BLOG POSTS
    MangoHost Blog / How to Configure Remote Access for MongoDB on Ubuntu 24
How to Configure Remote Access for MongoDB on Ubuntu 24

How to Configure Remote Access for MongoDB on Ubuntu 24

Remote access configuration for MongoDB on Ubuntu 24 is a critical skill that allows databases to be accessed from external applications, development environments, and distributed systems. This guide walks through the complete process of securely enabling remote connections to MongoDB, covering network configuration, authentication setup, security hardening, and troubleshooting common connectivity issues that developers and system administrators frequently encounter.

Understanding MongoDB Network Architecture

MongoDB by default binds only to localhost (127.0.0.1) as a security measure, preventing external connections. The bind_ip configuration parameter controls which network interfaces MongoDB listens on, while the port parameter determines the connection endpoint. Understanding these fundamentals is essential before modifying access permissions.

The networking stack involves several layers: the MongoDB daemon (mongod) listening on specified interfaces, Ubuntu’s firewall (ufw) controlling port access, and potential network infrastructure between clients and servers. Each layer must be properly configured for successful remote connectivity.

Step-by-Step Remote Access Configuration

Installation and Initial Setup

First, ensure MongoDB is properly installed on Ubuntu 24. Import the MongoDB GPG key and add the repository:

curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
sudo apt update
sudo apt install -y mongodb-org

Start and enable MongoDB service:

sudo systemctl start mongod
sudo systemctl enable mongod
sudo systemctl status mongod

Configuring Network Binding

Edit the MongoDB configuration file to enable remote access:

sudo nano /etc/mongod.conf

Modify the network interfaces section:

# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0  # Listen on all available interfaces
  # bindIp: 127.0.0.1,10.0.0.5  # Alternative: specific interfaces only

For production environments, binding to specific IP addresses is recommended instead of 0.0.0.0. Identify your server’s IP address:

ip addr show
# or
hostname -I

Restart MongoDB to apply configuration changes:

sudo systemctl restart mongod

Authentication Configuration

Enable authentication in the MongoDB configuration file by adding or modifying the security section:

security:
  authorization: enabled

Create an administrative user before enabling authentication:

mongosh
use admin
db.createUser({
  user: "admin",
  pwd: "securePassword123",
  roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]
})
exit

Restart MongoDB and test authentication:

sudo systemctl restart mongod
mongosh -u admin -p securePassword123 --authenticationDatabase admin

Firewall Configuration

Configure Ubuntu’s firewall to allow MongoDB connections:

sudo ufw allow 27017/tcp
sudo ufw allow from trusted_ip_address to any port 27017  # More restrictive option
sudo ufw reload
sudo ufw status

For enhanced security, restrict access to specific IP addresses or subnets:

sudo ufw allow from 192.168.1.0/24 to any port 27017
sudo ufw allow from 10.0.0.0/8 to any port 27017

Security Hardening Best Practices

SSL/TLS Configuration

Generate SSL certificates for encrypted connections:

sudo mkdir /etc/ssl/mongodb
sudo openssl req -newkey rsa:2048 -new -x509 -days 3650 -nodes -out /etc/ssl/mongodb/mongodb-cert.crt -keyout /etc/ssl/mongodb/mongodb-cert.key
sudo cat /etc/ssl/mongodb/mongodb-cert.key /etc/ssl/mongodb/mongodb-cert.crt > /etc/ssl/mongodb/mongodb.pem
sudo chown mongodb:mongodb /etc/ssl/mongodb/mongodb.pem
sudo chmod 600 /etc/ssl/mongodb/mongodb.pem

Update mongod.conf to enable SSL:

net:
  port: 27017
  bindIp: 0.0.0.0
  tls:
    mode: requireTLS
    certificateKeyFile: /etc/ssl/mongodb/mongodb.pem

User Management and Role-Based Access

Create database-specific users with minimal required permissions:

mongosh -u admin -p --authenticationDatabase admin
use myapp
db.createUser({
  user: "appuser",
  pwd: "appPassword123",
  roles: [{ role: "readWrite", db: "myapp" }]
})

# Create read-only user for analytics
db.createUser({
  user: "analytics",
  pwd: "analyticsPassword123",
  roles: [{ role: "read", db: "myapp" }]
})

Connection Testing and Validation

Test remote connectivity from different environments:

# From another Ubuntu machine
mongosh "mongodb://appuser:appPassword123@your_server_ip:27017/myapp"

# With SSL enabled
mongosh "mongodb://appuser:appPassword123@your_server_ip:27017/myapp?tls=true&tlsAllowInvalidCertificates=true"

# Connection string for applications
mongodb://appuser:appPassword123@your_server_ip:27017/myapp?authSource=myapp

Python connection example:

import pymongo

client = pymongo.MongoClient("mongodb://appuser:appPassword123@your_server_ip:27017/myapp")
db = client.myapp
collection = db.test_collection

# Test insert and find
collection.insert_one({"test": "remote connection successful"})
result = collection.find_one({"test": "remote connection successful"})
print(result)

Common Issues and Troubleshooting

Connection Timeout Problems

Connection timeouts typically indicate firewall or network issues. Diagnose using:

# Check if MongoDB is listening on correct interfaces
sudo netstat -tulpn | grep :27017
sudo ss -tulpn | grep :27017

# Test port connectivity
telnet your_server_ip 27017
nc -zv your_server_ip 27017

# Check MongoDB logs
sudo tail -f /var/log/mongodb/mongod.log

Authentication Failures

Authentication issues often result from incorrect user permissions or database specifications:

# Verify user exists and permissions
mongosh -u admin -p --authenticationDatabase admin
use admin
db.getUsers()
use myapp
db.getUsers()

# Check authentication database parameter
mongosh -u appuser -p appPassword123 --authenticationDatabase myapp your_server_ip:27017/myapp

Performance Optimization

Configuration Parameter Default Value Recommended Value Impact
net.maxIncomingConnections 65536 1000-5000 Limits resource usage
operationProfiling.slowOpThresholdMs 100 50 Better query monitoring
storage.wiredTiger.engineConfig.cacheSizeGB 50% of RAM 60% of available RAM Improved performance

Apply performance optimizations in mongod.conf:

net:
  maxIncomingConnections: 2000

operationProfiling:
  slowOpThresholdMs: 50

storage:
  wiredTiger:
    engineConfig:
      cacheSizeGB: 4

Real-World Implementation Examples

Development Environment Setup

For development teams working with remote MongoDB instances, configure connection pooling and environment-specific credentials:

# Development environment variables
export MONGODB_URI="mongodb://devuser:devpass@dev-server:27017/myapp_dev"
export MONGODB_OPTIONS="?maxPoolSize=10&minPoolSize=2&maxIdleTimeMS=30000"

# Production-ready connection string
mongodb://prod_user:secure_password@prod-server:27017/myapp_prod?authSource=myapp_prod&ssl=true&replicaSet=rs0

Microservices Architecture

In microservices deployments, each service typically requires dedicated database users with specific permissions:

# User service permissions
db.createUser({
  user: "user_service",
  pwd: "userServicePassword",
  roles: [
    { role: "readWrite", db: "users" },
    { role: "read", db: "audit_logs" }
  ]
})

# Order service permissions
db.createUser({
  user: "order_service", 
  pwd: "orderServicePassword",
  roles: [
    { role: "readWrite", db: "orders" },
    { role: "read", db: "users" },
    { role: "readWrite", db: "inventory" }
  ]
})

Monitoring and Maintenance

Implement monitoring for remote connections and database performance:

# Monitor current connections
mongosh -u admin -p --authenticationDatabase admin
db.serverStatus().connections

# Check replica set status (if applicable)
rs.status()

# Monitor slow queries
db.setProfilingLevel(2, { slowms: 100 })
db.system.profile.find().sort({ ts: -1 }).limit(5)

Set up log rotation for MongoDB logs:

sudo nano /etc/logrotate.d/mongodb
/var/log/mongodb/*.log {
    daily
    missingok
    rotate 52
    compress
    notifempty
    sharedscripts
    postrotate
        /bin/kill -SIGUSR1 $(cat /var/run/mongodb/mongod.pid 2>/dev/null) 2>/dev/null || true
    endscript
}

Alternative Remote Access Methods

Method Security Level Complexity Use Case
Direct Remote Access Medium Low Development, small teams
SSH Tunneling High Medium Secure remote access
VPN Connection High High Enterprise environments
MongoDB Atlas High Low Cloud-native applications

SSH Tunnel Configuration

For maximum security, consider SSH tunneling instead of direct remote access:

# Create SSH tunnel from local machine
ssh -L 27017:localhost:27017 user@your_server_ip

# Connect to MongoDB through tunnel
mongosh "mongodb://appuser:appPassword123@localhost:27017/myapp"

This approach provides additional security layers and is particularly valuable when working with sensitive production data or when network policies restrict direct database access.

For scalable hosting solutions that support MongoDB deployments, consider exploring VPS services for development environments or dedicated servers for production workloads requiring consistent performance and dedicated resources.

Additional configuration details and advanced security options can be found in the official MongoDB security documentation and Ubuntu MongoDB guide.

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.

More stories

Debian 13 “Trixie” Released: Major Upgrades for Modern Infrastructure
admin, August 13, 2025
Debian 13 “Trixie” Released: Major Upgrades...
Proxmox VE 9.0: The Ultimate Virtualization Beast is Here
admin, August 8, 2025
Proxmox VE 9.0: The Ultimate Virtualization Beast is He...
Install and Uninstall Node.js on Ubuntu – Step-by-Step
admin, August 4, 2025
Install and Uninstall Node.js on Ubuntu – Step-by-Step

Leave a reply

Your email address will not be published. Required fields are marked

Login
Register
Forgot something?