Run-time Database Configuration
On this page
The command line and configuration file interfaces provide MongoDB administrators with a large number of options and settings for controlling the operation of the database system. This document provides an overview of common configurations and examples of best-practice configurations for common use cases.
While both interfaces provide access to the same collection of options and settings, this document primarily uses the configuration file interface. If you installed MongoDB with a package manager such as
apt on Linux, or
brew on macOS, a default configuration file has been provided as part of your installation:
- On Linux, a default
/etc/mongod.confconfiguration file is included when using a package manager to install MongoDB.
- On Windows, a default
<install directory>/bin/mongod.cfgconfiguration file is included during the installation.
- On macOS, a default
/usr/local/etc/mongod.confconfiguration file is included when installing from MongoDB’s official Homebrew tap.
For package installations of MongoDB on Linux or macOS, an initialization script which uses this default configuration file is also provided. This initialization script can be used to start the
mongod on these platforms in the following manner:
On Linux systems that use the systemd init system (the
On Linux systems that use the SystemV init init system (the
On macOS, using the
If you installed MongoDB using a
ZIP file, you will need to create your own configuration file. A basic example configuration can be found later in this document. Once you have created a configuration file, you can start a MongoDB instance with this configuration file by using either the
-f options to
Modify the values in the
/etc/mongod.conf file on your system to control the configuration of your database instance.
Consider the following basic configuration:
For most standalone servers, this is a sufficient base configuration. It makes several assumptions, but consider the following explanation:
127.0.0.1, which forces the server to only listen for requests on the localhost IP. Only bind to secure interfaces that the application-level systems can access with access control provided by system network filtering (i.e. “firewall”).
27017, which is the default MongoDB port for database instances. MongoDB can bind to any port. You can also filter access based on port using network filtering tools.
UNIX-like systems require superuser privileges to attach processes to ports lower than 1024.
true. This disables all but the most critical entries in output/log file, and is not recommended for production systems. If you do set this option, you can use
setParameterto modify this setting during run time.
/var/lib/mongo, which specifies where MongoDB will store its data files.
If you installed MongoDB on Linux using a package manager, such as
/etc/mongod.conffile provided with your MongoDB installation sets the following default
dbPath, depending on your Linux distro:
Platform Package Manager Default
RHEL / CentOS and Amazon
Ubuntu and Debian
The user account that
mongodruns under will need read and write access to this directory.
true, which enables journaling. Journaling ensures single instance write-durability. 64-bit builds of
mongodenable journaling by default. Thus, this setting may be redundant.
Given the default configuration, some of these values may be redundant. However, in many situations explicitly stating the configuration increases overall system intelligibility.
The following configuration options are useful for limiting access to a
This example provides four values to the
127.0.0.1, the localhost interface;
10.8.0.10, a private IP address typically used for local networks and VPN interfaces;
192.168.4.24, a private network interface typically used for local networks; and
/tmp/mongod.sock, a Unix domain socket path.
Because production MongoDB instances need to be accessible from multiple database servers, it is important to bind MongoDB to multiple interfaces that are accessible from your application servers. At the same time it’s important to limit these interfaces to interfaces controlled and protected at the network layer.
Setting this option to
trueenables the authorization system within MongoDB. If enabled you will need to log in by connecting over the
localhostinterface for the first time to create user credentials.
Use descriptive names for sets. Once configured, use the
mongo shell to add hosts to the replica set.
keyFile enables authentication and specifies a key file for the replica set member use to when authenticating to each other. The content of the key file is arbitrary, but must be the same on all members of the replica set and
mongos instances that connect to the set. The keyfil