Run MongoDB in Docker containers for development, testing, or production deployments. This guide covers various deployment patterns and security considerations.
For quick local development:
# Run MongoDB with basic configuration
docker run -d \
--name mongodb-dev \
-p 27017:27017 \
-e MONGO_INITDB_ROOT_USERNAME=admin \
-e MONGO_INITDB_ROOT_PASSWORD=password \
-v mongodb_data:/data/db \
mongo:8.0
Create a project directory and compose file:
mkdir -p /opt/mongodb
cd /opt/mongodb
Create docker-compose.yml:
version: '3.8'
services:
mongodb:
image: mongo:8.0
restart: unless-stopped
container_name: mongodb-prod
ports:
- "127.0.0.1:27017:27017" # Bind to localhost only
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER:-admin}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD:-change-me}
- MONGO_INITDB_DATABASE=main
volumes:
- mongodb_data:/data/db
- ./init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
command: ["--config", "/etc/mongo/mongod.conf"]
security_opt:
- no-new-privileges:true
networks:
- mongodb-net
healthcheck:
test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
volumes:
mongodb_data:
networks:
mongodb-net:
driver: bridge
Create mongod.conf for custom settings:
# mongod.conf for Docker
storage:
dbPath: /data/db
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27017
bindIp: 0.0.0.0 # Docker specific - bind to all interfaces inside container
processManagement:
fork: false # Important for Docker - don't fork
setParameter:
enableLocalhostAuthBypass: false
security:
authorization: enabled
Mount this file in the compose file:
volumes:
- mongodb_data:/data/db
- ./mongod.conf:/etc/mongo/mongod.conf:ro
- ./init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
Create .env file for sensitive data:
MONGO_ROOT_USER=admin
MONGO_ROOT_PASSWORD=your-secure-password-here
MONGO_APP_USER=appuser
MONGO_APP_PASSWORD=your-app-password-here
Create init-mongo.js for additional setup:
// Create application user
db = db.getSiblingDB('app_database');
db.createUser({
user: process.env.MONGO_APP_USER || 'appuser',
pwd: process.env.MONGO_APP_PASSWORD || 'password',
roles: [
{
role: 'readWrite',
db: 'app_database'
},
{
role: 'dbAdmin',
db: 'app_database'
}
]
});
// Create sample collection with index
db.sample_collection.createIndex({ "createdAt": 1 });
For high availability, set up a MongoDB replica set:
version: '3.8'
services:
mongodb1:
image: mongo:8.0
restart: unless-stopped
hostname: mongodb1
container_name: mongodb1
ports:
- "27017:27017"
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER:-admin}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD:-change-me}
volumes:
- mongodb1_data:/data/db
- ./mongod.conf:/etc/mongo/mongod.conf:ro
command: ["--replSet", "rs0", "--bind_ip_all"]
networks:
- mongodb-net
mongodb2:
image: mongo:8.0
restart: unless-stopped
hostname: mongodb2
container_name: mongodb2
ports:
- "27018:27017"
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER:-admin}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD:-change-me}
volumes:
- mongodb2_data:/data/db
- ./mongod.conf:/etc/mongo/mongod.conf:ro
command: ["--replSet", "rs0", "--bind_ip_all"]
networks:
- mongodb-net
mongodb3:
image: mongo:8.0
restart: unless-stopped
hostname: mongodb3
container_name: mongodb3
ports:
- "27019:27017"
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER:-admin}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD:-change-me}
volumes:
- mongodb3_data:/data/db
- ./mongod.conf:/etc/mongo/mongod.conf:ro
command: ["--replSet", "rs0", "--bind_ip_all"]
networks:
- mongodb-net
mongosetup:
image: mongo:8.0
restart: "no"
depends_on:
- mongodb1
- mongodb2
- mongodb3
volumes:
- ./init-replica-set.js:/scripts/init-replica-set.js:ro
command: >
bash -c "
sleep 20 &&
mongosh mongodb1:27017,mongodb2:27017,mongodb3:27017/admin
--eval \"
rs.initiate({
_id: 'rs0',
members: [
{ _id: 0, host: 'mongodb1:27017' },
{ _id: 1, host: 'mongodb2:27017' },
{ _id: 2, host: 'mongodb3:27017' }
]
})
\" &&
sleep 20
"
volumes:
mongodb1_data:
mongodb2_data:
mongodb3_data:
networks:
mongodb-net:
driver: bridge
Create init-replica-set.js:
// Initialize replica set
rs.initiate({
_id: 'rs0',
members: [
{ _id: 0, host: 'mongodb1:27017' },
{ _id: 1, host: 'mongodb2:27017' },
{ _id: 2, host: 'mongodb3:27017' }
]
});
// Wait for replica set to be initialized
sleep(10000);
// Create admin user
db = db.getSiblingDB('admin');
db.createUser({
user: 'admin',
pwd: process.env.MONGO_ROOT_PASSWORD,
roles: [
{ role: 'root', db: 'admin' }
]
});
# Start services in detached mode
docker compose up -d
# Check service status
docker compose ps
# View logs
docker compose logs -f mongodb
# Connect to MongoDB container
docker exec -it mongodb mongosh -u admin -p
# Connect from host machine
mongosh -u admin -p --authenticationDatabase admin mongodb://localhost:27017
# Execute commands directly
docker exec mongodb mongosh --eval "db.adminCommand('ping')"
# Backup database
docker exec mongodb mongodump --archive=/tmp/backup.archive --gzip
# Copy backup to host
docker cp mongodb:/tmp/backup.archive ./backup_$(date +%Y%m%d_%H%M%S).archive.gz
# Restore database
docker cp backup.archive mongodb:/tmp/
docker exec mongodb mongorestore --archive=/tmp/backup.archive --gzip
127.0.0.1:27017:27017services:
mongodb:
# ... other configurations ...
deploy:
resources:
limits:
memory: 4G
cpus: '2.0'
reservations:
memory: 1G
cpus: '0.5'
# Follow logs
docker compose logs -f
# View logs for specific service
docker compose logs -f mongodb
# View last 100 lines
docker compose logs --tail=100
The compose file includes health checks that monitor MongoDB status.
# Check container status
docker ps
# Check container logs
docker logs mongodb
# Execute diagnostic commands
docker exec mongodb mongostat --host localhost:27017
mongo:8.0 instead of mongo:latest)