How to Install MongoDB Community Edition on Ubuntu 24.04
In this tutorial, you’ll install MongoDB Community Edition on a Raff Ubuntu 24.04 VM, enable authentication, create an application database user, and verify the deployment with authenticated CRUD operations.
MongoDB Community Edition is the self-managed MongoDB server package for Linux systems. This tutorial installs MongoDB 8.0 from the official MongoDB repository on Ubuntu 24.04, then locks the database to local access with authentication enabled. Raff Technologies has supported 10,000+ VM deployments across its compute platform, and Raff Linux VMs can be provisioned in 60 seconds with NVMe storage and unmetered bandwidth.
This tutorial was tested on a Raff VM with 2 vCPU, 4 GB DDR5 RAM, 80 GB NVMe storage, running Ubuntu 24.04 LTS.
Tested on Raff infrastructure by Aybars Altınyay, platform engineer at Raff Technologies.
Prerequisites:
- A Raff Ubuntu 24.04 VM
- SSH access with sudo privileges
- A terminal connected to the VM
- Basic familiarity with Linux package management
📌 Note: This tutorial keeps MongoDB bound to
127.0.0.1. That means applications running on the same VM can connect locally, while public internet access to MongoDB remains blocked.
Step 1 — Update system packages
Update the package index and install the tools required to add the MongoDB repository:
sudo apt update sudo apt upgrade -y sudo apt install -y gnupg curl ca-certificates lsb-release ufw
Verify that no package upgrades remain pending:
sudo apt list --upgradable
Expected output:
Listing... Done
Step 2 — Add the MongoDB 8.0 repository
Import the MongoDB 8.0 public GPG key:
curl -fsSL https://pgp.mongodb.com/server-8.0.asc | \ sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg \ --dearmor
Create the MongoDB 8.0 repository file for Ubuntu 24.04 Noble:
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | \ sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
Reload the package index:
sudo apt update
Verify that the MongoDB repository is available:
apt-cache policy mongodb-org
Expected output includes:
mongodb-org: Candidate: 8.0. Version table: 8.0. https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0/multiverse
Step 3 — Install MongoDB Community Edition
Install MongoDB Community Edition from the official repository:
sudo apt install -y mongodb-org
Verify the installed MongoDB server and shell versions:
mongod --version mongosh --version
Expected output includes:
db version v8.0.
and:
2.
Step 4 — Start and verify MongoDB
Start the MongoDB service and enable it at boot:
sudo systemctl start mongod sudo systemctl enable mongod
Verify that the service is running:
sudo systemctl status mongod --no-pager
Expected output includes:
Active: active (running)
Verify that MongoDB responds locally:
mongosh --quiet --eval 'db.runCommand({ ping: 1 })'
Expected output:
{ ok: 1 }
Step 5 — Create the MongoDB admin user
Create an admin user before enabling authentication:
mongosh
Inside the MongoDB shell, run:
use admin db.createUser({ user: "admin", pwd: "ChangeThisStrongAdminPassword!", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" }, { role: "dbAdminAnyDatabase", db: "admin" } ] }) exit
Verify that the admin user exists:
mongosh --quiet --eval 'db.getSiblingDB("admin").getUsers().map(user => user.user)'
Expected output:
[ 'admin' ]
⚠️ Warning: Replace
ChangeThisStrongAdminPassword!with a unique password before using this setup for real application data. Do not reuse tutorial credentials.
Step 6 — Enable MongoDB authentication
Back up the MongoDB configuration file:
sudo cp /etc/mongod.conf /etc/mongod.conf.bak
Enable authorization:
cat <<'EOF' | sudo tee -a /etc/mongod.conf security: authorization: enabled EOF
Restart MongoDB:
sudo systemctl restart mongod
Verify that MongoDB is running after the configuration change:
sudo systemctl status mongod --no-pager
Expected output includes:
Active: active (running)
Verify authenticated admin access:
mongosh --quiet \ -u admin \ -p 'ChangeThisStrongAdminPassword!' \ --authenticationDatabase admin \ --eval 'db.runCommand({ connectionStatus: 1 }).authInfo.authenticatedUsers'
Expected output includes:
[ { user: 'admin', db: 'admin' } ]
Step 7 — Create an application database user
Create a database named raffapp and an application user with readWrite access only to that database:
mongosh \ -u admin \ -p 'ChangeThisStrongAdminPassword!' \ --authenticationDatabase admin
Inside the MongoDB shell, run:
use raffapp db.createUser({ user: "raffappuser", pwd: "ChangeThisStrongAppPassword!", roles: [ { role: "readWrite", db: "raffapp" } ] }) exit
Verify the application user:
mongosh --quiet \ -u admin \ -p 'ChangeThisStrongAdminPassword!' \ --authenticationDatabase admin \ --eval 'db.getSiblingDB("raffapp").getUsers().map(user => user.user)'
Expected output:
[ 'raffappuser' ]
⚠️ Warning: Replace
ChangeThisStrongAppPassword!with a unique application password before connecting production workloads.
Step 8 — Verify CRUD operations end to end
Connect as the application user:
mongosh raffapp \ -u raffappuser \ -p 'ChangeThisStrongAppPassword!' \ --authenticationDatabase raffapp
Insert a test document:
db.tutorial.insertOne({ name: "raff-mongodb-test", status: "created", createdAt: new Date() })
Expected output includes:
acknowledged: true
Read the document:
db.tutorial.findOne({ name: "raff-mongodb-test" })
Expected output includes:
name: 'raff-mongodb-test' status: 'created'
Update the document:
db.tutorial.updateOne( { name: "raff-mongodb-test" }, { $set: { status: "verified" } } )
Expected output includes:
modifiedCount: 1
Verify the update:
db.tutorial.findOne({ name: "raff-mongodb-test" })
Expected output includes:
status: 'verified'
Delete the test document:
db.tutorial.deleteOne({ name: "raff-mongodb-test" })
Expected output includes:
deletedCount: 1
Exit the MongoDB shell:
exit
The database is working end to end when the application user can insert, read, update, and delete a document in the raffapp database.
Step 9 — Confirm firewall and network binding
MongoDB listens on 127.0.0.1 by default. Keep that default unless you are intentionally building a private network deployment with strict access controls.
Verify the active bind address:
sudo grep -n "bindIp" /etc/mongod.conf
Expected output:
bindIp: 127.0.0.1
Verify that MongoDB listens only on localhost:
sudo ss -lntp | grep 27017
Expected output includes:
127.0.0.1:27017
Enable UFW and explicitly block public MongoDB traffic:
sudo ufw allow 22/tcp sudo ufw deny 27017/tcp sudo ufw --force enable
Verify the firewall status:
sudo ufw status numbered
Expected output includes:
22/tcp ALLOW IN 27017/tcp DENY IN
End-to-end verification is complete when:
- MongoDB is active under
systemd - Authentication is enabled
- The admin user can authenticate
- The application user can complete CRUD operations
- MongoDB is bound to
127.0.0.1 - Public access to port
27017is blocked
Cleanup (Optional)
Use this section only when you want to remove MongoDB, its users, databases, configuration files, logs, and firewall rules from the VM.
⚠️ Warning: The following commands permanently delete MongoDB databases, users, configuration files, and logs. Back up any data you need before proceeding.
Stop MongoDB:
sudo systemctl stop mongod sudo systemctl disable mongod
Remove MongoDB packages:
sudo apt purge "mongodb-org*" -y sudo apt autoremove -y
Remove MongoDB data, logs, repository files, and keyring files:
sudo rm -rf /var/lib/mongodb sudo rm -rf /var/log/mongodb sudo rm -f /etc/apt/sources.list.d/mongodb-org-8.0.list sudo rm -f /usr/share/keyrings/mongodb-server-8.0.gpg sudo rm -f /etc/mongod.conf sudo rm -f /etc/mongod.conf.bak
Remove the MongoDB firewall rule:
sudo ufw delete deny 27017/tcp sudo ufw status numbered
Verify that the MongoDB service is gone:
systemctl status mongod --no-pager
Expected output includes:
Unit mongod.service could not be found.
Troubleshooting
MongoDB fails to start after installation
Cause: The package installed, but systemd has not loaded the new MongoDB service yet.
Fix:
sudo systemctl daemon-reload sudo systemctl start mongod sudo systemctl status mongod --no-pager
Expected output includes:
Active: active (running)
mongosh authentication fails
Cause: The username, password, or authentication database is incorrect.
Fix:
mongosh \ -u admin \ -p 'ChangeThisStrongAdminPassword!' \ --authenticationDatabase admin
Expected result: the MongoDB shell opens without an authentication error.
For the application user, connect to the raffapp database and authenticate against raffapp:
mongosh raffapp \ -u raffappuser \ -p 'ChangeThisStrongAppPassword!' \ --authenticationDatabase raffapp
Expected result: the MongoDB shell opens on the raffapp database.
db.createUser() fails after authentication is enabled
Cause: User creation now requires an authenticated admin session.
Fix:
mongosh \ -u admin \ -p 'ChangeThisStrongAdminPassword!' \ --authenticationDatabase admin
Then create the database user from the authenticated shell:
use raffapp db.createUser({ user: "raffappuser", pwd: "ChangeThisStrongAppPassword!", roles: [ { role: "readWrite", db: "raffapp" } ] })
Verify the user:
db.getUsers()
Expected output includes:
user: 'raffappuser'
MongoDB listens on the public interface
Cause: The bindIp value in /etc/mongod.conf was changed from 127.0.0.1 to a public interface.
Fix:
sudo nano /etc/mongod.conf
Set:
net: port: 27017 bindIp: 127.0.0.1
Restart MongoDB:
sudo systemctl restart mongod
Verify the bind address:
sudo ss -lntp | grep 27017
Expected output includes:
127.0.0.1:27017
The MongoDB repository is not found
Cause: The repository file is missing, malformed, or not using the Ubuntu 24.04 Noble repository path.
Fix:
cat /etc/apt/sources.list.d/mongodb-org-8.0.list
Expected output:
deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse
Recreate the repository file if needed:
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | \ sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list sudo apt update
Verify package availability:
apt-cache policy mongodb-org
Expected output includes:
Candidate: 8.0.
Conclusion and next steps
You now have MongoDB Community Edition running on a Raff Ubuntu 24.04 VM with authentication enabled, a dedicated application database user, verified CRUD operations, and public access to the database port blocked. If you have not deployed your Raff VM yet, you can spin one up in 60 seconds at rafftechnologies.com.
Next: How to Secure Your Ubuntu 24.04 Server
Related: How to Install Docker on Ubuntu 24.04