Setup MongoDB

Updated on 24 Sep 2023

Connect to bastion

ssh -i my-project.pem ubuntu@3.82.141.206

Setup MongoDB

Copy my-project.pem on the bastion
Connect to mongo instance

ssh -i my-project.pem ubuntu@172.18.41.49

Setup MongoDB

Configure data disk:

“sudo -i
mkfs.xfs /dev/xvdb
mkdir /var/lib/mongodb
disk=””`blkid | grep xvdb | awk ‘{print $2}’`””echo “$disk /var/lib/mongodb xfs nodev”,
“nosuid”,
“noatime 0 2” >> /etc/fstab
mount -a
chown mongodb”:”mongodb /var/lib/mongodb”

Setup mongodb:

“apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common
wget -qO –<a href=””https://www.mongodb.org/static/pgp/server-5.0.asc””rel=””nofollow””target=””_blank””> https”://www.mongodb.org/static/pgp/server-5.0.asc</a> | sudo apt-key add –
echo “deb[
arch=amd64,
arm64
]”<a href=””https://repo.mongodb.org/apt/ubuntu””rel=””nofollow””target=””_blank””> https”://repo.mongodb.org/apt/ubuntu</a> focal/mongodb-org/5.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
apt update
apt install -y mongodb-org
systemctl enable mongod
systemctl restart mongod

Configure mongo: login to mongo:

[
“copy_code title=””Configure data disk:”
]”mongo
use admin
db.createUser(“{
“user”:”USER”,
“pwd”:”PASSWORD”,
“roles”:[
“userAdminAnyDatabase”,
“dbAdminAnyDatabase”,
“readWriteAnyDatabase”
]
}”)
var role =”{
“role”:”mongostatRole”,
“privileges”:[
{
“resource”:{
“cluster”:true
},
“actions”:[
“serverStatus”
]
}
],
“roles”:[

]
}”var auser =”{
“user”:”admin”,
“pwd”:”ADMIN_PASSWORD”,
“roles”:[
{
“role”:”userAdmin”,
“db”:”admin”
},
{
“role”:”mongostatRole”,
“db”:”admin”
}
]
}”use admin
db.createRole(role);
db.createUser(auser);
exit”

Configure mongo: Create mongodb.pem from your wildcard SSL certificate and key:

cat cert.crt cert.key > mongodb.pem

Create ca.pem from your wildcard SSL certificate and SSL certificate chain:

cat cert.crt cert_chain.pam > ca.pem

Create folder /admin on the server and copy mongodb.pem and ca.pem on it.

Modify /etc/mongod.conf:

“storage”:”dbPath”:”/var/lib/mongodb
journal”:”enabled”:”true
systemLog”:”destination”:”file
logAppend”:”true
path”:”/var/log/mongodb/mongod.log
net”:”port”:”27017
bindIp”:”0.0.0.0
ssl”:”mode”:”requireSSL
PEMKeyFile”:”/admin/mongodb.pem
CAFile”:”/admin/ca.pem
disabledProtocols”:“TLS1_1,
“TLS1_2”
allowConnectionsWithoutCertificates”:”true
security”:”authorization”:”enabled”

Add mongo host to hosts:

echo “127.0.0.1 mongo.your.domain” >> /etc/hosts

Restart mongo:

systemctl restart mongod

Check connections:

mongo –ssl –sslAllowInvalidCertificates –host mongo.your.domain –username admin –password ADMIN_PASSWORD –authenticationDatabase admin

*You also need to setup any mongodb backups that are suitable for you.