Deploy your Bitnami MongoDB Stack on AWS Cloud now! Launch Now

Bitnami MongoDB for AWS Cloud

Description

MongoDB is a scalable, high-performance, open source NoSQL database written in C++.

First steps with the Bitnami MongoDB Stack

Welcome to your new Bitnami application running on Amazon Web Services! Here are a few questions (and answers!) you might need when first starting with your application.

What credentials do I need?

You need two sets of credentials:

  • The application credentials that allow you to log in to your new Bitnami application. These credentials consist of a username and password.
  • The server credentials that allow you to log in to your AWS Cloud server using an SSH client and execute commands on the server using the command line. These credentials consist of an SSH username and key.

Watch the following video to learn quickly how to obtain the application credentials of those applications deployed using the AWS Console:

What is the administrator username set for me to log in to the application for the first time?

Username: root

How do I get my SSH key or password?

SSH username: bitnami

How to start or stop the services?

Each Bitnami stack includes a control script that lets you easily stop, start and restart services. The script is located at /opt/bitnami/ctlscript.sh. Call it without any service name arguments to start all services:

$ sudo /opt/bitnami/ctlscript.sh start

Or use it to restart a single service, such as Apache only, by passing the service name as argument:

$ sudo /opt/bitnami/ctlscript.sh restart apache

Use this script to stop all services:

$ sudo /opt/bitnami/ctlscript.sh stop

Restart the services by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh restart

Obtain a list of available services and operations by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh

What is the default configuration?

The MongoDB admin user for all databases is created during the Bitnami Stack installation process. The default configuration consists of:

  • The default data directory in Bitnami is located at /opt/bitnami/mongodb/data.
  • A privileged account with a username of root. The root user has remote access to the database.

Check our recommendations for a production server.

MongoDB version

In order to see which MongoDB version are your machine running you can execute the following:

$ mongod --version

MongoDB configuration file

The MongoDB configuration file is located at /opt/bitnami/mongodb/mongodb.conf.

The official MongoDB documentation has more details about how configure the MongoDB database.

MongoDB socket

On Unix, the MongoDB clients can connect to the server using a Unix socket file at /opt/bitnami/mongodb/tmp/mongodb.sock.

Usually, when you use the MongoDB client tool included in the Stack, you will not need to specify the socket for the connection.

MongoDB port

The default port in which MongoDB listens is 27017.

MongoDB log file

The main MongoDB log file is at /opt/bitnami/mongodb/log/mongodb.log.

What are the default ports?

A port is an endpoint of communication in an operating system that identifies a specific process or a type of service. Bitnami stacks include several services or servers that require a port.

IMPORTANT: Making this application's network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.

Port 22 is the default port for SSH connections.

The MongoDB access port is 27017. This port is closed by default. You must open it to enable remote access.

How to upload files to the server with SFTP?

NOTE: Bitnami applications can be found in /opt/bitnami/apps.

The first step is to ensure that you have an SSH key for your server.

If you are using the Bitnami Launchpad for AWS Cloud, download the SSH key for your server in .ppk format (for FileZilla or WinSCP) or in .pem format (for Cyberduck) from the Launchpad detail page for your server.

SSH keys

Although you can use any SFTP/SCP client to transfer files to your server, this guide documents FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X).

Using an SSH Key

Once you have your server's SSH key, choose your preferred application and follow the steps below to connect to the server using SFTP.

FileZilla
IMPORTANT: To use FileZilla, your server private key should be in PPK format.

Follow these steps:

  • Download and install FileZilla.
  • Launch FileZilla and use the "Edit -> Settings" command to bring up FileZilla's configuration settings.
  • Within the "Connection -> SFTP" section, use the "Add keyfile" command to select the private key file for the server. FileZilla will use this private key to log in to the server.

    FileZilla configuration

  • Use the "File -> Site Manager -> New Site" command to bring up the FileZilla Site Manager, where you can set up a connection to your server.
  • Enter your server host name and specify bitnami as the user name.
  • Select "SFTP" as the protocol and "Ask for password" as the logon type.

    FileZilla configuration

  • Use the "Connect" button to connect to the server and begin an SFTP session. You might need to accept the server key, by clicking "Yes" or "OK" to proceed.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you have problems accessing your server, get extra information by use the "Edit -> Settings -> Debug" menu to activate FileZilla's debug log.

FileZilla debug log

WinSCP
IMPORTANT: To use WinSCP, your server private key should be in PPK format.

Follow these steps:

  • Download and install WinSCP.
  • Launch WinSCP and in the "Session" panel, select "SCP" as the file protocol.
  • Enter your server host name and specify bitnami as the user name.

    WinSCP configuration

  • Click the "Advanced…" button and within the "SSH -> Authentication -> Authentication parameters" section, select the private key file for the server. WinSCP will use this private key to log in to the server.

    WinSCP configuration

  • From the "Session" panel, use the "Login" button to connect to the server and begin an SCP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you need to upload files to a location where the bitnami user doesn't have write permissions, you have two options:

  • Once you have configured WinSCP as described above, click the "Advanced…" button and within the "Environment -> Shell" panel, select sudo su - as your shell. This will allow you to upload files using the administrator account.

    WinSCP configuration

  • Upload the files to the /home/bitnami directory as usual. Then, connect via SSH and move the files to the desired location with the sudo command, as shown below:

     $ sudo mv /home/bitnami/uploaded-file /path/to/desired/location/
    
Cyberduck
IMPORTANT: To use Cyberduck, your server private key should be in PEM format.

Follow these steps:

  • Select the "Open Connection" command and specify "SFTP" as the connection protocol.

    Cyberduck configuration

  • In the connection details panel, under the "More Options" section, enable the "Use Public Key Authentication" option and specify the path to the private key file for the server.

    Cyberduck configuration

  • Use the "Connect" button to connect to the server and begin an SFTP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

How to secure your server?

  • Once you have created a new database and user credentials for your application, connect your applications to the MongoDB server using only that database and credentials.

  • If you don't need remote access for the database, make the server listen only on the local machine by editing the mongodb.conf file and uncommenting the line below:

     bind-address=127.0.0.1
    
  • If you don't need remote access for the database, make sure the MongoDB server port (usually 27017) is closed. Refer to the FAQ for more information on closing server ports.

  • Don't forget to change the root user password as explained in this section.

  • It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.

How to find the MongoDB database credentials?

How to connect to the MongoDB database?

You can connect to the MongoDB database from the same computer where it is installed. Run the mongo client authenticating as the root user against the admin database:

$ mongo admin --username root -p

You will be prompted to enter the root user password. This is the same as the application password.

How to connect to MongoDB from a different machine?

For security reasons, the MongoDB port in this solution cannot be accessed over a public IP address. To connect to MongoDB from a different machine, you must open port 27017 for remote access. Refer to the FAQ for more information on this.

IMPORTANT: By default, the database port for the nodes in this solution cannot be accessed over a public IP address. As a result, you will only be able to connect to your database nodes from machines that are running in the same network. For security reasons, we do not recommend making the database port accessible over a public IP address. If you must make it accessible over a public IP address, we recommend restricting access to a trusted list of source IP addresses using firewall rules. Refer to the FAQ for information on opening ports in the server firewall.

Once you have an active SSH tunnel or you opened the port for remote access, you can then connect to MongoDB using a command like the one below.

Remember to replace SOURCE-PORT with the source port number specified in the SSH tunnel configuration or 27017 if you opened the port for remote access.

$ mongo admin --username root -p --host 127.0.0.1 --port SOURCE-PORT

How to change the MongoDB root password?

You can modify the MongoDB password using the following command at the shell prompt:

$ mongo admin --username root --password YOURPASSWORD
MongoDB shell version: 2.4.8
connecting to: 127.0.0.1:27017/admin
> db = db.getSiblingDB('admin')
admin
> db.changeUserPassword("root", "NEWPASSWORD")
> exit
NOTE: Remember that both YOURPASSWORD and NEWPASSWORD are placeholders. Replace them with your current password and with the new password you want to set.

How to reset the MongoDB root password?

You can reset the administrator password by following the steps below:

  • Edit the /opt/bitnami/mongodb/mongodb.conf file and replace the following lines:

     # Turn on/off security.  Off is currently the default
     #noauth = true
     auth = true
    
     # Disable the HTTP interface (Defaults to localhost:27018).
     #nohttpinterface = true
     setParameter = enableLocalhostAuthBypass=0
    

    with:

     # Turn on/off security.  Off is currently the default
     noauth = true
     #auth = true
    
     # Disable the HTTP interface (Defaults to localhost:27018).
     #nohttpinterface = true
     #setParameter = enableLocalhostAuthBypass=0
    
  • Restart the MongoDB server:

     $ cd /opt/bitnami
     $ sudo /opt/bitnami/ctlscript.sh restart mongodb
    
  • Create a new administrative user with a new password. Run the following commands to do so (remember to replace NEWPASSWORD with the new one you want to set):

     $ mongo
     > db = db.getSiblingDB('admin')
     admin
     > db.changeUserPassword("root", "NEWPASSWORD")
    
  • Revert the modifications made to /opt/bitnami/mongodb/mongodb.conf by replacing:

     # Turn on/off security.  Off is currently the default
     noauth = true
     #auth = true
    
     # Disable the HTTP interface (Defaults to localhost:27018).
     #nohttpinterface = true
     #setParameter = enableLocalhostAuthBypass=0
    

    with:

     # Turn on/off security. Off is currently the default
     #noauth = true
     auth = true
    
     # Disable the HTTP interface (Defaults to localhost:27018).
     #nohttpinterface = true
     setParameter = enableLocalhostAuthBypass=0
    
  • Restart the MongoDB server again:

     $ cd /opt/bitnami
     $ sudo /opt/bitnami/ctlscript.sh restart mongodb
    

How to create a database for a custom application?

If you want to install an application manually, it may require the database to be set up first. Use the commands below to create a database. Replace the DATABASE_NAME placeholder with the name of the database you wish to use and the PASSWORD placeholder with your MongoDB password.

$ mongo admin --username root --password PASSWORD
MongoDB shell version: 2.4.8
connecting to: 127.0.0.1:27017/admin
> db = db.getSiblingDB('DATABASE_NAME')
DATABASE_NAME

How to create a user with all privileges for a database?

To create a user with all privileges for a MongoDB database, select the database for use and then use the createUser() function, as shown below. Replace the DATABASE_NAME placeholder with the name of the database you wish to use, the PASSWORD placeholder with your MongoDB password, and the DATABASE_USER and DATABASE_PASSWORD placeholders with the correct user name and password.

$ mongo admin --username root --password PASSWORD
MongoDB shell version: 2.4.8
connecting to: 127.0.0.1:27017/admin
> db = db.getSiblingDB('DATABASE_NAME')
DATABASE_NAME
> db.createUser( { user: "DATABASE_USER", pwd: "DATABASE_PASSWORD", roles: [ "readWrite", "dbAdmin" ]} )
{
 "user" : "DATABASE_USER",
 "pwd" : "...",
 "roles" : [
  "readWrite",
  "dbAdmin"
 ],
 "_id" : ObjectId("...")
}
> exit

Some applications may require specific privileges in the database. Consult the official installation steps in the application documentation.

How to create a user with restricted privileges in an existing database?

In case you already have a database created, you can create a new user with restricted privileges. Find an example below of how to create a new user with read-write privileges only. Replace the DATABASE_NAME placeholder with the name of the database you wish to use, and the DATABASE_USER and DATABASE_PASSWORD placeholders with the correct user name and password.

$ mongo admin --username root --password PASSWORD
MongoDB shell version: 2.4.8
connecting to: 127.0.0.1:27017/admin
> db = db.getSiblingDB('DATABASE_NAME')
> db.createUser( { user: "DATABASE_USER", pwd: "DATABASE_PASSWORD", roles: [ "readWrite"]} )
{
   "user" : "DATABASE_USER",
    "pwd" : "...",
     "roles" : [
       "readWrite",
          ],
           "_id" : ObjectId("...")
}
> exit

You can log into an existing database with a non-root user account previously created for it, but you can use that account to create other user accounts only if it has sufficient privileges.

How can I run a command in the Bitnami MongoDB Stack?

Log in to the server console as the bitnami user and run the command as usual. The required environment is automatically loaded for the bitnami user.

How to create a database backup?

To back up the data contained in your database, create a dump file using the mongodump tool.

$ mongodump --authenticationDatabase admin --username root --password PASSWORD -d DATABASE_NAME

This operation could take some time depending on the amount of data that you have stored in the database.

How to restore a database backup?

To restore data backed up using the previous command, restore a dump file using the mongorestore tool.

$ mongorestore --authenticationDatabase admin --username root --password PASSWORD PATH_TO_BACKUP_FILE

Note that the steps previously described will only back up the data contained inside your database. There may be other files that you should take into account when performing a full backup, such as files that may have been uploaded to the application. These files are stored in the application folder itself, so copy this folder to have a backup of your uploaded files.

How to debug errors in your MongoDB database?

The main log file is created at /opt/bitnami/mongodb/log/mongodb.log on the MongoDB database server host.

aws

Bitnami Documentation