11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.

04 | DigitalOcean

NEW App Platform: reimagining PaaS to make it simpler for you to build, deploy, and scale apps.

TUTORIAL

How To Configure Remote Access for MongoDB on

Ubuntu 20.04
MongoDB Ubuntu Security Firewall NoSQL Databases Ubuntu 20.04

By Mark Drake
Posted July 31, 2020  English 
 17.3k

An earlier version of this tutorial was written by Melissa Anderson.

Introduction
MongoDB, also known as Mongo, is an open-source document database used commonly in
modern web applications. By default, it only allows connections that originate on the same
server where it’s installed. If you want to manage MongoDB remotely or connect it to a
separate application server, there are a few changes you’d need to make to the default
configuration.

In this tutorial, you will configure a MongoDB installation to securely allow access from a
trusted remote computer. To do this, you’ll update your firewall rules to provide the remote
machine access to the port on which MongoDB is listening for connections and then
update its configuration file to change its IP binding setting. Then, as a final step, you’ll test
that your remote machine is able to make the connection to your database successfully.

Prerequisites
To complete this tutorial, you’ll need:

A server running Ubuntu 20.04. This server should have a non-root administrative user and a
firewall configured with UFW. Set this up by following our initial server setup guide for
Ubuntu 20.04.
https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 1/11
11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

MongoDB installed on your server. This tutorial assumes that you have MongoDB 4.4 or
newer installed. You can install this version by following our tutorial on How To Install
MongoDB on Ubuntu 20.04.

A second computer from which you’ll access your MongoDB instance. For simplicity, this
tutorial assumes that this machine is another Ubuntu 20.04 server, with a non-root
administrative user and a UFW firewall configured following our initial server setup guide
for Ubuntu 20.04. However, Steps 1 and 2, which describe the actual procedure for enabling
remote connectivity on the database server, will work regardless of what operating system
the remote machine is running.

Lastly, while it isn’t required to complete this tutorial, we strongly recommend that you
secure your MongoDB installation by creating an administrative user account for the
database and enabling authentication. To do this, follow our tutorial on How To Secure
MongoDB on Ubuntu 20.04.

Step 1 — Adjusting the Firewall

Assuming you followed the prerequisite initial server setup tutorial and enabled a UFW
firewall on your server, your MongoDB installation will be inaccessible from the internet. If
you intend to use MongoDB only locally with applications running on the same server, this is
the recommended and secure setting. However, if you would like to be able to connect to
your MongoDB server from a remote location, you have to allow incoming connections to
the port where the database is listening by adding a new UFW rule.

Start by checking which port your MongoDB installation is listening on with the lsof
command. This command typically returns a list with every open file in a system, but when
combined with the -i option, it lists only network-related files or data streams.

The following command will redirect the output produced by lsof -i to a grep command
that searches for a string named mongo :

$ sudo lsof -i | grep mongo

This example output shows that MongoDB is listening for connections on its default port,
27017 :

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 2/11

11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

Output
mongod 82221 mongodb 11u IPv4 913411 0t0 TCP localhost: 27017 (LISTEN)

In most cases, MongoDB should only be accessed from certain trusted locations, such as
another server hosting an application. One way to configure this is to run the following
command on your MongoDB server, which opens up access on MongoDB’s default port
while explicitly only allowing the IP address of the other trusted server.

Run the following command, making sure to change trusted_server_ip to the IP address
of the trusted remote machine you’ll use to access your MongoDB instance:

Note: If the previous command’s output showed your installation of MongoDB is listening on
a non default port, use that port number in place of 27017 in this command.

$ sudo ufw allow from trusted_server_ip to any port 27017

In the future, if you ever want to access MongoDB from another machine, run this command
again with the new machine’s IP address in place of trusted_server_ip .

You can verify the change in firewall settings with ufw :

$ sudo ufw status

The output will show that traffic to port 27017 from the remote server is now allowed:

Output
Status: active

To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
27017 ALLOW trusted_server_ip
OpenSSH (v6) ALLOW Anywhere (v6)

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 3/11

11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

You can find more advanced firewall settings for restricting access to services in UFW
Essentials: Common Firewall Rules and Commands.

Next, you’ll bind MongoDB to the server’s public IP address so you can access it from your
remote machine.

Step 2 — Configuring a Public bindIP

At this point, even though the port is open, MongoDB is currently bound to 127.0.0.1 , the
local loopback network interface. This means that MongoDB is only able to accept
connections that originate on the server where it’s installed.

To allow remote connections, you must edit the MongoDB configuration file —
/etc/mongod.conf — to additionally bind MongoDB to your server’s publicly-routable IP
address. This way, your MongoDB installation will be able to listen to connections made to
your MongoDB server from remote machines.

Open the MongoDB configuration file in your preferred text editor. The following example
uses nano :

$ sudo nano /etc/mongod.conf

Find the network interfaces section, then the bindIp value:

/etc/mongod.conf

. . .
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1

. . .

Append a comma to this line followed by your MongoDB server’s public IP address:

/etc/mongod.conf

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 4/11

11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

. . .
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1 ,mongodb_server_ip

. . .

Save and close the file. If you used nano , do so by pressing CTRL + X , Y , then ENTER .

Then, restart MongoDB to put this change into effect:

$ sudo systemctl restart mongod

Following that, your MongoDB installation will be able to accept remote connections from
whatever machines you’ve allowed to access port 27017 . As a final step, you can test
whether the trusted remote server you allowed through the firewall in Step 1 can reach the
MongoDB instance running on your server.

Step 3 — Testing Remote Connectivity

Now that you configured your MongoDB installation to listen for connections that originate
on its publicly-routable IP address and granted your remote machine access through your
server’s firewall to Mongo’s default port, you can test that the remote machine is able to
connect.

Note: As mentioned in the Prerequisites section, this tutorial assumes that your remote
machine is another server running Ubuntu 20.04. The procedure for enabling remote
connections outlined in Steps 1 and 2 should work regardless of what operating system your
remote machine runs, but the testing methods described in this Step do not work universally
across operating systems.

One way to test that your trusted remote server is able to connect to the MongoDB instance
is to use the nc command. nc , short for netcat, is a utility used to establish network
connections with TCP or UDP. It’s useful for testing in cases like this because it allows you to
specify both an IP address and a port number.
https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 5/11
11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

First, log into your trusted server using SSH:

$ ssh sammy @ trusted_server_ip

Then run the following nc command, which includes the -z option. This limits nc to only
scan for a listening daemon on the target server without sending it any data. Recall from the
prerequisite installation tutorial that MongoDB is running as a service daemon, making this
option useful for testing connectivity. It also includes the v option which increases the
command’s verbosity, causing netcat to return some output which it otherwise wouldn’t.

Run the following nc command from your trusted remote server, making sure to replace
mongodb_server_ip with the IP address of the server on which you installed MongoDB:

$ nc -zv mongodb_server_ip 27017

If the trusted server can access the MongoDB daemon, its output will indicate that the
connection was successful:

Output
Connection to mongodb_server_ip 27017 port [tcp/*] succeeded!

Assuming you have a compatible version of the mongo shell installed on your remote server,
you can at this point connect directly to the MongoDB instance installed on the host server.

One way to connect is with a connection string URI, like this:

$ mongo "mongodb:// mongo_server_ip :27017"

Note: If you followed the recommended How To Secure MongoDB on Ubuntu 20.04 tutorial, you
will have closed off access to your database to unauthenticated users. In this case, you’d need to
use a URI that specifies a valid username, like this:

$ mongo "mongodb:// username @ mongo_server_ip :27017"

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 6/11

11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

The shell will automatically prompt you to enter the user’s password.

With that, you’ve confirmed that your MongoDB server can accept connections from the
trusted server.

Conclusion
You can now access your MongoDB installation from a remote server. At this point, you can
manage your Mongo database remotely from the trusted server. Alternatively, you could
configure an application to run on the trusted server and use the database remotely.

If you haven’t configured an administrative user and enabled authentication, anyone who
has access to your remote server can also access your MongoDB installation. If you haven’t
already done so, we strongly recommend that you follow our guide on How To Secure
MongoDB on Ubuntu 20.04 to add an administrative user and lock things down further.

Was this helpful? Yes No    

0

Report an issue

About the authors

Mark Drake
Technical Writer @ DigitalOcean

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 7/11

11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

Still looking for an answer?

 Ask a question  Search for more help

Comments

0 Comments
Leave a comment...

Sign In to Comment

This work is licensed under a Creative

Commons Attribution-NonCommercial-
ShareAlike 4.0 International License.

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 8/11

11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

GET OUR BIWEEKLY NEWSLETTER

Sign up for Infrastructure as a

Newsletter.

HUB FOR GOOD

Working on improving health

and education, reducing
inequality, and spurring
economic growth? We'd like to
help.

BECOME A CONTRIBUTOR

You get paid; we donate to tech

nonprofits.

Featured on Community Kubernetes Course Learn Python 3 Machine Learning in Python

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 9/11
11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

Getting started with Go Intro to Kubernetes

DigitalOcean Products Virtual Machines Managed Databases Managed Kubernetes Block Storage
Object Storage Marketplace VPC Load Balancers

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the

cloud and scale up as you grow – whether you’re
running one virtual machine or ten thousand.

Learn More

Company

About
Leadership
© 2020 DigitalOcean, LLC. All rights reserved.
Blog
Careers
Partners
Referral Program
Press
Legal
Security & Trust Center

Products Community

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connecti… 10/11

11/18/2020 How To Configure Remote Access for MongoDB on Ubuntu 20.04 | DigitalOcean

Contact
Pricing Tutorials
Products Overview Q&A Get Support
Droplets Tools and Integrations Trouble Signing In?
Kubernetes Tags Sales
Managed Databases Product Ideas Report Abuse
Spaces Write for DigitalOcean System Status
Marketplace Presentation Grants
Load Balancers Hatch Startup Program
Block Storage Shop Swag
API Documentation Research Program
Documentation Open Source
Release Notes Code of Conduct

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04#:~:text=To allow remote connectio… 11/11