How to Install and Secure MongoDB on RHEL 10 & CentOS 10: A Complete Guide
MongoDB is a leading NoSQL database renowned for its flexibility, scalability, and performance, making it a top choice for modern application development. If you’re running Red Hat Enterprise Linux (RHEL) 10 or CentOS 10, setting up a MongoDB instance is a straightforward process. This guide will walk you through every step, from installation to essential security configurations.
By following these instructions, you will have a production-ready MongoDB server running securely on your system.
Prerequisites
Before we begin, ensure you have the following:
- A running instance of RHEL 10 or CentOS 10.
- Access to a user account with sudo or root privileges.
- A stable internet connection to download the necessary packages.
Step 1: Add the MongoDB Yum Repository
MongoDB is not included in the default RHEL or CentOS repositories. Therefore, the first step is to create a repository file to tell the dnf package manager where to find the official MongoDB packages.
Create a new file named mongodb-org.repo in the /etc/yum.repos.d/ directory using your preferred text editor, such as nano or vi.
sudo nano /etc/yum.repos.d/mongodb-org.repo
Paste the following content into the file. This configuration points to the official MongoDB 7.0 repository, which is the latest stable version at the time of writing.
[mongodb-org-7.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/7.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-7.0.asc
Save the file and exit the text editor. This repository configuration ensures you receive trusted and up-to-date packages directly from MongoDB Inc.
Step 2: Install the MongoDB Packages
With the repository in place, you can now install MongoDB. The mongodb-org package is a meta-package that automatically installs the four essential components:
mongodb-org-server: The MongoDB daemon (mongod) and its configuration.mongodb-org-mongos: The MongoDB sharded cluster query router (mongos).mongodb-org-shell: The MongoDB Shell (mongosh), the primary tool for interacting with the database.mongodb-org-tools: A collection of command-line utilities for backups, data import/export, and performance diagnostics.
Execute the following command to install MongoDB and all its components:
sudo dnf install -y mongodb-org
The -y flag automatically confirms the installation prompt. The package manager will now download and install MongoDB on your system.
Step 3: Start and Enable the MongoDB Service
After the installation is complete, the MongoDB service (named mongod) will not start automatically. You need to start it manually and enable it to launch on system boot.
First, start the MongoDB service using systemctl:
sudo systemctl start mongod
Next, enable the service to ensure it automatically restarts if the server reboots:
sudo systemctl enable mongod
This command creates the necessary symlinks to integrate mongod into the system’s startup sequence.
Step 4: Verify the Installation
To confirm that MongoDB is running correctly, you can check the status of the mongod service.
sudo systemctl status mongod
If the installation was successful, you should see an output indicating that the service is active (running). The output will look something like this:
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-10-25 10:30:00 UTC; 5s ago
Docs: https://docs.mongodb.org/manual
Main PID: 12345 (mongod)
...
You can also connect to the database using the MongoDB Shell to perform a final check.
mongosh
If the connection is successful, the shell will display your server version and a prompt, confirming your database is ready for use.
Essential Security Configuration
A default MongoDB installation allows unauthenticated access, which is a significant security risk. It is crucial to enable access control before deploying to a production environment.
1. Create an Administrative User
First, connect to the shell and create an administrative user. This user will have the privileges to manage other users and databases.
# Connect to the shell
mongosh
# Switch to the 'admin' database
use admin
# Create the administrator user
db.createUser({
user: "myAdminUser",
pwd: passwordPrompt(), // This will securely prompt for a password
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" } ]
})
Replace "myAdminUser" with your desired username. The passwordPrompt() function provides a secure way to enter a strong password without it being saved in your command history.
2. Enable Access Control
Next, you need to enforce authentication by editing the MongoDB configuration file located at /etc/mongod.conf.
Open the file with a text editor:
sudo nano /etc/mongod.conf
Find the security section and enable authorization. If the security section does not exist, you can add it.
# mongod.conf
# ... other settings
security:
authorization: enabled
# ... other settings
Save the file and restart the MongoDB service for the changes to take effect:
sudo systemctl restart mongod
Now, all connections to your database will require a valid username and password.
Step 5: Configure the Firewall
If your application needs to connect to MongoDB from a remote machine, you must open the default MongoDB port, 27017, in your system’s firewall.
Use the following firewall-cmd commands to permanently open the port and apply the changes:
sudo firewall-cmd --permanent --add-port=27017/tcp
sudo firewall-cmd --reload
Security Tip: For enhanced security, it’s best practice to only allow connections from specific, trusted IP addresses rather than opening the port to the entire internet. If your application runs on the same server, you do not need to open this port.
Conclusion
You have successfully installed, verified, and secured a MongoDB server on your RHEL 10 or CentOS 10 system. By configuring the official repository, you ensure access to stable updates, and by enabling access control, you’ve taken the most critical step in protecting your data. Your MongoDB instance is now ready to power your applications securely and efficiently.
Source: https://infotechys.com/install-mongodb-rhel-10-centos-10/
