How to install MongoDB on CentOS 8

Installing MongoDB + Certificates on CentOS 8

Hostname

Setup hostname

hostname db.christiancuri.dev

Update hostname file to set the server name permanently

nano /etc/hostname

set the hostname in the file to

db.christiancuri.dev

add host

echo "$IP db.christiancuri.dev" >> /etc/hosts

Setup LetsEncrypt

Install git and clone letsencrypt

dnf install git -y &&
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt &&
cd /opt/letsencrypt

Request the certificate

./letsencrypt-auto certonly -d db.christiancuri.dev
  • LetsEncrypt will ask you to look an entry in you server. If not not have nginx select [1], else, select [2] and add on nginx the follow lines
location ~ /.well-known {
        allow all;
}

then restart the nginx service

Setup the LetsEncrypt Files

Join on LetsEncrypt folder

cd /etc/letsencrypt/live/db.christiancuri.dev

Generate cert combining privKey.pem with cert.pem

cat privkey.pem cert.pem > /etc/ssl/mongodb.pem

Download the TrustID X3 Root Cert

Get the IdenTrust DST Root CA X3 from LetsEncrypt

wget -c https://letsencrypt.org/certs/trustid-x3-root.pem.txt -O trustid-x3-root.pem

Create CA file

cat chain.pem trustid-x3-root.pem > /etc/ssl/ca.pem

Just to make sure that everything is setup correctly run

openssl verify -CAfile /etc/ssl/ca.pem /etc/ssl/mongodb.pem

You should get

mongodb.pem: OK

Give permissions

chmod 400 /etc/ssl/ca.pem
chmod 400 /etc/ssl/mongodb.pem
chown mongod /etc/ssl/ca.pem
chown mongod /etc/ssl/mongodb.pem

Configure MongoDB

Edit mongod.conf

nano /etc/mongod.conf

Specify the SSL locations. You may to specify a PEMKeyPassword if you got the cert from an different source than letsencrypt.

net:
 tls:
  mode: requireTLS
  certificateKeyFile: /etc/ssl/mongodb.pem
  CAFile: /etc/ssl/ca.pem

Restart MongoDB

systemctl restart mongod

Login

Then log into the shell using ssl:

mongo --ssl -sslCAFile /etc/ssl/ca.pem --host db.christiancuri.dev --sslPEMKeyFile /etc/ssl/mongodb.pem