To create MongoDB on a Linux server, install the official MongoDB package, start and enable the mongod service, secure it with authentication, configure network access (bindIp and firewall), then create your database and users with mongosh. This guide covers Ubuntu/Debian and RHEL/CentOS, plus hardening, backups, and troubleshooting.
Setting up a database doesn’t have to be complicated. In this beginner friendly guide, you’ll learn how to create MongoDB on a Linux server the right way installing it from the official repository, securing access, creating databases and users, and applying production ready best practices we use every day managing high traffic workloads at YouStable.
What You’ll Learn (And What You Need)?
Primary keyword target: create MongoDB on Linux server. We’ll also cover how to install MongoDB on Ubuntu, set up MongoDB on CentOS/RHEL, secure MongoDB on Linux, and manage the mongod service.
Prerequisites
- A clean Linux VPS or dedicated server (Ubuntu 22.04/24.04, Debian 12, RHEL 8/9, AlmaLinux/Rocky 8/9)
- Sudo or root access
- At least 2 vCPU, 4 GB RAM for small to medium apps
- Open ports via firewall or security groups (27017/TCP for MongoDB if remote access is needed)
Install MongoDB on Ubuntu/Debian – Step by Step
The safest path is using the official MongoDB repository (example here uses MongoDB 7.0). Replace the codename if you’re on a different distribution.
Ubuntu 22.04/24.04 (Jammy/Noble)
# Import the MongoDB public GPG key
curl -fsSL https://pgp.mongodb.com/server-7.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
# Add the MongoDB repo (Jammy for Ubuntu 22.04; use noble for 24.04)
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] \
https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | \
sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
# Update and install
sudo apt update
sudo apt install -y mongodb-org
# Enable and start
sudo systemctl enable --now mongod
# Verify status
systemctl status mongod --no-pager
Debian 12 (Bookworm)
# Import MongoDB GPG key
curl -fsSL https://pgp.mongodb.com/server-7.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
# Add repo
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] \
https://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main" | \
sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
# Install
sudo apt update
sudo apt install -y mongodb-org
sudo systemctl enable --now mongod
Step-by-Step: Install MongoDB on RHEL, CentOS Stream, AlmaLinux, Rocky
Create a repo file, then install with dnf/yum.
# Create the repo file
sudo tee /etc/yum.repos.d/mongodb-org-7.0.repo >/dev/null <<'EOF'
[mongodb-org-7.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/7.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-7.0.asc
EOF
# Install
sudo dnf install -y mongodb-org
# or: sudo yum install -y mongodb-org
# Enable and start
sudo systemctl enable --now mongod
# Check
sudo systemctl status mongod --no-pager
Secure Configuration: Enable Auth and Lock Down Network
By default, MongoDB often binds to 127.0.0.1 (local only) without users. In production, enable authentication and explicitly control access.
1) Create the first admin user
# Open the shell
mongosh
# In the shell:
use admin
db.createUser({
user: "admin",
pwd: passwordPrompt(),
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
exit
2) Turn on authorization
Edit /etc/mongod.conf and enable the security block. Also confirm your bindIp settings.
sudo nano /etc/mongod.conf
# Ensure the following entries exist:
net:
port: 27017
bindIp: 127.0.0.1 # Add your server IP or 0.0.0.0 only if firewall-restricted
security:
authorization: enabled
# Save, then:
sudo systemctl restart mongod
3) Test admin login
mongosh -u admin -p --authenticationDatabase admin
Create Your Application Database and User
With admin authentication in place, create a dedicated database and a least-privilege user for your app.
mongosh -u admin -p --authenticationDatabase admin
# Inside mongosh:
use appdb
db.createUser({
user: "appuser",
pwd: passwordPrompt(),
roles: [ { role: "readWrite", db: "appdb" } ]
})
# Optional: create a collection and insert a test document
db.createCollection("users")
db.users.insertOne({ name: "Alice", role: "admin" })
# Test with the app user from the OS shell:
exit
mongosh "mongodb://appuser@localhost:27017/appdb?authSource=appdb"
Allow Remote Access (Firewall and SELinux)
Expose MongoDB only to trusted sources such as your app server or private network. Avoid binding to 0.0.0.0 without strict firewall rules.
UFW (Ubuntu/Debian)
# Allow a specific app server IP:
sudo ufw allow from 203.0.113.10 to any port 27017 proto tcp
# If you must open publicly (not recommended):
sudo ufw allow 27017/tcp
sudo ufw reload
firewalld (RHEL/CentOS/Alma/Rocky)
# Allow a specific source
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="203.0.113.10" port protocol="tcp" port="27017" accept'
sudo firewall-cmd --reload
SELinux (if enforcing)
# Allow MongoDB default port in SELinux
sudo semanage port -a -t mongod_port_t -p tcp 27017 2>/dev/null || \
sudo semanage port -m -t mongod_port_t -p tcp 27017
Service Management and Logs
- Start/Stop/Restart: sudo systemctl start|stop|restart mongod
- Enable at boot: sudo systemctl enable mongod
- Logs: /var/log/mongodb/mongod.log
- Data directory: /var/lib/mongo (default), user/group: mongod
Production Hardening and Performance Tips
- Use dedicated Linux user and default directories; do not run as root.
- Keep bindIp restrictive (loopback or private/VPC subnets only).
- Backups: schedule mongodump and offsite copies; test restores regularly.
- Disable Transparent Huge Pages at boot and set swappiness to 1–10 for latency-sensitive workloads.
- Raise file descriptors and processes: set nofile and nproc (e.g., 64000+) in /etc/security/limits.d/mongodb.conf.
- Use XFS for better WiredTiger performance on larger datasets.
- Pin major version; apply minor updates after staging tests.
# Example: increase limits
echo -e "mongod soft nofile 64000\nmongod hard nofile 64000\nmongod soft nproc 64000\nmongod hard nproc 64000" | \
sudo tee /etc/security/limits.d/mongodb.conf
Backups and Restore (mongodump/mongorestore)
Logical backups are simple and portable. For large clusters, consider filesystem snapshots or Ops/Cloud Manager, but mongodump is a great start.
# Backup a single database
mongodump --authenticationDatabase admin -u admin -p --db appdb --out /backups/appdb-$(date +%F)
# Restore
mongorestore --authenticationDatabase admin -u admin -p --db appdb --drop /backups/appdb-2025-01-01/appdb
Optional: Initialize a Single-Node Replica Set
Even for single instances, a replica set unlocks features like change streams. Convert your standalone to a single-node replica set as follows.
# Edit /etc/mongod.conf, under replication:
replication:
replSetName: rs0
sudo systemctl restart mongod
# Initialize
mongosh -u admin -p --authenticationDatabase admin --eval 'rs.initiate()'
Troubleshooting: Common Errors
- Port 27017 not reachable: Check bindIp, firewall/SELinux, and that mongod is running.
- Authentication failed: Verify authSource parameter and user’s database. Recreate user if needed.
- Service won’t start: Inspect /var/log/mongodb/mongod.log for permission errors or corrupted files; ensure /var/lib/mongo is owned by mongod.
- High memory usage: WiredTiger caches aggressively. Tune cacheSizeGB under storage.wiredTiger.engineConfig if necessary and ensure adequate RAM.
Real-World Example: MERN App on Ubuntu VPS
On a 2 vCPU/4 GB Ubuntu 22.04 VPS, install MongoDB 7.0 via the official repo, enable authorization, create appdb and appuser with readWrite, allow the app server’s IP to 27017 via UFW, and set up nightly mongodump. This minimal setup comfortably serves thousands of requests for a typical MERN stack.
Why Host MongoDB with YouStable
If you’d rather skip the heavy lifting, YouStable’s managed VPS and dedicated servers are optimized for databases with NVMe storage, private networking, and 24×7 support. We help you deploy, secure, monitor, and back up MongoDB so you can focus on your application, not the plumbing.
FAQ’s
Is it better to install MongoDB from the OS repo or the official MongoDB repository?
Use the official MongoDB repository. OS repos often lag behind and may lack features or security updates. The official repo gives you current, supported builds for Ubuntu/Debian and RHEL-based distributions.
How do I create a MongoDB database and user on Linux?
Log in with mongosh, switch to your database, and create a user with the proper role. Example: use appdb; db.createUser({user:”appuser”, pwd:passwordPrompt(), roles:[{role:”readWrite”, db:”appdb”}]}). Always enable authorization in /etc/mongod.conf for production.
How can I secure MongoDB for remote access?
Enable auth, restrict bindIp to private or specific IPs, and allow only trusted sources through UFW or firewalld. Consider VPN or private VPC networking. Never expose 27017 to the open internet without strong controls and monitoring.
What resources does MongoDB need on a Linux server?
For small apps, start with 2 vCPU and 4 GB RAM. Increase RAM for working set size, use NVMe SSDs, and monitor CPU, disk I/O, and cache utilization. Configure higher file descriptors and consider XFS for better performance with WiredTiger.
How do I back up and restore MongoDB?
Use mongodump for logical backups and mongorestore for restores. For larger datasets or minimal downtime, use filesystem snapshots or replica set secondaries. Always test restores—it’s the only reliable proof your backups work.
