# MongoDB

Generated on 8 Jan 2026 from [the MongoDB catalog page](https://marketplace.digitalocean.com/apps/mongodb)

Thousands of startups use MongoDB for their mission-critical applications. It’s the leading NoSQL database, offering a simple and elegant way to help developers scale.

## Software Included

| Package | Version | License |
|---|---|---|
| MongoDB | [8.0.17](https://www.mongodb.com) | [GNU AGPL v3](https://github.com/mongodb/mongo/blob/master/GNU-AGPL-3.0.txt) |

## Creating an App using the Control Panel

Click the **Deploy to DigitalOcean** button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

[![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg)](https://cloud.digitalocean.com/droplets/new?image=mongodb-18-04)

## Creating an App using the API

In addition to creating a Droplet from the MongoDB 1-Click App using the control panel, you can also use the [DigitalOcean API](https://docs.digitalocean.com/reference/api). As an example, to create a 4GB MongoDB Droplet in the SFO2 region, you can use the following `curl` command. You need to either save your [API access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/index.html.md) to an environment variable or substitute it in the command below.

```shell
curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image":"mongodb-18-04"}' \
        "https://api.digitalocean.com/v2/droplets"
```

## Getting Started After Deploying MongoDB

In addition to the package installation, the One-Click also:

- Enables the UFW firewall to allow only SSH (port `22`, rate limited), HTTP (port `80`), HTTPS (port `443`) and MongoDB (port `27017`) access.After the MongoDB One-Click Droplet is created:
- The MongoDB instance is available at `127.0.0.1:27017`.
- MongoDB’s configuration details are in `/etc/mongod.conf`.In addition, there are a few customized setup steps that we recommend you take. Once the Droplet is created, you can SSH to the server as `root`. Make sure to substitute the Droplet’s IP address.
- The passwords and keys are saved in /root/.digitalocean\_passwords

```
ssh root@your_droplet_public_ipv4
```

Then you can connect to the test database with the MongoDB shell.

```
mongosh mongodb://admin:your_admin_mongodb_password@your_droplet_public_ipv4
```

When you connect, you will see several startup warnings before you receive the MongoDB shell prompt:

```
Server has startup warnings:<br>

 2018-09-12T19:10:18.867+0000 I STORAGE [initandlisten]<br>

 2018-09-12T19:10:18.867+0000 I STORAGE [initandlisten] \*\* WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine<br>

 2018-09-12T19:10:18.867+0000 I STORAGE [initandlisten] \*\* See [http://dochub.mongodb.org/core/prodnotes-filesystem](<http://dochub.mongodb.org/core/prodnotes-filesystem>)<br>

 2018-09-12T19:10:19.637+0000 I CONTROL [initandlisten]<br>

 2018-09-12T19:10:19.637+0000 I CONTROL [initandlisten] \*\* WARNING: Access control is not enabled for the database.<br>

 2018-09-12T19:10:19.637+0000 I CONTROL [initandlisten] \*\* Read and write access to data and configuration is unrestricted.<br>

 2018-09-12T19:10:19.637+0000 I CONTROL [initandlisten]
```

To resolve the `STORAGE` warning, you can [set the storage engine to WiredTiger](https://docs.mongodb.com/v3.2/tutorial/change-config-server-wiredtiger/). WiredTiger is the default storage engine in modern versions of MongoDB (3.2+).

The `CONTROL` warning about unrestricted read/write access to the database and configuration means that any user logged into the Droplet will have access to the database and configuration until you [set up access controls](https://docs.mongodb.com/manual/tutorial/manage-users-and-roles/). However, remote access is blocked in two ways: MongoDB is bound to the local interface, so it doesn’t listen to requests from outside the local machine, and UFW is additionally configured to block port 27017, which MongoDB binds to.

You can also access your MongoDB instance remotely via an SSH tunnel using:

```

ssh -L 4321:localhost:27017 use\_your\_username@use\_your\_droplet\_ip -f -N

mongosh --port 4321
```

This opens an SSH connection which allows you to access port 27017 of the remote server locally on port 4321. This can be useful for securely accessing your MongoDB instance without opening it up to accept connections via the wider internet.

To run MongoDB in production, there are several [additional steps you should take](https://docs.mongodb.com/manual/administration/security-checklist/), including:

- Enabling access control and enforcing authentication
- Configuring role-based access control
- Encrypting client-server communication with SSL
- Encrypting the data at rest or on each host