< Byte Me: IT Learning Adventures

Setting Up MongoDB and Mongo Express Securely with Docker Compose

March 15, 2025

Tags: dockermongodbdevops

MongoDB is a widely used NoSQL database, and Mongo Express provides a web-based interface for managing it. Running these services in Docker makes deployment easier, but security must be a priority. In this guide, we will:

  • Deploy MongoDB and Mongo Express using Docker Compose.
  • Secure Mongo Express by binding it to localhost.
  • Access Mongo Express securely via SSH port forwarding.

This setup ensures that Mongo Express is only accessible to authorized users while keeping MongoDB data persistent.

Prerequisites

Before proceeding, ensure you have:

  • A Debian/Ubuntu server with Docker and Docker Compose installed.
  • SSH access to the server.
  • Basic knowledge of Docker.

If Docker and Docker Compose are not installed, install them with:

sudo apt update && sudo apt install docker.io docker-compose -y

Step 1: Create a Docker Compose Configuration

Create a new project folder and navigate to it:

mkdir mongo-docker && cd mongo-docker

Then, create the docker-compose.yml file:

nano docker-compose.yml

Paste the following configuration:

version: '3.8'

services:
  mongodb:
    image: mongo:latest
    container_name: mongodb
    restart: always
    ports:
      - "27017:27017"
    environment:
      MONGO_INITDB_ROOT_USERNAME: admin
      MONGO_INITDB_ROOT_PASSWORD: password
    volumes:
      - mongo_data:/data/db

  mongo-express:
    image: mongo-express
    container_name: mongo-express
    restart: always
    ports:
      - "127.0.0.1:8081:8081"  # Bind to localhost for security
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: admin
      ME_CONFIG_MONGODB_ADMINPASSWORD: password
      ME_CONFIG_MONGODB_URL: mongodb://admin:password@mongodb:27017/
      ME_CONFIG_BASICAUTH: false  # Disable Mongo Express login screen
    depends_on:
      - mongodb

volumes:
  mongo_data:

Why Bind Mongo Express to 127.0.0.1?

  • This prevents external access to Mongo Express.
  • Only local users (or those with SSH access) can reach it.
  • It enhances security while still allowing controlled remote access.

Step 2: Start the MongoDB and Mongo Express Containers

Run:

docker-compose up -d

This starts both containers in the background.

Verify the containers are running:

docker ps

You should see mongodb and mongo-express in the list.

Step 3: Securely Access Mongo Express with SSH Port Forwarding

Since Mongo Express is only available locally (127.0.0.1:8081), we need SSH port forwarding to access it from our local machine.

From Your Local Machine (Mac/Linux/Windows with SSH)

Run:

ssh -L 8081:localhost:8081 youruser@your-server-ip
  • This maps port 8081 on your local machine to port 8081 on the server.
  • Now, only you can access Mongo Express at: 
    http://localhost:8081

Step 4: Test MongoDB Connection

To confirm MongoDB is running, connect via:

docker exec -it mongodb mongosh -u admin -p password --authenticationDatabase admin

You should see the MongoDB shell prompt.

Step 5: Managing Containers

  • Restart Containers: 
    docker-compose restart
  • Stop and Remove Containers: 
    docker-compose down
  • Remove Containers and Data: 
    docker-compose down -v

Conclusion

You now have a secure MongoDB and Mongo Express setup using Docker Compose. By binding Mongo Express to localhost and using SSH port forwarding, access is restricted to authorized users only. This significantly improves security while maintaining flexibility.

Now you can safely manage your MongoDB database with Mongo Express while preventing unauthorized external access.

Profile picture

Written by Olivier Bonnet who lives and works in Montreal writing a blog that nobody reads 🤪