MongoDB - Getting Started Guide
MongoDB is a document-oriented NoSQL database designed for flexibility and scalability. Instead of tables and rows, it stores data as JSON-like documents - ideal for applications with evolving data structures. This server comes with MongoDB 8.0 fully configured with the admin password you specified during the order. mongo-express is included for web-based database management.
Step 1 - Verify MongoDB Works
Your server's IP address and root password are shown on the Server Details page in your client panel. mongo-express is a web-based admin interface for MongoDB. Open http://your.server.ip/mongo-express in a browser to verify it works.
MongoDB admin login:
- Username:
admin - Password: the MongoDB Admin Password you entered during the order
With mongo-express you can browse databases, view and edit documents, run queries and manage collections without using the command line.
Database servers don't need public internet access. For secure access, place the server on a private network behind a VyOS router and connect over a VPN to reach MongoDB and mongo-express on the server's private IP.
Step 2 - Connect to MongoDB Remotely
MongoDB is configured to accept remote connections with authentication. You can connect from any application or tool:
mongosh "mongodb://admin:your_admin_password@your.server.ip:27017/admin"Connection details for MongoDB GUI tools (MongoDB Compass, Studio 3T, etc.):
| Parameter | Value |
|---|---|
| Host | your.server.ip |
| Port | 27017 |
| Username | admin |
| Password | Admin Password (from order) |
| Auth Database | admin |
Connection string format:
mongodb://admin:your_admin_password@your.server.ip:27017/adminNote: Port 27017 is the MongoDB wire protocol, not HTTP - it cannot be opened in a browser. Use a database client or the command above.
Step 3 - Enable SSL for mongo-express (Optional)
If you have a domain pointing to this server, you can enable HTTPS for mongo-express with a free Let's Encrypt certificate. Connect via SSH and run:
ssh root@your.server.ip/opt/setup/get-ssl.sh db.yourdomain.comThe script will verify DNS, obtain a certificate and configure Apache for HTTPS automatically. After completion, mongo-express is available at https://db.yourdomain.com/mongo-express.
Note: Make sure your domain's A record points to the server IP before running the script. SSL is optional - mongo-express works fine over HTTP with IP address access.
Database Management
Creating Additional Databases and Users
You can create additional databases and users via mongo-express or SSH:
mongosh -u admin -p --authenticationDatabase admin
use newdb
db.createUser({
user: "newuser",
pwd: "strong_password",
roles: [{ role: "readWrite", db: "newdb" }]
})Import and Export
Via mongo-express: Use the web interface to view and edit individual documents.
Via command line (recommended for bulk operations):
# Export entire database
mongodump -u admin -p your_admin_password --authenticationDatabase admin -d your_database -o /tmp/backup/
# Import database
mongorestore -u admin -p your_admin_password --authenticationDatabase admin -d your_database /tmp/backup/your_database/
# Export single collection to JSON
mongoexport -u admin -p your_admin_password --authenticationDatabase admin -d your_database -c your_collection -o collection.json
# Import JSON into collection
mongoimport -u admin -p your_admin_password --authenticationDatabase admin -d your_database -c your_collection --file collection.jsonPost-Installation
Fail2Ban - Brute-Force Protection
Your server comes with Fail2Ban pre-configured to protect both SSH and mongo-express from brute-force attacks.
| Rule | Max Attempts | Ban Duration |
|---|---|---|
| SSH | 5 failed logins | 10 minutes |
| mongo-express | 5 failed logins | 1 hour |
Useful commands:
# Check banned IPs
fail2ban-client status mongo-express
fail2ban-client status sshd
# Unban an IP
fail2ban-client set mongo-express unbanip 1.2.3.4If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.
Service Management
MongoDB, mongo-express and Apache run via systemd. Common commands:
# Check service status
systemctl status mongod
systemctl status mongo-express
systemctl status apache2
# Restart MongoDB
systemctl restart mongod
# View MongoDB logs
journalctl -u mongod -n 100MongoDB Performance Tuning
WiredTiger cache is automatically set to 50% of RAM on first boot. To check the current value:
mongosh -u admin -p --authenticationDatabase admin --eval "db.serverStatus().wiredTiger.cache"To adjust manually, edit /etc/mongod.conf (under storage.wiredTiger.engineConfig.cacheSizeGB) and restart MongoDB:
systemctl restart mongodServer Credentials
MongoDB and mongo-express credentials are stored in /root/.mongo_credentials.
What's Pre-Configured
- Authentication: MongoDB authorization enabled with SCRAM-SHA-256. Admin user has root privileges
- Remote access: MongoDB accepts connections from any IP on port 27017
- WiredTiger cache: Automatically tuned to 50% of available RAM on first boot
- Web interface: mongo-express runs behind Apache reverse proxy at /mongo-express
Software Included
| Component | Version |
|---|---|
| Ubuntu | 24.04 LTS |
| MongoDB | 8.0 Community |
| mongosh | included with MongoDB |
| mongo-express | Latest |
| Apache | 2.4 (reverse proxy) |
| Certbot | Latest |
| Fail2Ban | 1.0 |
Troubleshooting
| Problem | Solution |
|---|---|
| Can't connect to MongoDB remotely | Check that port 27017 is not blocked by firewall. Verify the user exists and has correct authenticationDatabase |
| mongo-express shows 401 Unauthorized | Use username admin and the Admin Password from order. Credentials are in /root/.mongo_credentials |
| mongo-express page doesn't load | Check service: systemctl status mongo-express. Restart: systemctl restart mongo-express |
| Authentication failed | Make sure to specify --authenticationDatabase admin. The admin user authenticates against the admin database |
| MongoDB won't start | Check logs: journalctl -u mongod -n 50. Common cause: disk full (df -h /) or invalid YAML in mongod.conf |
| Forgot MongoDB admin password | SSH in and check /root/.mongo_credentials |
| Blocked by Fail2Ban | Use VNC console in your client panel to unban your IP |
| Forgot root password | Use VNC console in your client panel to reset it |