MongoDB is an open-source document database used in modern web applications. Allowing connections that originate on the same server where it’s installed. You may be able to find few changes to need to make to the default configuration any time you decided to manage MongoDB remotely or connect it to a separate application server. Contact the Eldernode team as a VPS provider to have your own Linux Virtual Server.
To let this tutorial work better, please consider the below Prerequisites:
- A non-root user with sudo privileges
- To set up, follow our Initial server set up on Ubuntu 20.04 LTS
In addition, we strongly recommend that you secure your MongoDB installation by creating an administrative user account for the database and enabling authentication. To do this, follow our tutorial on How To Secure MongoDB on Ubuntu 20.04.
Tutorial MongoDB Remote Access Configuration on Ubuntu 20.04
Join us with this guide to configure a MongoDB installation to securely allow access from a trusted remote computer. To do this, you will update your firewall rules to provide the remote machine access to the port on which MongoDB is listening for connections and then update its configuration file to change its IP binding setting. Then, as a final step, you’ll test that your remote machine is able to make the connection to your database successfully.
Step 1: Adjusting the Firewall
In case you were positive with our request about Prerequisites and enabled a UFW firewall on your server, your MongoDB installation will be inaccessible from the internet. Use this secure setting if you need to use MongoDB only locally with applications running on the same server. It also helps you to connect to your MongoDB server from a remote location. You can allow incoming connections to the port where the database is listening by adding a new UFW rule to be able to connect to your MongoDB server from a remote location. However, the first step is to check which port is listening to with the lsof command. You would use it to return a list with every open file in a system. Once it combined with the -i option, it lists only network-related files or data streams.
To redirect the output produced by lsof -i to a grep command that searches for a string named mongo run the command below:
The following command will
sudo lsof -i | grep mongo
This example output shows that MongoDB is listening for connections on its default port, 27017:
mongod 82221 mongodb 11u IPv4 913411 0t0 TCP localhost:27017 (LISTEN)
As you guess, we access to MongoDB only from certain trusted locations similar to another server hosting an application. To configure this, type the following command on your MongoDB server, which opens up access to MongoDB’s default port while explicitly only allowing the IP address of the other trusted server. While you are running the following command, ensure that trusted_server_ip is being changed to the IP address of the trusted remote machine you’ll use to access your MongoDB instance:
sudo ufw allow from trusted_server_ip to any port 27017
Please Note: You can use the port number in place of 27017 in this command if you see your installation of MongoDB is listening on the non-default port from the previous command’s output.
Anytime you need to access MongoDB from another machine, use this command again with the new machine’s IP address in place of trusted_server_ip.
You can verify the change in firewall settings with ufw:
sudo ufw status
As you see in the output, the traffic to port 27017 from the remote server is now allowed:
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 27017 ALLOW trusted_server_ip OpenSSH (v6) ALLOW Anywhere (v6)
Keep continuing with us to bind MongoDB to the server’s public IP address to show you how to access it from your remote machine. If you need to find your IP address, you can see the find IP address on Linux tutorial.
Step 2: How to Configuring a Public bindIP
Please be aware that MongoDB is only able to accept connections that originate on the server where you have installed it, so because of that MongoDB is currently bound to 127.0.0.1, the local loopback network interface even when the port is open.
Try to edit the MongoDB configuration file — /etc/mongod.conf — to additionally bind MongoDB to your server’s publicly-routable IP address to allow remote connections. After that, your MongoDB installation will be able to listen to connections made to your MongoDB server from remote machines.
Open the MongoDB configuration file in your preferred text editor. The following example uses nano:
sudo nano /etc/mongod.conf
Find the network interfaces section, then the bindIp value:
. . . # network interfaces net: port: 27017 bindIp: 127.0.0.1 . . .
Append a comma to this line followed by your MongoDB server’s public IP address:
. . . # network interfaces net: port: 27017 bindIp: 127.0.0.1,mongodb_server_ip . . .
Now, you can save and close the file. If you used nano, do so by pressing CTRL + X, Y, then ENTER.
Then, restart MongoDB to put this change into effect:
sudo systemctl restart mongod
Following that, your MongoDB installation will be able to accept remote connections from whatever machines you’ve allowed to access port 27017. Try test whether the trusted remote server you allowed through the firewall in Step 1 can reach the MongoDB instance running on your server.
Step 3: How to Testing Remote Connectivity
Now that you configured your MongoDB installation to listen for connections. That originates from its publicly-routable IP address. And granted your remote machine access through your server’s firewall to Mongo’s default port. You can test that the remote machine is able to connect.
Please Note: As mentioned in the Prerequisites section, this tutorial assumes that your remote machine is another server running Ubuntu 20.04. The procedure for enabling remote connections outlined in Steps 1 and 2 should work regardless of what operating system your remote machine runs. But the testing methods described in this Step do not work universally across operating systems.
One way to test that your trusted remote server is able to connect to the MongoDB instance is to use the nc command. nc, short for netcat, is a utility used to establish network connections with TCP or UDP. It’s useful for testing in cases like this. Because it allows you to specify both an IP address and a port number.
First, log into your trusted server using SSH:
Then run the following nc command, which includes the -z option. This limits nc to only scan for a listening daemon on the target server without sending it any data. Recall from the prerequisite installation tutorial that MongoDB is running as a service daemon, making this option useful for testing connectivity. It also includes the v option which increases the command’s verbosity, causing netcat to return some output which it otherwise wouldn’t.
Run the following nc command from your trusted remote server, making sure to replace mongodb_server_ip with the IP address of the server on which you installed MongoDB:
nc -zv mongodb_server_ip 27017
If the trusted server can access the MongoDB daemon, its output will indicate that the connection was successful:
Connection to mongodb_server_ip 27017 port [tcp/*] succeeded!
Assuming you have a compatible version of the mongo shell installed on your remote server, you can at this point connect directly to the MongoDB instance installed on the host server.
One way to connect is with a connection string URI, like this:
Please Note: If you followed the recommended How To Secure MongoDB on Ubuntu 20.04 tutorial, you will have closed off access to your database to unauthenticated users. In this case, you would need to use a URI that specifies a valid username, like this:
The shell will automatically prompt you to enter the user’s password.
With that, you’ve confirmed that your MongoDB server can accept connections from the trusted server.
In this article, you learned “MongoDB Remote Access Configuration on Ubuntu 20.04”. At this point, you can manage your Mongo database remotely from the trusted server. Alternatively, you could configure an application to run on the trusted server and use the database remotely.