MongoDB is a document-oriented NoSQL database that stores data in flexible, JSON-like documents instead of traditional table rows. It handles unstructured and semi-structured data well, making it a solid choice for applications that need fast reads, horizontal scaling, and schema flexibility.
This guide walks through installing MongoDB 8.0 on Ubuntu 24.04 and Debian 13 from the official MongoDB apt repository. We cover repository setup, enabling authentication, configuring remote access, firewall rules, basic CRUD operations with mongosh, and backups with mongodump. For full details on what changed in this release, see the MongoDB 8.0 release notes.
Prerequisites
- A server running Ubuntu 24.04 LTS or Debian 13 with at least 2 GB RAM
- Root or sudo access
- Port 27017/TCP open if allowing remote connections
- Internet access to reach MongoDB package repositories
Step 1: Add the MongoDB 8.0 Repository
MongoDB packages are not in the default Ubuntu/Debian repositories. We need to add the official MongoDB apt repository and its GPG signing key.
First, install the prerequisites and import the MongoDB GPG key:
sudo apt update
sudo apt install -y gnupg curlImport the MongoDB public GPG key:
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmorNow add the repository. Choose the command for your operating system.
Ubuntu 24.04 (Noble):
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.listDebian 13 (Trixie):
MongoDB does not yet provide a dedicated Trixie repository. Use the Bookworm (Debian 12) repository, which works on Debian 13:
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/8.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.listUpdate the package index to pick up the new repository:
sudo apt updateStep 2: Install MongoDB 8.0 on Ubuntu 24.04 / Debian 13
Install the mongodb-org meta-package, which includes the server, mongosh shell, and database tools:
sudo apt install -y mongodb-orgThis installs the following components:
mongod– the database server daemonmongosh– the MongoDB shell for interactive queriesmongodump/mongorestore– backup and restore toolsmongos– sharding router (for sharded clusters)
Verify the installed version:
mongod --versionYou should see MongoDB version 8.0.x confirmed in the output:
db version v8.0.20
Build Info: {
"architecture": "x86_64",
"maxBsonObjectSize": 16777216
}Step 3: Start and Enable MongoDB Service
Enable MongoDB to start at boot and start the service now:
sudo systemctl enable --now mongodVerify that the service is running:
sudo systemctl status mongodThe output should show the service as active (running):
● mongod.service - MongoDB Database Server
Loaded: loaded (/lib/systemd/system/mongod.service; enabled; preset: enabled)
Active: active (running) since Fri 2026-03-21 10:15:32 UTC; 5s ago
Docs: https://docs.mongodb.org/manual
Main PID: 4521 (mongod)
Memory: 168.3M
CPU: 1.234s
CGroup: /system.slice/mongod.service
└─4521 /usr/bin/mongod --config /etc/mongod.confConfirm MongoDB is listening on port 27017:
ss -tlnp | grep 27017You should see mongod bound to 127.0.0.1 on port 27017:
LISTEN 0 4096 127.0.0.1:27017 0.0.0.0:* users:(("mongod",pid=4521,fd=12))Step 4: Enable MongoDB Authentication
By default, MongoDB allows unauthenticated access. In any environment beyond local development, you should enable authentication. If you work with other databases like MySQL or MariaDB on Ubuntu, you already know that securing database access is a critical first step.
First, connect to MongoDB with mongosh and create an admin user:
mongoshSwitch to the admin database and create a user with the userAdminAnyDatabase and readWriteAnyDatabase roles:
use admin
db.createUser(
{
user: "mongoadmin",
pwd: "StrongPassword123!",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" }
]
}
)
exitMongoDB confirms the user was created with a response like { ok: 1 }. For a deeper look at role-based access control, see the MongoDB authentication configuration guide.
Now enable authentication in the MongoDB configuration file:
sudo vi /etc/mongod.confFind the security section and enable authorization. If the section is commented out, uncomment it and add the authorization line:
security:
authorization: enabledRestart MongoDB to apply the change:
sudo systemctl restart mongodFrom now on, you must authenticate when connecting. Test the admin login:
mongosh -u mongoadmin -p --authenticationDatabase adminEnter the password when prompted. A successful connection drops you into the mongosh prompt, confirming authentication works.
Step 5: Configure Remote Access to MongoDB
By default, MongoDB binds only to 127.0.0.1 (localhost). To allow connections from application servers or remote clients, update the bindIp setting.
sudo vi /etc/mongod.confFind the net section and update bindIp to include your server’s IP address. Replace 10.0.1.50 with your actual server IP:
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,10.0.1.50To bind to all interfaces, use 0.0.0.0 instead. Only do this if you have proper firewall rules in place.
Restart MongoDB after changing the bind address:
sudo systemctl restart mongodVerify MongoDB is now listening on the additional interface:
ss -tlnp | grep 27017You should see mongod listening on both 127.0.0.1 and your server IP:
LISTEN 0 4096 127.0.0.1:27017 0.0.0.0:* users:(("mongod",pid=5102,fd=12))
LISTEN 0 4096 10.0.1.50:27017 0.0.0.0:* users:(("mongod",pid=5102,fd=13))Step 6: Configure UFW Firewall for MongoDB
If UFW is active on your Ubuntu server, allow MongoDB traffic on port 27017/TCP. Restrict access to specific source IPs rather than opening the port to everyone.
Allow a specific application server (replace 10.0.1.100 with your app server IP):
sudo ufw allow from 10.0.1.100 to any port 27017 proto tcpTo allow an entire subnet:
sudo ufw allow from 10.0.1.0/24 to any port 27017 proto tcpReload UFW and verify the rule:
sudo ufw reload
sudo ufw status numberedThe output should show your new MongoDB rule:
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 27017/tcp ALLOW IN 10.0.1.0/24On Debian 13, if you use nftables or iptables directly instead of UFW, add an equivalent rule to allow TCP port 27017 from trusted source IPs.
Step 7: Basic CRUD Operations with mongosh
With MongoDB installed and authentication enabled, let’s run through basic Create, Read, Update, and Delete operations using the mongosh shell. Refer to the mongosh documentation for the full command reference.
Connect with your admin user:
mongosh -u mongoadmin -p --authenticationDatabase adminCreate a database and insert documents:
use testdb
db.servers.insertMany([
{ hostname: "web01", os: "Ubuntu 24.04", role: "webserver", cpu: 4 },
{ hostname: "db01", os: "Debian 13", role: "database", cpu: 8 },
{ hostname: "app01", os: "Ubuntu 24.04", role: "appserver", cpu: 4 }
])MongoDB returns the inserted document IDs, confirming the insert was successful:
{
acknowledged: true,
insertedIds: {
'0': ObjectId('...'),
'1': ObjectId('...'),
'2': ObjectId('...')
}
}Read – query documents:
db.servers.find({ os: "Ubuntu 24.04" })This returns all documents where the os field matches “Ubuntu 24.04”:
[
{ _id: ObjectId('...'), hostname: 'web01', os: 'Ubuntu 24.04', role: 'webserver', cpu: 4 },
{ _id: ObjectId('...'), hostname: 'app01', os: 'Ubuntu 24.04', role: 'appserver', cpu: 4 }
]Update – modify a document:
db.servers.updateOne(
{ hostname: "db01" },
{ $set: { cpu: 16, ram: "64GB" } }
)The response shows one document matched and modified:
{
acknowledged: true,
insertedId: null,
matchedCount: 1,
modifiedCount: 1,
upsertedCount: 0
}Delete – remove a document:
db.servers.deleteOne({ hostname: "app01" })MongoDB confirms the deletion with deletedCount: 1. Applications built with Node.js commonly use the MongoDB Node.js driver or Mongoose ODM to perform these same operations programmatically.
Step 8: Backup MongoDB with mongodump
The mongodump tool creates binary backups of your MongoDB databases. It is included in the mongodb-org package we installed earlier.
Back up all databases:
mongodump -u mongoadmin -p --authenticationDatabase admin --out /opt/mongodb-backup/$(date +%F)This creates a directory structure under /opt/mongodb-backup/ with BSON files for each database and collection:
2026-03-21/
├── admin/
│ ├── system.users.bson
│ └── system.users.metadata.json
└── testdb/
├── servers.bson
└── servers.metadata.jsonTo back up a single database:
mongodump -u mongoadmin -p --authenticationDatabase admin --db testdb --out /opt/mongodb-backup/$(date +%F)Restore from a backup with mongorestore:
mongorestore -u mongoadmin -p --authenticationDatabase admin /opt/mongodb-backup/2026-03-21/For production systems, schedule mongodump in a cron job and rotate old backups. You can also monitor your MongoDB instance alongside other databases using Prometheus and Grafana with PMM.
Conclusion
MongoDB 8.0 is now installed and running on your Ubuntu 24.04 or Debian 13 server with authentication enabled, remote access configured, and firewall rules in place. You have the basics of CRUD operations with mongosh and database backups with mongodump.
For production deployments, consider setting up replica sets for high availability, enabling TLS encryption for client connections, and configuring log rotation. Use role-based access control to create application-specific users with minimal required permissions rather than sharing the admin account.
