Ubuntu MongoDB Network Configuration Guide

Configuring MongoDB on Ubuntu for network access involves enabling remote connections, securing the setup, and ensuring proper firewall rules. Below is a structured guide to achieve this:

1. Install MongoDB

If MongoDB is not already installed, use the following commands to install it:

sudo apt update
sudo apt install -y mongodb

This installs the latest stable version of MongoDB from Ubuntu’s default repositories.

2. Modify MongoDB Configuration for Network Access

The core network configuration is done in the MongoDB configuration file (/etc/mongod.conf).

Open the file for editing:
```
sudo nano /etc/mongod.conf
```
Locate the net section (or create it if absent).
Adjust the bindIp parameter:
- To allow connections from all IP addresses, set bindIp: 0.0.0.0.
- To restrict to specific IPs (e.g., your local machine and a remote server), list them comma-separated: bindIp: 127.0.0.1,192.168.1.100 (replace with your actual IPs).
Save and close the file (Ctrl+X → Y → Enter in nano).

3. Restart MongoDB Service

Apply the configuration changes by restarting the MongoDB service:

sudo systemctl restart mongod

4. Configure Firewall Rules

If you’re using ufw (Uncomplicated Firewall), allow traffic to MongoDB’s default port (27017):

Allow all IPs (not recommended for production):
```
sudo ufw allow 27017
```
Restrict to specific IPs (e.g., your local machine with IP 192.168.1.50):
```
sudo ufw allow from 192.168.1.50 to any port 27017
```
Reload ufw to apply changes:
```
sudo ufw reload
```

5. Enable Authentication for Security

To prevent unauthorized access, enable MongoDB’s built-in authentication:

Open /etc/mongod.conf again:
```
sudo nano /etc/mongod.conf
```
Add or modify the security section to enable authorization:
```
security:
  authorization: enabled
```
Restart MongoDB to apply authentication:
```
sudo systemctl restart mongod
```

6. Create an Administrative User

Create a user with administrative privileges to manage MongoDB (e.g., in the admin database):

Connect to MongoDB using the shell:
```
mongo
```
Switch to the admin database:
```
use admin
```

Create an admin user (replace adminUser and StrongPassword with your credentials):

db.createUser({
  user: "adminUser",
  pwd: "StrongPassword",
  roles: [{ role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase"]
})

Exit the shell:
```
exit
```

7. Test Remote Connection

From a remote machine (or your local machine if testing locally), connect to MongoDB using the admin credentials:

mongo -h <SERVER_IP> -u adminUser -p StrongPassword --authenticationDatabase admin

Replace <SERVER_IP> with your Ubuntu server’s public IP address. If successful, you’ll enter the MongoDB shell.

8. Additional Security Measures (Recommended)

For production environments, enhance security with these steps:

Restrict bindIp further: Only allow IPs that absolutely need access (e.g., your application server’s IP).
Use SSL/TLS encryption: Generate certificates and configure net.ssl.mode: requireSSL in /etc/mongod.conf to encrypt data in transit.
Regularly update MongoDB: Run sudo apt update && sudo apt upgrade mongodb to patch vulnerabilities.
Monitor logs: Check /var/log/mongodb/mongod.log for suspicious activity.

By following these steps, you’ll configure MongoDB on Ubuntu to allow secure network access while minimizing risks. Adjust configurations based on your specific requirements (e.g., production vs. development environments).

Ubuntu MongoDB网络设置指南