search string side menu

ELMA365 On-Premises > Prepare infrastructure > Databases > Prepare external databases / MongoDB

MongoDB

For the correct operation of the system, MongoDB version 3.6 to 6.0 is required. This article describes the installation of MongoDB 6.0 for Ubuntu Linux 22.04. You can also refer to the brief guide in the official MongoDB documentation.

начало внимание 

In this example, the database name is elma365, the user is elma365, and the password is SecretPassword.

When configuring MongoDB, set these data according to the security policy adopted in your organization.

конец внимание

Installation consists of six steps:

  1. Install MongoDB.
  2. Configure MongoDB.
  3. Configure connection to MongoDB.
  4. Initialize the replica.
  5. Connect to MongoDB.

Step 1: Install MongoDB

To install MongoDB, add the official repository:

sudo apt-get install gnupg
curl -fsSL https://pgp.mongodb.com/server-6.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
sudo apt-get update

Then install MongoDB:

sudo apt install mongodb-org

Run MongoDB:

sudo systemctl enable --now mongod

Step 2: Configure MongoDB

Начало внимание

The password can contain the following characters:

  • Uppercase Latin letters: A to Z
  • Lowercase Latin letters: a to z
  • Digits: 0 to 9
  • Symbols: -_

Reserved (invalid) characters: ! * ' ( ) ; : @ & = + $ , / ? % # [ ]

Конец внимание

  1. Access mongosh (Command Line Interface) and create a database:

mongosh

  1. Use the ELMA365 database. If it doesn't exist, create it:

use elma365

  1. Create a dedicated user, elma365, to work with the database, with the password SecretPassword. Username and password are provided as an example:

db.createUser({user:'elma365', pwd:'SecretPassword', roles:[{role:"readWrite", db:"elma365"},{"role":"root", "db":"admin"}]})

  1. Make sure that the user is created:

show users

  1. To enable authentication, create a superuser:

use admin
db.createUser({user:'superuser', pwd:'SecretPassword', roles: ["root"]})

  1. Make sure that the user is created:

show users

  1. Complete the configuration:

exit

  1. Create a file with a general authentication key, set access to the file:

openssl rand -base64 756 > /var/lib/mongodb/keyfile
chmod 400 /var/lib/mongodb/keyfile
chown mongodb:mongodb /var/lib/mongodb/keyfile

  1. Enable secure access to the MongoDB server.

To do that, edit the /etc/mongod.conf file:

. . .
setParameter:
  enableLocalhostAuthBypass: false
security:
   authorization: "enabled"
keyFile: /var/lib/mongodb/keyfile
. . .

  1. Restart MongoDB:

sudo systemctl restart mongod

Step 3: Configure connection to MongoDB

Make changes to the configuration file /etc/mongod.conf:

sudo nano /etc/mongod.conf

Configure the values for:

  • bindIp is a list of addresses from which connections on port 27017 can be accepted (in this case, it makes the MongoDB service available from all external addresses);
  • replSetName is the name of the replica set, by default it is "rs0"

. . .
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
. . .
replication:
  replSetName: "rs0"
  enableMajorityReadConcern: true
. . .

Configuring TLS/SSL in MongoDB

To enable TLS/SSL support in MongoDB, follow these steps:

  1. Prepare a fullchain certificate. See the Create a fullchain certificate article for instructions on how to do this.
  2. Copy the contents of the your_domain.key private key into mongodb.pem:

cat your_domain.key > mongodb.pem

  1. Copy the contents of the fullchain certificate into mongodb.pem.

cat fullchain_your_domain.pem >> mongodb.pem

  1. Add a configuration block for net on each node. In the net.tls.certificateKeyFile parameter, specify the path to the PEM file containing the fullchain certificates and associated private keys. Each node has unique domain names, and certificates must be issued for each node.

net:
  tls:
    mode: requireTLS
    certificateKeyFile: /path/to/mongodb.pem

For more detailed information on configuring TLS/SSL in MongoDB, refer to the official MongoDB documentation.

Restart MongoDB to apply the changes:

sudo systemctl restart mongod

Step 4: Initialize the replica

  1. Open the mongosh console for configuration.

To connect to MongoDB:

sudo mongosh

To connect to MongoDB with TLS/SSL enabled:

sudo mongosh --tls --host mongodb-server1.your_domain --tlsCAFile /etc/ssl/CA.pem

  1. Initialize the replica:

rs.initiate({ _id: "rs0", members: [{ _id: 0, host: "<mongodb-server-address>" }]})

  1. Check the replicaSet configuration:

rs.conf()

  1. Check the state of MongoDB:

rs.status()

Step 5: Connect to MongoDB

Connection string for MongoDB:

mongodb://elma365:SecretPassword@<mongodb-server-address>:27017/elma365?ssl=false&replicaSet=rs0&readPreference=nearest

Connection string for MongoDB with TLS/SSL:

mongodb://elma365:SecretPassword@mongodb-server.your_domain:27017/elma365?ssl=true&replicaSet=rs0&readPreference=nearest

postgresql.html redis.html

Found a typo? Highlight the text, press ctrl + enter and notify us