Step-by-step guide to install MongoDB 7.0 on Debian 12 VPS with low memory configuration, remote access setup, authentication, and cost-saving tips.

Looking to reduce your cloud database costs or gain more control over your data? Self-hosting MongoDB on a VPS is a compelling option. This guide walks you through installing MongoDB 7.0 on Debian 12, configuring it for low-memory environments, enabling remote access, and setting up authentication—complete with solutions to common issues you might encounter.

Why Self-Host MongoDB?#

Managed database services like MongoDB Atlas are convenient for getting started, but self-hosting gives you full control and can significantly reduce costs—especially for development, testing, or smaller production workloads. A budget VPS can handle MongoDB surprisingly well with the right configuration.

Prerequisites#

  • A Debian 12 (Bookworm) VPS with SSH access
  • Root or sudo privileges
  • At least 512MB RAM (we'll configure for low memory)
  • Basic terminal knowledge

Step 1: Install MongoDB 7.0 on Debian 12#

First, let's add the official MongoDB repository and install the database server. SSH into your VPS and run:

Bashinstall-mongodb.sh
1# Import MongoDB public GPG key
2curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | \
3   sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
4
5# Add MongoDB repository for Debian 12 Bookworm
6echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] http://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main" | \
7   sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
8
9# Update package list and install MongoDB
10sudo apt-get update
11sudo apt-get install -y mongodb-org

Step 2: Configure MongoDB for Low Memory (Critical!)#

This is a common roadblock. By default, MongoDB's WiredTiger engine uses 50% of available RAM for cache. On a low-memory VPS, that's problematic. Edit the configuration file:

Bash
1sudo nano /etc/mongod.conf

Add or modify the storage section. Important: The minimum cacheSizeGB is 0.25 (256MB). I initially tried 0.1 and MongoDB refused to start!

YAML/etc/mongod.conf
1storage:
2  dbPath: /var/lib/mongodb
3  wiredTiger:
4    engineConfig:
5      cacheSizeGB: 0.25  # Minimum value - don't go lower!
6
7systemLog:
8  destination: file
9  logAppend: true
10  path: /var/log/mongodb/mongod.log
11
12net:
13  port: 27017
14  bindIp: 127.0.0.1  # We'll change this later for remote access
15
16processManagement:
17  timeZoneInfo: /usr/share/zoneinfo

Step 3: Create Log Directory (Easy to Miss!)#

Another issue I encountered: MongoDB wouldn't start because the log directory didn't exist. Fix it:

Bash
1sudo mkdir -p /var/log/mongodb
2sudo chown mongodb:mongodb /var/log/mongodb

Step 4: Start MongoDB#

Bash
1# Start MongoDB
2sudo systemctl start mongod
3
4# Enable auto-start on boot
5sudo systemctl enable mongod
6
7# Verify it's running
8sudo systemctl status mongod

You should see "active (running)" in green. If not, check the logs:

Bash
1sudo cat /var/log/mongodb/mongod.log | tail -50

Step 5: Enable Remote Access (The bindIp Trap)#

By default, MongoDB only listens on localhost (127.0.0.1). When I tried connecting from my development machine, I got:

Text
1MongoNetworkError: connect ECONNREFUSED 192.210.161.217:27017

The fix: Update bindIp in /etc/mongod.conf:

YAML/etc/mongod.conf
1net:
2  port: 27017
3  bindIp: 0.0.0.0  # Accept connections from any IP

Then restart MongoDB and open the firewall:

Bash
1sudo systemctl restart mongod
2
3# Open port 27017 in firewall
4sudo ufw allow 27017/tcp
5sudo ufw reload

Step 6: Set Up Authentication (Don't Skip This!)#

With the port open to the internet, you MUST enable authentication. First, create an admin user:

Bash
1# Connect to MongoDB
2mongosh
JavaScriptmongosh
1// Switch to admin database
2use admin
3
4// Create admin user
5db.createUser({
6  user: "admin",
7  pwd: "YourSecurePassword123!",
8  roles: [
9    { role: "userAdminAnyDatabase", db: "admin" },
10    { role: "readWriteAnyDatabase", db: "admin" }
11  ]
12})
13
14// Exit mongosh
15exit

Now enable authentication in mongod.conf:

YAML/etc/mongod.conf
1security:
2  authorization: enabled
Bash
1sudo systemctl restart mongod

Step 7: Your Connection String#

You can now connect from anywhere using this connection string format:

Text
1mongodb://admin:YourSecurePassword123!@YOUR_VPS_IP:27017/your-database?authSource=admin

Replace YOUR_VPS_IP with your server's public IP address. Test with mongosh:

Bash
1mongosh "mongodb://admin:YourSecurePassword123!@YOUR_VPS_IP:27017/admin"

Memory Usage Results#

Here's typical resource usage on a 512MB RAM VPS after setup:

The VPS handles development workloads without any issues. For production with larger datasets, you'll want at least 2-4GB RAM.

Production Notes for Larger VPS#

When moving to production with a beefier VPS, consider these additional hardening steps:

  • Enable TLS/SSL - Encrypt all connections with certificates
  • IP Whitelisting - Restrict bindIp to known application servers only
  • Automated Backups - Set up daily mongodump with cron jobs
  • Increase Cache Size - Set cacheSizeGB to 50% of available RAM
  • Disable Transparent Huge Pages - MongoDB recommends this for performance
  • Role-Based Users - Create separate users for app, backup, and admin tasks

FAQs - Issues I Encountered#

Q: MongoDB won't start with "cacheSizeGB must be >= 0.25" error#

A: The WiredTiger storage engine requires a minimum cache of 256MB (0.25GB). You cannot set cacheSizeGB lower than this value, even on low-memory systems. If your VPS has less than 512MB RAM, MongoDB will still work but may use swap.

Q: Getting "No such file or directory" for /var/log/mongodb/mongod.log#

A: The log directory doesn't exist by default. Create it with: sudo mkdir -p /var/log/mongodb && sudo chown mongodb:mongodb /var/log/mongodb

Q: Connection refused when connecting remotely#

A: Check two things: 1) Is bindIp set to 0.0.0.0 in mongod.conf? The default 127.0.0.1 only allows local connections. 2) Is your firewall allowing port 27017? Use: sudo ufw allow 27017/tcp

Q: SSH tunnel vs direct connection - which is better?#

A: SSH tunnels are more secure (MongoDB port stays closed) but require maintaining the tunnel. Direct connection with authentication + TLS is simpler for production. For development testing, direct connection with strong passwords is acceptable.

Q: How do I verify MongoDB is listening on the right IP?#

A: Run: ss -tlnp | grep 27017. You should see 0.0.0.0:27017 for remote access, not 127.0.0.1:27017.

Q: What's the minimum VPS spec for MongoDB?#

A: For testing/development: 512MB RAM works fine with small datasets (<50MB). For production: 2GB+ RAM minimum, 4GB+ recommended for datasets over 1GB.

Conclusion#

Self-hosting MongoDB on a budget VPS is absolutely viable for development and testing workloads. The key learnings: always configure cacheSizeGB for low-memory systems, remember to change bindIp for remote access, and never skip authentication. For roughly $5-10/month, you get full control over your database—a fraction of managed service costs.
DevOps ToolsCloud AutomationVPS