# Install, Secure, Backup, Restore and Connect MongoDB database with separate user Role in Ubuntu 16.0


## Intro

Today we take a ubuntu 16.04 server. Install MongoDB server there and secure it with users of various role. We use different user to backup, restore and read write operation. Also we will cover, how to connect a authenticate database from a node app using mongoose ODM tool.

## Covering Area

1. Install MongoDB (You can skip this part and follow official doc)

1. Run MongoDB

1. Enable Authentication in our database server

1. Create user

1. Backup or dump database

1. Restore backup or dump database

1. Connect authenticate database from a Node app using Mongoose ODM tool.
> Step 1 can be skipped by the official [doc](https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/). Step 2 , 3 and 4 are heavily inspired from [Digital Ocean Blog](https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04). So you can keep an eye on that.

## Install MongoDB

### 1. Import the public key used by the package management system.

```
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
```


### 2. Create a list file for MongoDB.

```
echo “deb [ arch=amd64,arm64 ] [https://repo.mongodb.org/apt/ubuntu](https://repo.mongodb.org/apt/ubuntu) xenial/mongodb-org/4.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
```


### 3. Reload local package database.

```
sudo apt-get update
```


### 4. Install the MongoDB packages.

```
sudo apt-get install -y mongodb-org
```


Now we are done installing MongoDB.

## Run MongoDB

### 1. To start MongoDB, Run Mongo Daemon

`sudo systemctl start mongod`

### 2. Your MongoDB database is up and running now. To access the MongoDB shell

`mongo`

### 3. Also You can check the status (You must confirm the Active key value is running)

`sudo systemctl status mongod`

### 4. To ensure, every time the OS boot, the MongoDB will run automatically

`sudo systemctl enable mongod`

Now we are done running our MongoDB server.

## Enable Authentication

Let’s consider we have a database named ‘my-database’
> To create any user first we need to create a super user. The super user can create and assign role to other users to perform operation in database.

Let’s create a super user.

### 1. Go to mongoDB shell

```
mongo
```


### 2. We need to switch to the admin database to create a super user.

```
use admin
```


### 3. Create a super user, so we can create various user with role in future,

```
db.createUser(
  {
    user: "my-super-user",
    pwd: "my-super-user-password",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)
```

> Now a super user is created.

### 4. Leave the mongo shell

```
exit
```

> Now in your Mongo Daemon configuration file, enable authentication.

### 5. Enter to the configuration file.

```
sudo nano /etc/mongod.conf
```

> Now replace “#security” with the following two line. Here we remove comment from security. Then enable the authentication.

```
security:
  authorization: "enabled"
```


### 6. To make this change available, we need to restart Mongo Daemon.

```
sudo systemctl restart mongod
```


### 7. To check the MongoDB runtime status

```
sudo systemctl status mongod
```

> You should see the active property running.

## Creating User

### 1. This time go to MongoDB shell with username and password

```
mongo -u my-super-user -p --authenticationDatabase admin
```

> For password, give the previously created super user password “my-super-user-password”

### 2. Now Switch to admin database

```
use admin
```


### 3. Let’s create a user with read-write capability, so the user can perform read write operation in database and also restore backup database.

```
db.createUser(
  {
    user: "my-user",
    pwd: "my-user-password",
    roles: [ { role: "readWrite", db: "my-database" } ]
  }
)
```


### 4. Also create another user to backup privilege.

```
db.createUser(
  {
    user: "my-backup-user",
    pwd: "my-backup-user-password",
    roles: [{ role: "backup", db: "admin" }]
  }
)
```

> Now we have two users, one for read-write and database restoring authorized. Another user can only take database backup.

## Backup Database
> To backup or dump the database, we have to use the user with ‘backup’ role.

```
mongodump --username my-backup-user --password my-backup-user-password
```


## Restore Database
> In order to restore the database, we have to use a database user with read-write privilege. First go to the directory, that contains dump database.

```
mongorestore --username my-user --password my-user-password
```

> Now your database will be restored.

## Connect using Mongoose ODM From Node APP

### 1. Install mogoose

```
npm i mongoose
```


### 2. In the index.js folder

```
const mongoose = require('mongoose');
const uri = 'mongodb://localhost:27017/my-database';
const option = {
    "useNewUrlParser": true,
    "auth": { "authSource": "admin" },
    "user": "my-user",
    "pass": "my-user-password"
};
mongoose.connect(uri, option);
```


### 3. Run the app

```
node index.js
```


## Conclusion

So here we are. Our database is secure with role based user. Stay tuned and if there is a confusing term or something, response below. I will replay ASAP.
