To configure MongoDB on a Linux server, install the official MongoDB repository, install mongod, start and enable the service, set bindIp and security.authorization in mongod.conf, create an admin user via mongosh, open firewall rules, and enable TLS. Finally, tune Linux limits and storage for WiredTiger performance and set up backups and monitoring.<\/p>\n\n\n\n
In this step-by-step guide, you\u2019ll learn exactly how to configure MongoDB on a Linux server for production in 2026. We\u2019ll cover installation on Ubuntu\/Debian and RHEL-based systems, secure configuration, performance tuning, replica sets, backups, monitoring, and common fixes. The instructions are beginner-friendly but rooted in real-world ops experience.<\/p>\n\n\n\n
This tutorial targets users searching for \u201chow to configure MongoDB on Linux server,<\/a>\u201d including admins deploying new instances, developers moving to production, and teams hardening existing installs. You\u2019ll get actionable commands, proven defaults, and context to make informed choices for Ubuntu, Debian, and RHEL-based distributions.<\/p>\n\n\n\n Replace the codename with your distro if needed. The example uses MongoDB 7.0 (a widely deployed stable series). Always verify the latest supported series from the official docs.<\/p>\n\n\n\n This installs mongod, mongosh, and related tools. Keep your OS and MongoDB branch aligned with your support policy.<\/p>\n\n\n\n If mongod fails to start, check data path permissions, SELinux context, or port conflicts on 27017.<\/p>\n\n\n\n On most distributions, the config lives at \/etc\/mongod.conf. Set network binding, data\/log paths, and enable authorization. Always back up this file before editing.<\/p>\n\n\n\n By default, bind to localhost and a private IP (never 0.0.0.0 in production). We\u2019ll enable TLS and replication later.<\/p>\n\n\n\n With authorization enabled, create an admin user in the admin database<\/a>. Use SCRAM-SHA-256 and a strong password.<\/p>\n\n\n\n Reconnect using authentication:<\/p>\n\n\n\n Never expose 27017 to the public internet. Use private networks, VPN, or security groups.<\/p>\n\n\n\n Encrypt traffic in transit. Use an internal CA or Let\u2019s Encrypt certificate. Here\u2019s a quick self-signed example for lab use; for production, use a real CA-signed cert.<\/p>\n\n\n\nPrerequisites and System Requirements<\/strong><\/h2>\n\n\n\n
\n
Step 1: Add the Official MongoDB Repository<\/strong><\/h2>\n\n\n\n
Ubuntu 22.04\/24.04 (Jammy\/Noble) and Debian 12 (Bookworm)<\/strong><\/h3>\n\n\n\n
# Ubuntu Jammy example (22.04). For Noble (24.04), replace 'jammy' with 'noble'\nsudo apt-get update\nsudo apt-get install -y ca-certificates curl gnupg\n\ncurl -fsSL https:\/\/pgp.mongodb.com\/server-7.0.asc | \\\nsudo gpg -o \/usr\/share\/keyrings\/mongodb-server-7.0.gpg --dearmor\n\necho \"deb [ arch=amd64,arm64 signed-by=\/usr\/share\/keyrings\/mongodb-server-7.0.gpg ] \\\nhttps:\/\/repo.mongodb.org\/apt\/ubuntu jammy\/mongodb-org\/7.0 multiverse\" | \\\nsudo tee \/etc\/apt\/sources.list.d\/mongodb-org-7.0.list\n\nsudo apt-get update<\/code><\/pre>\n\n\n\n# Debian 12 (Bookworm) example\nsudo apt-get update\nsudo apt-get install -y ca-certificates curl gnupg\n\ncurl -fsSL https:\/\/pgp.mongodb.com\/server-7.0.asc | \\\nsudo gpg -o \/usr\/share\/keyrings\/mongodb-server-7.0.gpg --dearmor\n\necho \"deb [ arch=amd64,arm64 signed-by=\/usr\/share\/keyrings\/mongodb-server-7.0.gpg ] \\\nhttps:\/\/repo.mongodb.org\/apt\/debian bookworm\/mongodb-org\/7.0 main\" | \\\nsudo tee \/etc\/apt\/sources.list.d\/mongodb-org-7.0.list\n\nsudo apt-get update<\/code><\/pre>\n\n\n\nRHEL 8\/9, AlmaLinux, Rocky Linux<\/strong><\/h3>\n\n\n\n
sudo tee \/etc\/yum.repos.d\/mongodb-org-7.0.repo >\/dev\/null <<'EOF'\n[mongodb-org-7.0]\nname=MongoDB Repository\nbaseurl=https:\/\/repo.mongodb.org\/yum\/redhat\/$releasever\/mongodb-org\/7.0\/x86_64\/\ngpgcheck=1\nenabled=1\ngpgkey=https:\/\/pgp.mongodb.com\/server-7.0.asc\nEOF\n\nsudo dnf clean all<\/code><\/pre>\n\n\n\nStep 2: Install MongoDB Server<\/strong><\/h2>\n\n\n\n
# Ubuntu\/Debian\nsudo apt-get install -y mongodb-org\n\n# RHEL\/Alma\/Rocky\nsudo dnf install -y mongodb-org<\/code><\/pre>\n\n\n\nStep 3: Start and Enable the Service<\/strong><\/h2>\n\n\n\n
sudo systemctl enable --now mongod\nsudo systemctl status mongod --no-pager\njournalctl -u mongod -b --no-pager | tail -n 50<\/code><\/pre>\n\n\n\nStep 4: Base Configuration (mongod.conf)<\/strong><\/h2>\n\n\n\n
Recommended Production Defaults<\/strong><\/h2>\n\n\n\n
sudo cp \/etc\/mongod.conf \/etc\/mongod.conf.bak.$(date +%F)\n\nsudo tee \/etc\/mongod.conf >\/dev\/null <<'EOF'\nstorage:\n dbPath: \/var\/lib\/mongo\n journal:\n enabled: true\n wiredTiger:\n engineConfig:\n # Set later based on RAM; omit to auto-calc\n # cacheSizeGB: 8\nsystemLog:\n destination: file\n path: \/var\/log\/mongodb\/mongod.log\n logAppend: true\nnet:\n port: 27017\n bindIp: 127.0.0.1,10.0.0.10 # replace 10.0.0.10 with your server's private IP\nprocessManagement:\n timeZoneInfo: \/usr\/share\/zoneinfo\nsecurity:\n authorization: enabled\n# replication:\n# replSetName: rs0 # uncomment when configuring a replica set\n# net:\n# tls:\n# mode: requireTLS\n# certificateKeyFile: \/etc\/ssl\/mongo\/mongo.pem\nEOF\n\nsudo systemctl restart mongod<\/code><\/pre>\n\n\n\nStep 5: Create the First Admin User<\/strong><\/h2>\n\n\n\n
mongosh --host 127.0.0.1 --port 27017\n\nuse admin\ndb.createUser({\n user: \"siteAdmin\",\n pwd: passwordPrompt(),\n roles: [ { role: \"root\", db: \"admin\" } ]\n})\nexit<\/code><\/pre>\n\n\n\nmongosh --username siteAdmin --authenticationDatabase admin --host 127.0.0.1<\/code><\/pre>\n\n\n\nStep 6: Open Firewall Ports Safely<\/strong><\/h2>\n\n\n\n
Ubuntu\/Debian (UFW)<\/strong><\/h3>\n\n\n\n
# Allow only trusted subnets or peers (replace CIDR)\nsudo ufw allow from 10.0.0.0\/24 to any port 27017 proto tcp\nsudo ufw reload\nsudo ufw status<\/code><\/pre>\n\n\n\nRHEL\/Alma\/Rocky (firewalld)<\/strong><\/h3>\n\n\n\n
sudo firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"10.0.0.0\/24\" port protocol=\"tcp\" port=\"27017\" accept'\nsudo firewall-cmd --reload\nsudo firewall-cmd --list-all<\/code><\/pre>\n\n\n\nStep 7: Enable TLS\/SSL Encryption<\/strong><\/h2>\n\n\n\n
sudo mkdir -p \/etc\/ssl\/mongo\nsudo openssl req -newkey rsa:4096 -x509 -days 825 -nodes \\\n -keyout \/etc\/ssl\/mongo\/mongo.key \\\n -out \/etc\/ssl\/mongo\/mongo.crt \\\n -subj \"\/CN=mongo.internal.example.com\"\n\nsudo sh -c 'cat \/etc\/ssl\/mongo\/mongo.key \/etc\/ssl\/mongo\/mongo.crt > \/etc\/ssl\/mongo\/mongo.pem'\nsudo chmod 600 \/etc\/ssl\/mongo\/mongo.pem\nsudo chown mongod:mongod \/etc\/ssl\/mongo\/mongo.pem<\/code><\/pre>\n\n\n\nsudo tee -a \/etc\/mongod.conf >\/dev\/null <<'EOF'\nnet:\n tls:\n mode: requireTLS\n certificateKeyFile: \/etc\/ssl\/mongo\/mongo.pem\nEOF\n\nsudo systemctl restart mongod<\/code><\/pre>\n\n\n\n