Based on Debian 11 "Bullseye" environment.
MongoDB
Install MongoDB Community Edition, a document DB.
There's no official Debian package (only available to Stretch). As of 2022 May, version 6.0 is still a Release Candidate. 5.0.8 is the latest stable release.
There is an official document on how to install MongoDB 5.0 to Debian, but Debian 11 "Bullseye" is not available. This page is almost a copy of the official document, with some tweaks to align with Bullseye.
Preparation
Add apt-line. "apt-key is deprecated. Use gpg way instead.
Download MongoDB key and convert it to gpg key. Suppose there's ~/tmp directory.
$ cd ~/tmp $ wget https://www.mongodb.org/static/pgp/server-6.0.asc $ gpg --no-default-keyring --keyring ./temp-keyring.gpg --import server-6.0.asc gpg: keybox './temp-keyring.gpg' created gpg: key B00A0BD1E2C63C11: public key "MongoDB 6.0 Release Signing Key <packaging@mongodb.com>" imported gpg: Total number processed: 1 gpg: imported: 1
Export temp-keyring.gpg and copy it to /usr/share/keyrings
$ gpg --no-default-keyring --keyring ./temp-keyring.gpg --export --output server-6.0.gpg $ sudo cp server-6.0.gpg /usr/share/keyrings/
Add apt-line
# vi /etc/apt/sources.list.d/mongodb-org-6.0.list
Add keyrings location to the apt line. The apt-line contains "buster" but it installs the latest 5.0.x anyway.
deb [signed-by=/usr/share/keyrings/server-6.0.gpg] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main
Update apt sources.
# apt update
Installation
As the repository is already prepared, install "mongodb-org" package as usual.
# apt install mongodb-org
MongoDB data directory has to be xfs. The installer makes /var/lib/mongodb as a data directory, so change the data directory to somewhere on the xfs filesystem.
The configuration is in /etc/mongod.conf
Remember changing the owner of /var/xfs/mongodb to mongodb:mongodb.
# Where and how to store data. storage: dbPath: /var/xfs/mongodb journal: enabled: true
Reload daemons, enable Mongod, and start.
# systemctl daemon-reload # systemctl enable mongod # systemctl start mongod
Security configuration
By default, anybody who can access MongoDB can read any data on it. Instead of no authentication, MongoDB accepts access only from localhost.
It is strongly recommended to enable authorization.
Add an admin user
Add a superuser (admin/root) before enabling authorization.
For example, a user "mongo" with the password "password"
$ mongosh
test> use admin
switched to db admin
admin> db.createUser({user:"mongo", pwd:"password", roles:["root"]})
{ ok: 1 }
admin> exit
Enable authorization
Enable user authentication to prevent accidents.
All configurations are in /etc/mongod.conf
security: authorization: enabled
If you need access from other than localhost, add bind IP. Add IP addresses separated by commas.
net: port: 27017 bindIp: 172.0.0.1, 192.0.2.0
Restart MongoDB after changing /etc/mongod.conf
# systemctl restart mongod
Add a normal user
Add a normal user that has read/write privilege to the specific DB.
For example, "user01" to the "doc01" collection with "readWrite" role.
$ mongosh
test> use admin
switched to db admin
admin> db.auth("mongo", "password")
{ ok: 1 }
admin> use doc01
switched to db doc01
doc01> db.createUser({user: "user01", pwd: "password", roles: [{role: "readWrite", db: "doc01"}] })
{ ok: 1 }
doc01> exit
- "use doc01" automatically makes a new DB "doc 01" unless it exists
Update History
2022-05-23
- Initial release
2023-03-14
- Update to MongoDB version 6.0
