MongoDB is a document database that stores data as flexible JSON-like documents instead of fixed rows and columns. It is commonly used for web applications, REST APIs, content management systems, and real-time analytics where the data model changes frequently.
This tutorial walks through installing MongoDB Community Edition on Ubuntu 24.04, enabling authentication, creating an admin user, creating an application database user, testing basic CRUD operations, and securing access with UFW.
Prerequisites
You will need:
- An Ubuntu 24.04 VPS or cloud server
- SSH access
- A non-root user with
sudoprivileges - UFW installed and configured
- At least 2 vCPU and 4 GB RAM for a comfortable MongoDB setup
Step 1 — Add the MongoDB Repository
MongoDB is not included in Ubuntu 24.04's default repositories. To install the latest stable MongoDB Community Edition packages, add the official MongoDB APT repository.
Import the MongoDB GPG key:
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | sudo gpg --dearmor -o /usr/share/keyrings/mongodb-server-8.0.gpg
Add the MongoDB repository for Ubuntu 24.04 Noble:
echo "deb [signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
Update the package index:
sudo apt update
You should see the MongoDB repository listed in the output without errors.
Note: If you see a GPG key error, verify the key import command and try again.
Step 2 — Install MongoDB
Install the MongoDB Community Edition meta-package:
sudo apt install -y mongodb-org
This installs the MongoDB server, shell, tools, and related packages.
Start MongoDB:
sudo systemctl start mongod
Enable MongoDB to start automatically on boot:
sudo systemctl enable mongod
Check the service status:
sudo systemctl status mongod
You should see active (running).
Check the installed version:
mongod --version
Expected output:
db version v8.0.x
If mongod fails to start, check the logs:
sudo journalctl -u mongod -e
Note: A common issue on fresh installs is a missing data directory. MongoDB expects
/var/lib/mongodbto exist with the correct ownership.
Now connect to the MongoDB shell:
mongosh
You should see the MongoDB shell prompt:
test>
Type exit to disconnect.
Warning: At this point, MongoDB is running without authentication. Anyone with network access could connect, so authentication should be enabled before exposing MongoDB beyond localhost.
Step 3 — Create the Admin User
Before enabling authentication, create an admin user.
Connect to the MongoDB shell:
mongosh
Switch to the admin database:
use admin
Create an admin user:
db.createUser({
user: "admin",
pwd: "your_strong_admin_password",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" }
]
})
Replace your_strong_admin_password with a strong password. You should see:
{ ok: 1 }
Exit the shell:
exit
You can generate a strong password with:
openssl rand -base64 24
Tip: Store the password securely. You will need it when connecting to MongoDB with authentication enabled.
Step 4 — Enable Authentication
By default, MongoDB accepts connections without credentials. On a server, that is a serious security risk.
Open the MongoDB configuration file:
sudo nano /etc/mongod.conf
Find the commented security section and change it to:
security:
authorization: enabled
Note: Make sure
authorization: enabledis indented with two spaces. YAML is whitespace-sensitive.
Also verify the net section:
net:
port: 27017
bindIp: 127.0.0.1
This configuration makes MongoDB listen only on localhost. Save the file and restart MongoDB:
sudo systemctl restart mongod
Verify that MongoDB restarted successfully:
sudo systemctl status mongod
Now test that authentication is enforced. Connect without credentials:
mongosh
Try to list databases:
show dbs
You should see an authorization error. This confirms that authentication is working.
Exit and reconnect with the admin user:
mongosh -u admin -p --authenticationDatabase admin
Enter your password when prompted. Now this command should work:
show dbs
You should see the admin, config, and local databases.
Step 5 — Create an Application Database and User
Do not run your application as the admin user. Create a dedicated database and user for each application.
While connected as the admin user, switch to a new database:
use appdb
MongoDB creates the database automatically when data is first written to it.
Create an application user with read-write access only to this database:
db.createUser({
user: "appuser",
pwd: "your_app_password",
roles: [
{ role: "readWrite", db: "appdb" }
]
})
Exit and reconnect as the application user:
mongosh -u appuser -p --authenticationDatabase appdb
Switch to the application database:
use appdb
This user can read and write in appdb, but does not have access to other databases.
Step 6 — Test Basic CRUD Operations
Verify that the database works by performing basic Create, Read, Update, and Delete operations.
Insert documents into a collection:
db.products.insertMany([
{ name: "Starter Plan", price: 5.00, cpu: 1, ram: 1 },
{ name: "Growth Plan", price: 20.00, cpu: 2, ram: 4 },
{ name: "Scale Plan", price: 60.00, cpu: 8, ram: 16 }
])
MongoDB creates the collection automatically.
Read all documents:
db.products.find()
Find one document:
db.products.findOne({ name: "Growth Plan" })
Update a document:
db.products.updateOne(
{ name: "Starter Plan" },
{ $set: { price: 6.00 } }
)
Delete a document:
db.products.deleteOne({ name: "Scale Plan" })
Count documents in the collection:
db.products.countDocuments()
Notice that you did not define a schema or create a table before inserting data. In MongoDB, the schema is implicit in the documents themselves.
Clean up the test data:
db.products.drop()
exit
Step 7 — Configure the Firewall
By default, MongoDB listens on port 27017 and accepts connections only from localhost. If your application runs on the same server, you do not need to open the MongoDB port.
If you need to allow MongoDB connections from another server on a private network, first update the bind address in /etc/mongod.conf:
net:
port: 27017
bindIp: 127.0.0.1,10.0.0.5
Replace 10.0.0.5 with your server's private IP address. Restart MongoDB:
sudo systemctl restart mongod
Then allow access from the application server's private IP range:
sudo ufw allow from 10.0.0.0/24 to any port 27017
Warning: Never bind MongoDB to
0.0.0.0or open port 27017 to the public internet without strict access controls. Unsecured MongoDB instances are actively scanned by automated bots and can be compromised quickly.
Useful MongoDB Commands
Common shell commands:
show dbs // List all databases
use dbname // Switch to a database
show collections // List collections in current database
db.collection.find() // List all documents
db.collection.find().pretty() // Formatted output
db.collection.countDocuments() // Count documents
db.collection.createIndex({ field: 1 }) // Create an index
db.stats() // Database statistics
db.collection.stats() // Collection statistics
User administration commands:
db.getUsers() // List users in current database
db.createUser({...}) // Create a user
db.dropUser("username") // Delete a user
db.shutdownServer() // Graceful shutdown from admin db
Important MongoDB paths:
/etc/mongod.conf Main configuration file
/var/lib/mongodb/ Data directory
/var/log/mongodb/mongod.log Log file
Service management commands:
sudo systemctl start mongod
sudo systemctl stop mongod
sudo systemctl restart mongod
sudo systemctl status mongod
Conclusion
You have installed MongoDB Community Edition on Ubuntu 24.04, created an admin user, enabled authentication, created an application database with a dedicated user, tested the setup with CRUD operations, and configured firewall access.
From here, you can:
- Connect a Node.js application using the official MongoDB Node.js driver or Mongoose
- Connect a Python application using PyMongo
- Set up automated backups with
mongodump - Create indexes on frequently queried fields
- Monitor MongoDB with Prometheus and Grafana using the MongoDB exporter
- Manage MongoDB alongside other services using tools such as Portainer
MongoDB is now ready to support applications that need flexible document storage on Ubuntu 24.04.
I'm Serdar, co-founder of Raff — affordable and reliable cloud infrastructure built to be the one platform your app needs — compute, storage, and beyond.
Top comments (0)