// Tutorial //

How to Install MongoDB on Debian 8

Published on February 28, 2017
How to Install MongoDB on Debian 8
Not using Debian 8?Choose a different version or distribution.
Debian 8


MongoDB is a free and open-source NoSQL document database used commonly in modern web applications. This tutorial will help you set up MongoDB on your server for use in a production application environment. You’ll install MongoDB and configure firewall rules to restrict access to MongoDB.


To follow this tutorial, you will need:

Step 1 — Installing MongoDB

MongoDB is already included in Debian’s package repositories, but the official MongoDB repository provides the most up-to-date version and is the recommended way of installing the software. In this step, we will add this official repository to our server.

Debian ensures the authenticity of software packages by verifying that they are signed with GPG keys, so we first have to import they key for the official MongoDB repository.

  1. sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6

After successfully importing the key, you will see:

gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

Next, we have to add the MongoDB repository details so apt will know where to download the packages from.

Issue the following command to create a list file for MongoDB.

  1. echo "deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list

After adding the repository details, update the packages list:

  1. sudo apt-get update

Now install the MongoDB package itself with the following command:

  1. sudo apt-get install -y mongodb-org

This installs the latest stable version of MongoDB, along with some helpful management tools for the MongoDB server.

Once MongoDB installs, start the service, and ensure it starts when your server reboots:

  1. sudo systemctl enable mongod.service
  2. sudo systemctl start mongod

Then use systemctl to check that the service has started properly:

  1. sudo systemctl status mongod

You should see the following output, indicating that the service is running:

mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/lib/systemd/system/mongod.service; enabled)
   Active: active (running) since Tue 2017-02-28 19:51:51 UTC; 7s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 8958 (mongod)
   CGroup: /system.slice/mongod.service
           └─8958 /usr/bin/mongod --quiet --config /etc/mongod.conf

Feb 28 19:51:51 cart-61037 systemd[1]: Started High-performance, schema-free document-oriented database.

Now that MongoDB is successfully installed, let’s secure it with the software firewall.

Step 2 — Securing MongoDB with a Firewall

in most cases, MongoDB should be accessed only from certain trusted locations, such as another server hosting an application. To accomplish this task, you can allow access on MongoDB’s default port while specifying the IP address of another server that will be explicitly allowed to connect. We’ll use the iptables firewall to set up this rule, as well as a few other rules to secure the system.

Before we write any rules, install the iptables-persistent package so you can save the rules you create. This way the rules will be applied every time you restart your server. Execute this command:

  1. sudo apt-get install iptables-persistent

Note: During the installation, you may be asked if you’d like to keep any existing rules. You can discard the existing rules.

Next, remove any existing rules that may be in place, just in case:

  1. sudo iptables -F

Then add a rule that allows established connections to continue talking. This way our existing SSH connection won’t be interrupted:

  1. sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Next, ensure that SSH access is allowed:

  1. sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

If you plan to connect to MongoDB from a remote server, add these rules which will allow access to MongoDB’s default port from your application server:

  1. sudo iptables -A INPUT -s your_other_server_ip -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
  2. sudo iptables -A OUTPUT -d your_other_server_ip -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT

Next, add these rules which allow traffic on the local loopback device:

  1. sudo iptables -A INPUT -i lo -j ACCEPT
  2. sudo iptables -A OUTPUT -o lo -j ACCEPT

Finally, change the firewall policy to drop all other traffic:

  1. sudo iptables -P INPUT DROP

Warning: Changing the default policy to drop traffic that isn’t explicitly defined in rules will mean that everything is locked down. If you wish to allow additional traffic in the future, you’ll need to add new rules.

In addition, if you accidentally flush your rules, you will be locked out of your server. It’s a good idea to use sudo iptables -P INPUT ACCEPT to allow traffic through if you need to adjust your rules in the future. You can then use sudo iptables -P INPUT DROP to lock things down once you’re sure things are configured properly again.

Verify that the rules look correct:

  1. sudo iptables -S

You should see output similar to this:

-P INPUT DROP -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s your_other_server_ip/32 -p tcp -m tcp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -d your_other_server_ip/32 -p tcp -m tcp --sport 27017 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT

Finally, save the rules:

  1. netfilter-persistent save

To learn more about these firewall rules, take a look at How To Set Up a Firewall Using Iptables on Ubuntu 14.04.

Step 3 — Enabling Access to External Servers (Optional)

Current versions of MongoDB don’t accept external connections by default. If you’ve restricted access to specific IP addresses with the firewall, you can modify MongoDB’s configuration to accept remote connections.

Edit the MongoDB configuration file:

  1. sudo nano /etc/mongod.conf

Locate this section:

# network interfaces
  port: 27017

Mongo is listening on the local loopback address, so it’ll only accept local connections. Change the bindIp value so it includes the IP address of your MongoDB server:

# network interfaces
  port: 27017
  bindIp:, your_server_ip

Save the file and exit the editor.

Then restart MongoDB to apply the change:

  1. sudo systemctl restart mongod

Your remote machine should now be able to connect. However, you may also want to enable authentication to secure your database even further.


You can find more in-depth instructions regarding MongoDB installation and configuration in these DigitalOcean community articles. Be sure to back up your data and explore how to encrypt data in transit.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about us

About the authors

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

There is some problem with your instruction:

Issue the following command to create a list file for MongoDB. echo “deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.4 main” | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list

The 3.4 version is not the last one. And, as far as I know, this version by default listens to all IPs

In the mongod.conf file, you need to wrap multiple IP addresses in square brackets.

# network interfaces
  port: 27017
  bindIp: [, your_server_ip]

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel