MongoDB is a popular NoSQL database, and installing it from the official MongoDB repository ensures you get the latest stable release. This guide walks through the steps on Debian 12 (“Bookworm”). We’ll show how to add MongoDB’s official repository, install the server, and then start and secure MongoDB. Finally, we’ll cover creating an admin user and (optionally) configuring secure remote access.
Add Official MongoDB Repository on Debian 12
First, update your package list and install the required tools. In a terminal, run:
sudo apt-get update && sudo apt-get install -y gnupg curlNext, import MongoDB’s public GPG key. This step verifies packages from the MongoDB repository:
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc \
| sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmorNow add the MongoDB repository for Debian Bookworm. Create a new sources list file with the following line:
echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] \
http://repo.mongodb.org/apt/debian bookworm/mongodb-org/8.0 main" \
| sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.listThis tells apt to use MongoDB’s official repo. Finally, reload the package database:
sudo apt-get updateYour system now knows about the MongoDB packages in the official repository.
Install MongoDB from the Official Repository on Debian 12
With the repository added, install the MongoDB package group. The meta-package mongodb-org pulls in all required MongoDB components. Run:
sudo apt-get install -y mongodb-orgThis installs the latest stable MongoDB Community Edition, including the server, shell (mongosh), and tools. The -y flag applies all installs without prompting. After installation, you can check whether MongoDB is installed by running:
mongod --versionThis should print the MongoDB server version installed on your system.
Start and Enable the MongoDB Service
Once installed, start the MongoDB service with systemctl. This sets up MongoDB to run as a background service. In the terminal:
sudo systemctl start mongodYou can verify it’s running with:
sudo systemctl status mongodLook for an “active (running)” status. To have MongoDB start automatically on boot, enable the service:
sudo systemctl enable mongodThese commands ensure MongoDB’s mongod process is running now and after any reboot. If you ever stop or restart MongoDB, use:
sudo systemctl stop mongod && sudo systemctl restart mongodSecure Your MongoDB Installation
By default, MongoDB on a fresh install has no authentication enabled, meaning anyone with access can connect without a password. To secure your data, enable access control. First, edit the MongoDB configuration file:
sudo nano /etc/mongod.confFind the section about security (it may be commented out). Add or uncomment the following lines under a security: block:
security:
authorization: "enabled"This tells MongoDB to require users to authenticate. Save and close the file. Then, restart the service to apply changes:
sudo systemctl restart mongodNow, MongoDB will enforce login for all connections. Ensure you create an administrative user (below) before enabling authentication, or you will be locked out. We enabled authorization here, assuming you will make the admin user immediately.
In addition to user accounts, ensure your server’s firewall is configured correctly. Allow MongoDB’s default port (27017) only on trusted networks or via secured tunnels. MongoDB only listens on localhost by default, but we’ll address remote access next.
Create a MongoDB Administrative User
With authentication enabled, you need at least one admin user. Connect to MongoDB using the shell (no password needed on localhost since you haven’t created any user yet):
mongoshSwitch to the admin database at the prompt and create a user with administrative privileges. For example:
use admin
db.createUser({
user: "admin",
pwd: "YourStrongPasswordHere",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
})This command creates a new user named admin with a secure password. The role userAdminAnyDatabase allows this user to create and manage users on any database (you can also use the "root" role for full privileges). After running it, you should see a confirmation. Exit the shell:
quit()Now, MongoDB requires users to authenticate. Test the new admin account by reconnecting:
mongosh -u admin -p YourStrongPasswordHere --authenticationDatabase adminIf it connects successfully, your admin user is set up correctly. From now on, any operation in the database will require proper authentication.
(Optional) Enable Secure Remote Access to MongoDB
By default, MongoDB is bound to localhost only, which means remote machines cannot connect. If you need to access MongoDB from another host, you must update the bind IP address carefully to avoid exposing it publicly.
Edit the configuration file again:
sudo nano /etc/mongod.confFind the net.bindIp setting. It is usually under a net: section and defaults to 127.0.0.1. Change it to allow your desired interfaces. For example, to listen on all network interfaces (not generally recommended unless firewalled):
net:
bindIp: 0.0.0.0Alternatively, specify particular IP addresses (e.g., your server’s IP and localhost). Save and restart:
sudo systemctl restart mongodSecurity Tip: If enabling remote access, configure your firewall to permit connections to port 27017 only from trusted IPs. For example, if using UFW:
sudo ufw allow from <your.trusted.ip.addr> to any port 27017 comment 'Allow MongoDB'Additionally, always ensure MongoDB authentication is enabled (as above) so that even remote clients must log in. Using SSH tunnels or VPNs can add an extra layer of security for administrative access.
Conclusion
You have now installed MongoDB on Debian 12 via the official MongoDB repository. The steps included adding MongoDB’s GPG key and apt source, installing the package, and starting the service. We also covered securing the database by creating an admin user and enabling access control. Finally, we showed how to enable remote connections safely if needed. With MongoDB set up this way, you can create databases and applications while protecting your data.
