read these

There are none comment

Leave a comment

Your email address will not be published. Required fields are marked *