Professional Documents
Culture Documents
Prerequisites
Step 2 — Configuring
How To Configure Remote Access for MongoDB on
a Public bindIP Ubuntu 18.04
MongoDB Ubuntu Security Firewall NoSQL Ubuntu 18.04 Databases
Managed
Step 3 — Testing MySQL, Redis,
Remote Connectivity Postgres on
By Mark Drake
DigitalOcean
Conclusion
Posted October 8, 2020 · 2 versions 2.4k
Product
Prerequisites
To complete this tutorial, you’ll need:
A server running Ubuntu 18.04. This server should have a non-root administrative user and a
firewall configured with UFW. Set this up by following our initial server setup guide for
Ubuntu 18.04.
MongoDB installed on your server. This tutorial assumes that you have MongoDB 4.4 or
newer installed. You can install this version by following our tutorial on How To Install
MongoDB on Ubuntu 18.04.
A second computer from which you’ll access your MongoDB instance. For simplicity, this
tutorial assumes that this machine is another Ubuntu 18.04 server, with a non-root
administrative user and a UFW firewall configured following our initial server setup guide for
Ubuntu 18.04. However, Steps 1 and 2, which describe the actual procedure for enabling
remote connectivity on the database server, will work regardless of what operating system
the remote machine is running.
Lastly, while it isn’t required to complete this tutorial, we strongly recommend that you secure
your MongoDB installation by creating an administrative user account for the database and
enabling authentication. To do this, follow our tutorial on How To Secure MongoDB on Ubuntu
18.04.
Start by checking which port your MongoDB installation is listening on with the lsof command.
This command typically returns a list with every open file in a system, but when combined with the
-i option, it lists only network-related files or data streams.
The following command will redirect the output produced by lsof -i to a grep command that
searches for a string named mongo :
This example output shows that the mongod process is listening for connections on its default
port, 27017 :
Output
. . .
mongod 82221 mongodb 11u IPv4 913411 0t0 TCP localhost: 27017 (LISTEN)
. . .
In most cases, MongoDB should only be accessed from certain trusted locations, such as another
server hosting an application. One way to configure this is to run the following command on your
MongoDB server, which opens up access on MongoDB’s default port while explicitly only
allowing the IP address of the other trusted server.
Run the following command, making sure to change trusted_server_ip to the IP address of the
trusted remote machine you’ll use to access your MongoDB instance:
Note: If the previous command’s output showed your installation of MongoDB is listening on a non
default port, use that port number in place of 27017 in this command.
In the future, if you ever want to access MongoDB from another machine, run this command again
with the new machine’s IP address in place of trusted_server_ip .
The output will show that traffic to port 27017 from the remote server is now allowed:
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
27017 ALLOW trusted_server_ip
OpenSSH (v6) ALLOW Anywhere (v6)
You can find more advanced firewall settings for restricting access to services in UFW Essentials:
Common Firewall Rules and Commands.
Next, you’ll bind MongoDB to the server’s public IP address so you can access it from your remote
machine.
To allow remote connections, you must edit the MongoDB configuration file — /etc/mongod.conf
— to additionally bind MongoDB to your server’s publicly-routable IP address. This way, your
MongoDB installation will be able to listen to connections made to your MongoDB server from
remote machines.
Open the MongoDB configuration file in your preferred text editor. The following example uses
nano :
/etc/mongod.conf
. . .
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
. . .
Append a comma to this line followed by your MongoDB server’s public IP address:
/etc/mongod.conf
. . .
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1 ,mongodb_server_ip
. . .
Save and close the file. If you used nano , do so by pressing CTRL + X , Y , then ENTER .
Following that, your MongoDB installation will be able to accept remote connections from
whatever machines you’ve allowed to access port 27017 . As a final step, you can test whether the
trusted remote server you allowed through the firewall in Step 1 can reach the MongoDB instance
running on your server.
Note: As mentioned in the Prerequisites section, this tutorial assumes that your remote machine is
another server running Ubuntu 18.04. The procedure for enabling remote connections outlined in
Steps 1 and 2 should work regardless of what operating system your remote machine runs, but the
testing methods described in this Step do not work universally across operating systems.
One way to test that your trusted remote server is able to connect to the MongoDB instance is to
use the nc command. nc , short for netcat, is a utility used to establish network connections with
TCP or UDP. It’s useful for testing in cases like this because it allows you to specify both an IP
address and a port number.
Then run the following nc command, which includes the -z option. This limits nc to only scan for
a listening daemon on the target server without sending it any data. Recall from the prerequisite
installation tutorial that MongoDB is running as a service daemon, making this option useful for
testing connectivity. It also includes the v option which increases the command’s verbosity,
causing netcat to return some output which it otherwise wouldn’t.
Run the following nc command from your trusted remote server, making sure to replace
mongodb_server_ip with the IP address of the server on which you installed MongoDB:
If the trusted server can access the MongoDB daemon, its output will indicate that the connection
was successful:
Output
Connection to mongodb_server_ip 27017 port [tcp/*] succeeded!
Assuming you have a compatible version of the mongo shell installed on your remote server, you
can at this point connect directly to the MongoDB instance installed on the host server.
Note: If you followed the recommended How To Secure MongoDB on Ubuntu 18.04 tutorial, you will
have closed off access to your database to unauthenticated users. In this case, you’d need to use a
URI that specifies a valid username, like this:
Copy
$ mongo "mongodb:// username @ mongo_server_ip :27017"
The shell will automatically prompt you to enter the user’s password.
With that, you’ve confirmed that your MongoDB server can accept connections from the trusted
server.
Conclusion
You can now access your MongoDB installation from a remote server. At this point, you can
manage your Mongo database remotely from the trusted server. Alternatively, you could configure
an application to run on the trusted server and use the database remotely.
If you haven’t configured an administrative user and enabled authentication, anyone who has
access to your remote server can also access your MongoDB installation. If you haven’t already
done so, we strongly recommend that you follow our guide on How To Secure MongoDB on
Ubuntu 18.04 to add an administrative user and lock things down further.
Report an issue
Mark Drake
Technical Writer @ DigitalOcean
Comments
0 Comments
Leave a comment...
Sign In to Comment
Sign up for Infrastructure as a Working on improving health You get paid; we donate to tech
Newsletter. and education, reducing nonprofits.
inequality, and spurring
economic growth? We'd like to
help.
Featured on Community Kubernetes Course Learn Python 3 Machine Learning in Python Getting started with Go Intro to Kubernetes
DigitalOcean Products Virtual Machines Managed Databases Managed Kubernetes Block Storage Object Storage Marketplace VPC Load Balancers
Learn More