If you want a simple installation of MongoDB on your Windows server but still want to make it secure so that you are not open to outside connections without a username and password you have come to the right place. In this post, I will step through how to set up your database to run as a service with authorization. For setting up replica sets and so on you can read this post.
MongoDb is running without authorization by default and even though you set a password to your database for login, you server will still be open for attack.
Back in January 2017 there was a huge global attack on MongoDB servers where they deleted all your databases and demanded Bitcoins to restore.
I will show you 2 simple steps on how to make sure you are save from that kind of attack.
First of all, let’s get the MongoDB server run as a service first, and then add authorization afterword.
1. Download your MongoDB as a zip file from here, I will pick the version “win32/mongodb-win32-x86_64-2008plus-v3.2-latest.zip”
2. Create a folder on your C drive “c:\mongodb-3.2” and add the bin folder from the zip file you downloaded.
3. Create the folders data and log in your folder.
4. Create a file “mongod.cfg” in your folder and add this:
systemLog: destination: file path: c:\mongodb-3.2\log\mongod.log storage: dbPath: c:\mongodb-3.2\data net: port: 27017
5. Create the service from cmd promt: sc.exe create MongoDB binPath= “\”C:\mongodb-3.2\bin\mongod.exe\” –service –config=\”C:\mongodb-3.2\mongod.cfg\”” DisplayName= “MongoDB” start= “auto”
6. Start the service from cmd promt: “net start MongoDB”
7. You can check if MongoDB is running by trying to connect to the shell from cmd promt type: “c:\mongodb-3.2\bin\mongo.exe”
If you don’t have any tools for administrating MongoDB I recommend using this free tool: Robomongo
To enable authorization, you simply have to:
1. Create a user
use admin db.createUser( { user: "admin", pwd: "password", roles: [ { role: "root", db: "admin" } ] } )
2. Enable authorization in your config file
systemLog: destination: file path: c:\mongodb-3.2\data\mongod.log storage: dbPath: c:\mongodb-3.2\data net: port: 27017 security: authorization: enabled setParameter: enableLocalhostAuthBypass: false
Then restart your MongoDB service and you are secure.
Thanks for reading