MongoDB is an open-source, document-oriented NoSQL database that stores data as flexible JSON-like documents instead of traditional rows and columns. It is widely used for modern web applications, real-time analytics, and content management systems where schema flexibility and horizontal scaling matter.
This guide walks through installing MongoDB 8.0 on Rocky Linux 10 and AlmaLinux 10 using the official MongoDB yum repository. It covers repository setup, installation, security hardening with authentication, remote access configuration, firewall rules, SELinux adjustments, basic CRUD operations with mongosh, and backups with mongodump. For the full list of changes in this release, see the MongoDB 8.0 release notes.
Prerequisites
- A server running Rocky Linux 10 or AlmaLinux 10 with at least 2 GB RAM
- Root or sudo access
- Internet connectivity for downloading packages
- Port 27017/TCP open if remote clients need access
Step 1: Add the MongoDB 8.0 Yum Repository
MongoDB packages are not included in the default Rocky Linux or AlmaLinux repositories. Add the official MongoDB 8.0 repository by creating a repo file.
sudo vi /etc/yum.repos.d/mongodb-org-8.0.repoAdd the following repository configuration:
[mongodb-org-8.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.ascSave the file and verify the repository is available:
sudo dnf repolistYou should see mongodb-org-8.0 listed among the enabled repositories:
repo id repo name
appstream Rocky Linux 10 - AppStream
baseos Rocky Linux 10 - BaseOS
mongodb-org-8.0 MongoDB RepositoryStep 2: Install MongoDB 8.0 on Rocky Linux 10 / AlmaLinux 10
Install the MongoDB meta-package, which pulls in the server, shell, tools, and router components:
sudo dnf install -y mongodb-orgThe installer pulls in these packages – mongodb-org-server, mongodb-org-mongos, mongodb-mongosh, and mongodb-org-tools.
After installation completes, confirm the installed version:
mongod --versionThe output confirms MongoDB 8.0 is installed:
db version v8.0.20
Build Info: {
"version": "8.0.20",
"gitVersion": "...",
"openSSLVersion": "OpenSSL 3.2.x ...",
"modules": [],
"allocator": "tcmalloc-google",
"environment": {
"distmod": "rhel90",
"distarch": "x86_64",
"target_arch": "x86_64"
}
}Step 3: Start and Enable MongoDB Service
Enable the mongod service so it starts automatically on boot, and start it immediately:
sudo systemctl enable --now mongodVerify the service is running:
systemctl status mongodThe output should show the service as active (running):
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; preset: disabled)
Active: active (running) since Fri 2026-03-21 10:15:32 UTC; 5s ago
Docs: https://docs.mongodb.org/manual
Main PID: 4521 (mongod)
Memory: 180.0M
CPU: 1.200s
CGroup: /system.slice/mongod.service
└─4521 /usr/bin/mongod -f /etc/mongod.confStep 4: Configure SELinux for MongoDB
Rocky Linux 10 and AlmaLinux 10 ship with SELinux in enforcing mode. If MongoDB uses the default data path (/var/lib/mongo) and log path (/var/log/mongodb), it works without any SELinux changes. However, if you use custom data or log paths, you need to set the correct SELinux contexts. For a deeper understanding of SELinux troubleshooting, see our guide on troubleshooting SELinux on Rocky Linux 10 and AlmaLinux 10.
Install the required SELinux utilities:
sudo dnf install -y policycoreutils-python-utilsIf you plan to allow MongoDB to listen on a non-default port, register it with SELinux. For the default port 27017, this is already handled:
sudo semanage port -a -t mongod_port_t -p tcp 27017If you get a “port already defined” message, that means the port is already registered and no action is needed.
For custom data directories (for example, /data/mongo), set the contexts like this:
sudo semanage fcontext -a -t mongod_var_lib_t '/data/mongo.*'
sudo restorecon -R -v /data/mongoFor custom log directories:
sudo semanage fcontext -a -t mongod_log_t '/data/log/mongodb.*'
sudo restorecon -R -v /data/log/mongodbStep 5: Enable Authentication and Create Admin User
By default, MongoDB allows unauthenticated connections from localhost. Before enabling authentication, create an admin user first. Connect to the shell:
mongoshSwitch to the admin database and create a user with full administrative privileges:
use admin
db.createUser({
user: "mongoadmin",
pwd: passwordPrompt(),
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})You will be prompted to enter a password. After the user is created, you should see a confirmation like this:
{ ok: 1 }Exit the shell:
exitNow enable authentication in the MongoDB configuration file:
sudo vi /etc/mongod.confFind the #security: section and update it to:
security:
authorization: enabledRestart the service to apply the change:
sudo systemctl restart mongodTest authentication by connecting with the admin user:
mongosh -u mongoadmin -p --authenticationDatabase adminAfter entering the password, you should connect successfully and see the mongosh prompt:
Enter password: ********
Current Mongosh Log ID: 67dd1a...
Connecting to: mongodb://@127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&authSource=admin&appName=mongosh+2.x.x
Using MongoDB: 8.0.20
Using Mongosh: 2.x.x
test> Step 6: Configure MongoDB for Remote Access
By default, MongoDB only listens on 127.0.0.1. To allow connections from remote clients, update the bind address. If you also need to manage PostgreSQL on Rocky Linux 10, the approach to configuring remote access is similar.
sudo vi /etc/mongod.confUpdate the net section to bind to all interfaces, or specify your server’s IP address:
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # Bind to all IPv4 interfacesFor production environments, replace 0.0.0.0 with a comma-separated list of specific IP addresses, for example 127.0.0.1,192.168.1.50. Binding to all interfaces without authentication is a serious security risk.
Restart MongoDB to apply the change:
sudo systemctl restart mongodConfirm MongoDB is now listening on all interfaces:
ss -tlnp | grep 27017You should see MongoDB bound to 0.0.0.0:27017:
LISTEN 0 4096 0.0.0.0:27017 0.0.0.0:* users:(("mongod",pid=4521,fd=12))Step 7: Configure Firewall for MongoDB
If firewalld is active on your Rocky Linux 10 or AlmaLinux 10 server, open port 27017/TCP for MongoDB connections:
sudo firewall-cmd --permanent --add-port=27017/tcp
sudo firewall-cmd --reloadVerify the rule was applied:
sudo firewall-cmd --list-portsYou should see 27017/tcp in the output.
For tighter security in production, limit access to specific source IPs using a rich rule instead:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.0/24" port protocol="tcp" port="27017" accept'
sudo firewall-cmd --reloadStep 8: Basic CRUD Operations with mongosh
Connect to MongoDB with your admin credentials:
mongosh -u mongoadmin -p --authenticationDatabase adminCreate a new database and insert a document (MongoDB creates the database and collection automatically on first write):
use appdb
db.users.insertOne({
name: "John Doe",
email: "[email protected]",
role: "admin",
created: new Date()
})MongoDB confirms the insert with the new document’s ObjectId:
{
acknowledged: true,
insertedId: ObjectId('67dd1b2c...')
}Insert multiple documents at once:
db.users.insertMany([
{ name: "Jane Smith", email: "[email protected]", role: "editor", created: new Date() },
{ name: "Bob Wilson", email: "[email protected]", role: "viewer", created: new Date() }
])Read all documents in the collection:
db.users.find().pretty()The output shows all three user documents with their auto-generated _id fields.
Update a document – change Bob’s role to editor:
db.users.updateOne(
{ name: "Bob Wilson" },
{ $set: { role: "editor" } }
)MongoDB confirms the update:
{
acknowledged: true,
insertedId: null,
matchedCount: 1,
modifiedCount: 1,
upsertedCount: 0
}Delete a document:
db.users.deleteOne({ name: "Jane Smith" })Confirm the deletion:
{ acknowledged: true, deletedCount: 1 }Verify remaining documents:
db.users.countDocuments()This returns 2, confirming the delete worked. If you are working with other databases alongside MongoDB, you might find our guide on installing Redis on Rocky Linux 10 useful for caching layers.
Step 9: Backup MongoDB with mongodump
The mongodump utility creates binary backups of your MongoDB data. It is included with the mongodb-org-tools package installed earlier.
Back up all databases:
mongodump --uri="mongodb://mongoadmin:[email protected]:27017" --authenticationDatabase=admin --out=/backup/mongodb/$(date +%Y%m%d)Create the backup directory first if it does not exist:
sudo mkdir -p /backup/mongodbBack up a single database:
mongodump --uri="mongodb://mongoadmin:[email protected]:27017" --authenticationDatabase=admin --db=appdb --out=/backup/mongodb/$(date +%Y%m%d)The backup directory contains BSON files for each collection. To restore from a backup, use mongorestore:
mongorestore --uri="mongodb://mongoadmin:[email protected]:27017" --authenticationDatabase=admin /backup/mongodb/20260321/For production environments, set up a cron job to run mongodump daily and rotate old backups. If you need to run MongoDB on Debian-based systems instead, see our guide on installing MongoDB 8.0 on Debian and Ubuntu.
Conclusion
MongoDB 8.0 is now installed and configured on your Rocky Linux 10 or AlmaLinux 10 server with authentication enabled, firewall rules in place, and SELinux properly configured. You have a working setup with an admin user, remote access, and backup procedures using mongodump.
For production deployments, consider enabling TLS/SSL encryption for client connections, setting up replica sets for high availability, and configuring log rotation. The official MongoDB production checklist covers additional hardening steps.
