Based on Debian 11 "Bullseye" environment.

MongoDB

Install MongoDB Community Edition, a document DB.
There's no official Debian package (only available to Stretch). As of 2022 May, version 6.0 is still a Release Candidate. 5.0.8 is the latest stable release.

There is an official document on how to install MongoDB 5.0 to Debian, but Debian 11 "Bullseye" is not available. This page is almost a copy of the official document, with some tweaks to align with Bullseye.

Preparation

Add apt-line. "apt-key is deprecated. Use gpg way instead.

Download MongoDB key and convert it to gpg key. Suppose there's ~/tmp directory.

$ cd ~/tmp
$ wget https://www.mongodb.org/static/pgp/server-5.0.asc
$ gpg --no-default-keyring --keyring ./temp-keyring.gpg --import server-5.0.asc
gpg: keybox './temp-keyring.gpg' created
gpg: key B00A0BD1E2C63C11: public key "MongoDB 5.0 Release Signing Key <packaging@mongodb.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Export temp-keyring.gpg and copy it to /usr/share/keyrings

$ gpg --no-default-keyring --keyring ./temp-keyring.gpg --export --output server-5.0.gpg
$ sudo cp server-5.0.gpg /usr/share/keyrings/

Add apt-line

# vi /etc/apt/sources.list.d/mongodb-org-5.0.list

Add keyrings location to the apt line. The apt-line contains "buster" but it installs the latest 5.0.x anyway.

deb [signed-by=/usr/share/keyrings/server-5.0.gpg] http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main

Update apt sources.

# apt update

Installation

As repository is already prepared, install "mongodb-org" package as usual.

# apt install mongodb-org

MongoDB data directory has to be xfs. The installer makes /var/lib/mongodb as a data directory, so change data directory do somewhere on the xfs filesystem.
The configuration is in /etc/mongod.conf

# Where and how to store data.
storage:
  dbPath: /var/xfs/mongodb
  journal:
    enabled: true

Reload daemons, enable Mongod, and start.

# systemctl daemon-reload
# systemctl enable mongod
# systemctl start mongod

Security configuration

By default, anybody who can access MongoDB can read any data on it. Instead of no authentication, MongoDB accepts access only from localhost.
It is strongly recommended to enable authorization.

Add an admin user

Add a superuser (admin/root) before enabling authorization.
For example, a user "mongo" with the password "password"

$ mongosh
test> use admin
switched to db admin
admin> db.createUser({user:"mongo", pwd:"password", roles:["root"]})
{ ok: 1 }
admin> exit

Enable authorization

Enable user authentication to prevent accidents.
All configurations are in /etc/mongod.conf

security:
  authorization: enabled

If you need access from other than localhost, add bind IP. Add IP addresses separated by commas.

net:
  port: 27017
  bindIp: 172.0.0.1, 192.0.2.0

Restart MongoDB after changing /etc/mongod.conf

# systemctl restart mongod

Add a normal user

Add a normal user that has read/write privilege to the specific DB.
For example, "user01" to the "doc01" collection with "readWrite" role.

$ mongosh
test> use admin
switched to db admin
admin> db.auth("mongo", "password")
{ ok: 1 }
admin> use doc01
switched to db doc01
doc01> db.createUser({user: "user01", pwd: "password", roles: [{role: "readWrite", db: "doc01"}] })
{ ok: 1 }
doc01> exit
  • "use doc01" automatically makes a new DB "doc 01" unless it exists

Update History

2022-05-23

  • Initial release