public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
bitnami-containers/bitnami/mongodb/README.md

364 lines
33 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# MongoDB® packaged by Bitnami
> MongoDB® is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications.
[Overview of MongoDB®](https://www.mongodb.org)
Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Bitnami.
## TL;DR
```console
docker run --name mongodb bitnami/mongodb:latest
```
## Using `docker-compose.yml`
The docker-compose.yaml file of this container can be found in the [Bitnami Containers repository](https://github.com/bitnami/containers/).
[https://github.com/bitnami/containers/tree/main/bitnami/mongodb/docker-compose.yml](https://github.com/bitnami/containers/tree/main/bitnami/mongodb/docker-compose.yml)
Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/mongodb).
## Why use Bitnami Secure Images?
Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise [OS Photon Linux](https://vmware.github.io/photon/). Why choose BSI images?
- Hardened secure images of popular open source software with Near-Zero Vulnerabilities
- Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
- Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
- Software supply chain provenance attestation through in-toto
- First class support for the internets favorite Helm charts
Each image comes with valuable security metadata. You can view the metadata in [our public catalog here](https://app-catalog.vmware.com/bitnami/apps). Note: Some data is only available with [commercial subscriptions to BSI](https://bitnami.com/).
![Alt text](https://github.com/bitnami/containers/blob/main/BSI%20UI%201.png?raw=true "Application details")
![Alt text](https://github.com/bitnami/containers/blob/main/BSI%20UI%202.png?raw=true "Packaging report")
If you are looking for our previous generation of images based on Debian Linux, please see the [Bitnami Legacy registry](https://hub.docker.com/u/bitnamilegacy).
## How to deploy MongoDB® in Kubernetes?
Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami MongoDB® Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/mongodb).
## Why use a non-root container?
Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html).
## Supported tags and respective `Dockerfile` links
Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html).
## Get this image
The Bitnami MongoDB® Docker image is only available to [Bitnami Secure Images](https://bitnami.com) customers.
## Persisting your database
If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
For persistence you should mount a directory at the `/bitnami/mongodb` path. If the mounted directory is empty, it will be initialized on the first run.
> **NOTE** As this is a non-root container, the mounted files and directories must have the proper permissions for the UID `1001`.
## Connecting to other containers
Using [Docker container networking](https://docs.docker.com/engine/userguide/networking/), a MongoDB® server running inside a container can easily be accessed by your application containers.
Containers attached to the same network can communicate with each other using the container name as the hostname.
## Configuration
The following section describes the supported environment variables
### Environment variables
The following tables list the main variables you can set.
#### Customizable environment variables
| Name | Description | Default Value |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------|
| `MONGODB_MOUNTED_CONF_DIR` | Directory for including custom configuration files (that override the default generated ones) | `${MONGODB_VOLUME_DIR}/conf` |
| `MONGODB_INIT_RETRY_ATTEMPTS` | Maximum retries for checking the service initialization status | `7` |
| `MONGODB_INIT_RETRY_DELAY` | Time (in seconds) to wait between retries for checking the service initialization status | `5` |
| `MONGODB_PORT_NUMBER` | MongoDB port | `$MONGODB_DEFAULT_PORT_NUMBER` |
| `MONGODB_EXTRA_FLAGS` | Extra flags for MongoDB initialization | `nil` |
| `MONGODB_ENABLE_NUMACTL` | Execute commands using numactl | `false` |
| `MONGODB_SHELL_EXTRA_FLAGS` | Extra flags when using the mongodb client during initialization (useful when mounting init scripts) | `nil` |
| `MONGODB_ADVERTISED_HOSTNAME` | Hostname to use for advertising the MongoDB service | `nil` |
| `MONGODB_ADVERTISE_IP` | Whether advertised hostname is set to container ip | `false` |
| `MONGODB_ADVERTISED_PORT_NUMBER` | MongoDB advertised port number. It is recommended to pass this environment variable if you have a proxy port forwarding requests to container. | `nil` |
| `MONGODB_DISABLE_JAVASCRIPT` | Disable MongoDB server-side javascript execution | `no` |
| `MONGODB_ENABLE_JOURNAL` | Enable MongoDB journal | `nil` |
| `MONGODB_DISABLE_SYSTEM_LOG` | Disable MongoDB daemon system log | `nil` |
| `MONGODB_ENABLE_DIRECTORY_PER_DB` | Use a separate folder for storing each database data | `nil` |
| `MONGODB_ENABLE_IPV6` | Use IPv6 for database connections | `nil` |
| `MONGODB_SYSTEM_LOG_VERBOSITY` | MongoDB daemon log level | `nil` |
| `MONGODB_ROOT_USER` | User name for the MongoDB root user | `root` |
| `MONGODB_ROOT_PASSWORD` | Password for the MongoDB root user | `nil` |
| `MONGODB_USERNAME` | User to generate at initialization time | `nil` |
| `MONGODB_PASSWORD` | Password for the non-root user specified in MONGODB_USERNAME | `nil` |
| `MONGODB_DATABASE` | Name of the database to create at initialization time | `nil` |
| `MONGODB_METRICS_USERNAME` | User used for metrics collection, for example with mongodb_exporter | `nil` |
| `MONGODB_METRICS_PASSWORD` | Password for the non-root user specified in MONGODB_METRICS_USERNAME | `nil` |
| `MONGODB_EXTRA_USERNAMES` | Comma or semicolon separated list of extra users to be created. | `nil` |
| `MONGODB_EXTRA_PASSWORDS` | Comma or semicolon separated list of passwords for the users specified in MONGODB_EXTRA_USERNAMES. | `nil` |
| `MONGODB_EXTRA_DATABASES` | Comma or semicolon separated list of databases to create at initialization time for the users specified in MONGODB_EXTRA_USERNAMES. | `nil` |
| `ALLOW_EMPTY_PASSWORD` | Permit accessing MongoDB without setting any password | `no` |
| `MONGODB_REPLICA_SET_MODE` | MongoDB replica set mode. Can be one of primary, secondary or arbiter | `nil` |
| `MONGODB_REPLICA_SET_NAME` | Name of the MongoDB replica set | `$MONGODB_DEFAULT_REPLICA_SET_NAME` |
| `MONGODB_REPLICA_SET_KEY` | MongoDB replica set key | `nil` |
| `MONGODB_INITIAL_PRIMARY_HOST` | Hostname of the replica set primary node (necessary for arbiter and secondary nodes) | `nil` |
| `MONGODB_INITIAL_PRIMARY_PORT_NUMBER` | Port of the replica set primary node (necessary for arbiter and secondary nodes) | `27017` |
| `MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD` | Primary node root user password (necessary for arbiter and secondary nodes) | `nil` |
| `MONGODB_INITIAL_PRIMARY_ROOT_USER` | Primary node root username (necessary for arbiter and secondary nodes) | `root` |
| `MONGODB_SET_SECONDARY_OK` | Mark node as readable. Necessary for cases where the PVC is lost | `no` |
| `MONGODB_DISABLE_ENFORCE_AUTH` | By default, MongoDB authentication will be enforced. If set to true, MongoDB will not enforce authentication | `false` |
#### Read-only environment variables
| Name | Description | Value |
|-------------------------------------------|------------------------------------------------------------------------|-------------------------------------------|
| `MONGODB_VOLUME_DIR` | Persistence base directory | `$BITNAMI_VOLUME_DIR/mongodb` |
| `MONGODB_BASE_DIR` | MongoDB installation directory | `$BITNAMI_ROOT_DIR/mongodb` |
| `MONGODB_CONF_DIR` | MongoDB configuration directory | `$MONGODB_BASE_DIR/conf` |
| `MONGODB_DEFAULT_CONF_DIR` | MongoDB default configuration directory | `$MONGODB_BASE_DIR/conf.default` |
| `MONGODB_LOG_DIR` | MongoDB logs directory | `$MONGODB_BASE_DIR/logs` |
| `MONGODB_DATA_DIR` | MongoDB data directory | `${MONGODB_VOLUME_DIR}/data` |
| `MONGODB_TMP_DIR` | MongoDB temporary directory | `$MONGODB_BASE_DIR/tmp` |
| `MONGODB_BIN_DIR` | MongoDB executables directory | `$MONGODB_BASE_DIR/bin` |
| `MONGODB_TEMPLATES_DIR` | Directory where the mongodb.conf template file is stored | `$MONGODB_BASE_DIR/templates` |
| `MONGODB_MONGOD_TEMPLATES_FILE` | Path to the mongodb.conf template file | `$MONGODB_TEMPLATES_DIR/mongodb.conf.tpl` |
| `MONGODB_CONF_FILE` | Path to MongoDB configuration file | `$MONGODB_CONF_DIR/mongodb.conf` |
| `MONGODB_KEY_FILE` | Path to the MongoDB replica set keyfile | `$MONGODB_CONF_DIR/keyfile` |
| `MONGODB_DB_SHELL_FILE` | Path to MongoDB dbshell file | `/.dbshell` |
| `MONGODB_RC_FILE` | Path to MongoDB rc file | `/.mongorc.js` |
| `MONGOSH_DIR` | Path to mongosh directory | `/.mongodb` |
| `MONGOSH_RC_FILE` | Path to mongosh rc file | `/.mongoshrc.js` |
| `MONGODB_PID_FILE` | Path to the MongoDB PID file | `$MONGODB_TMP_DIR/mongodb.pid` |
| `MONGODB_LOG_FILE` | Path to the MongoDB log file | `$MONGODB_LOG_DIR/mongodb.log` |
| `MONGODB_INITSCRIPTS_DIR` | Path to the MongoDB container init scripts directory | `/docker-entrypoint-initdb.d` |
| `MONGODB_DAEMON_USER` | MongoDB system user | `mongo` |
| `MONGODB_DAEMON_GROUP` | MongoDB system group | `mongo` |
| `MONGODB_DEFAULT_PORT_NUMBER` | MongoDB port set at build time | `27017` |
| `MONGODB_DEFAULT_ENABLE_JOURNAL` | Enable MongoDB journal at build time | `true` |
| `MONGODB_DEFAULT_DISABLE_SYSTEM_LOG` | Disable MongoDB daemon system log set at build time | `false` |
| `MONGODB_DEFAULT_ENABLE_DIRECTORY_PER_DB` | Use a separate folder for storing each database data set at build time | `false` |
| `MONGODB_DEFAULT_ENABLE_IPV6` | Use IPv6 for database connections set at build time | `false` |
| `MONGODB_DEFAULT_SYSTEM_LOG_VERBOSITY` | MongoDB daemon log level set at build time | `0` |
| `MONGODB_DEFAULT_REPLICA_SET_NAME` | Name of the MongoDB replica set at build time | `replicaset` |
### Initializing a new instance
When the container is executed for the first time, it will execute the files with extensions `.sh`, and `.js` located at `/docker-entrypoint-initdb.d`.
In order to have your custom files inside the docker image you can mount them as a volume.
### Passing extra command-line flags to mongod startup
Passing extra command-line flags to the mongod service command is possible through the following env var:
- `MONGODB_EXTRA_FLAGS`: Flags to be appended to the `mongod` startup command. No defaults
- `MONGODB_CLIENT_EXTRA_FLAGS`: Flags to be appended to the `mongo` command which is used to connect to the (local or remote) `mongod` daemon. No defaults
### Configuring system log verbosity level
Configuring the system log verbosity level is possible through the following env vars:
- `MONGODB_DISABLE_SYSTEM_LOG`: Whether to enable/disable system log on MongoDB®. Default: `false`. Possible values: `[true, false]`.
- `MONGODB_SYSTEM_LOG_VERBOSITY`: MongoDB® system log verbosity level. Default: `0`. Possible values: `[0, 1, 2, 3, 4, 5]`. For more information about the verbosity levels please refer to the [MongoDB® documentation](https://docs.mongodb.com/manual/reference/configuration-options/#systemLog.verbosity)
### Using numactl
In order to enable launching commands using numactl, set the `MONGODB_ENABLE_NUMACTL` variable to true. For more information on this, check the official [MongoDB documentation][(<https://docs.mongodb.com/manual/administration/production-notes/#configuring-numa-on-linux>)
### Enabling/disabling IPv6
Enabling/disabling IPv6 is possible through the following env var:
- `MONGODB_ENABLE_IPV6`: Whether to enable/disable IPv6 on MongoDB&reg;. Default: `false`. Possible values: `[true, false]`
### Enabling/disabling directoryPerDB
Enabling/disabling [directoryPerDB](https://docs.mongodb.com/manual/reference/configuration-options/#storage.directoryPerDB) is possible through the following env var:
- `MONGODB_ENABLE_DIRECTORY_PER_DB`: Whether to enable/disable directoryPerDB on MongoDB&reg;. Default: `true`. Possible values: `[true, false]`
### Enabling/disabling journaling
Enabling/disabling [journal](https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled) is possible through the following env var:
- `MONGODB_ENABLE_JOURNAL`: Whether to enable/disable journaling on MongoDB&reg;. Default: `true`. Possible values: `[true, false]`
### Setting the root user and password on first run
Passing the `MONGODB_ROOT_PASSWORD` environment variable when running the image for the first time will set the password of `MONGODB_ROOT_USER` to the value of `MONGODB_ROOT_PASSWORD` and enable authentication on the MongoDB&reg; server. If unset, `MONGODB_ROOT_USER` defaults to `root`.
The `MONGODB_ROOT_USER` user is configured to have full administrative access to the MongoDB&reg; server. When `MONGODB_ROOT_PASSWORD` is not specified the server allows unauthenticated and unrestricted access.
### Creating a user and database on first run
You can create a user with restricted access to a database while starting the container for the first time. To do this, provide the `MONGODB_USERNAME`, `MONGODB_PASSWORD` and `MONGODB_DATABASE` environment variables.
> **NOTE** Creation of a user enables authentication on the MongoDB&reg; server and as a result unauthenticated access by *any* user is not permitted.
### Setting up replication
A [replication](https://docs.mongodb.com/manual/replication/) cluster can easily be setup with the Bitnami MongoDB&reg; Docker Image using the following environment variables:
- `MONGODB_REPLICA_SET_MODE`: The replication mode. Possible values `primary`/`secondary`/`arbiter`. No defaults.
- `MONGODB_REPLICA_SET_NAME`: MongoDB&reg; replica set name. Default: **replicaset**
- `MONGODB_PORT_NUMBER`: The port each MongoDB&reg; will use. Default: **27017**
- `MONGODB_INITIAL_PRIMARY_HOST`: MongoDB&reg; initial primary host, once the replicaset is created any node can be eventually promoted to be the primary. No defaults.
- `MONGODB_INITIAL_PRIMARY_PORT_NUMBER`: MongoDB&reg; initial primary node port, as seen by other nodes. Default: **27017**
- `MONGODB_ADVERTISED_HOSTNAME`: MongoDB&reg; advertised hostname. No defaults. It is recommended to pass this environment variable if you experience issues with ephemeral IPs. Setting this env var makes the nodes of the replica set to be configured with a hostname instead of the machine IP.
- `MONGODB_ADVERTISE_IP`: MongoDB&reg; advertised hostname is set to container ip. Default: **false**. Overrides `MONGODB_ADVERTISED_HOSTNAME`
- `MONGODB_ADVERTISED_PORT_NUMBER`: MongoDB&reg; advertised port number. No defaults. It is recommended to pass this environment variable if you have a proxy port forwarding requests to container.
- `MONGODB_REPLICA_SET_KEY`: MongoDB&reg; replica set key. Length should be greater than 5 characters and should not contain any special characters. Required for all nodes. No default.
- `MONGODB_ROOT_USER`: MongoDB&reg; root user name. Default: **root**.
- `MONGODB_ROOT_PASSWORD`: MongoDB&reg; root password. No defaults. Only for primary node.
- `MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD`: MongoDB&reg; initial primary root password. No defaults. Only for secondaries and arbiter nodes.
In a replication cluster you can have one primary node, zero or more secondary nodes and zero or one arbiter node.
> **NOTE**: The total number of nodes on a replica set scenario cannot be higher than 8 (1 primary, 6 secondaries and 1 arbiter)
#### How is a replica set configured?
There are four different roles in a replica set configuration (primary, secondary, hidden or arbiter). Each one of these roles are configured in a different way:
**Primary node configuration:**
The replica set is started with the `rs.initiate()` command and some configuration options to force the primary to be the primary. Basically, the priority is increased from the default (1) to 5.
To verify the primary is actually the primary we validate it with the `db.isMaster().ismaster` command.
The primary node has a volume attached so the data is preserved between deployments as long as the volume exists.
In addition, the primary node initialization script will check for the existence of a `.initialized` file in the `/bitnami/mongodb` folder to discern whether it should create a new replica set or on the contrary a replica set has already been initialized.
If the primary got killed and the volume is deleted, in order to start it again in the same replica set it is important to launch the container with the original IP so other members of the replica set already knows about it.
**Secondary node configuration:**
Once the primary node is up and running we can start adding secondary nodes (and arbiter). For that, the secondary node connects to the primary node and add itself as a secondary node with the command `rs.add(SECONDARY_NODE_HOST)`.
After adding the secondary nodes we verified they have been successfully added by executing `rs.status().members` to see if they appear in the list.
**Arbiter node configuration:**
The arbiters follows the same procedure than secondary nodes with the exception that the command to add it to the replica set is `rs.addArb(ARBITER_NODE_HOST)`. An arbiter should be added when the sum of primary nodes plus secondaries nodes is even.
**Hidden node configuration:**
Finally, the hidden node follows the same procedure than secondary nodes with the exception that the command to add it to the replica set is `rs.add(host: HIDDEN_NODE_HOST, hidden: true, priority: 0})`.
### Enabling SSL/TLS
This container supports enabling SSL/TLS between nodes in the cluster, as well as between mongo clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` environment variables,
together with the correct `MONGODB_ADVERTISED_HOSTNAME`.
Before starting the cluster you need to generate PEM certificates as required by Mongo - one way is to create self-signed certificates using `openssl` (see <http://www.openssl.org>).
> **The certificates generated as described are not for production use**
Another option would be to use letsencrypt certificates; the required configuration steps for that scenario are left as an exercise for the user and are beyond the scope of this README.
#### Starting the cluster
After having generated the certificates and making them available to the containers at the correct mount points (i.e. `/certificates/`), the environment variables could be setup as in the following examples.
Example settings for the primary node `mongodb-primary`:
- `MONGODB_ADVERTISED_HOSTNAME=mongodb-primary`
- `MONGODB_EXTRA_FLAGS=--tlsMode=requireTLS --tlsCertificateKeyFile=/certificates/mongodb-primary.pem --tlsClusterFile=/certificates/mongodb-primary.pem --tlsCAFile=/certificates/mongoCA.crt`
- `MONGODB_CLIENT_EXTRA_FLAGS=--tls --tlsCertificateKeyFile=/certificates/mongodb-primary.pem --tlsCAFile=/certificates/mongoCA.crt`
Example corresponding settings for a secondary node `mongodb-secondary`:
- `MONGODB_ADVERTISED_HOSTNAME=mongodb-secondary`
- `MONGODB_EXTRA_FLAGS=--tlsMode=requireTLS --tlsCertificateKeyFile=/certificates/mongodb-secondary.pem --tlsClusterFile=/certificates/mongodb-secondary.pem --tlsCAFile=/certificates/mongoCA.crt`
- `MONGODB_CLIENT_EXTRA_FLAGS=--tls --tlsCertificateKeyFile=/certificates/mongodb-secondary.pem --tlsCAFile=/certificates/mongoCA.crt`
#### Connecting to the mongo daemon via SSL
After successfully starting a cluster as specified, within the container it should be possible to connect to the mongo daemon on the primary node using:
```console
/opt/bitnami/mongodb/bin/mongo -u ${MONGODB_ROOT_USER} -p ${MONGODB_ROOT_PASSWORD} --host mongodb-primary --tls --tlsCertificateKeyFile=/certificates/mongodb-primary.pem --tlsCAFile=/certificates/mongoCA.crt
```
**NB**: We only support `--clusterAuthMode=keyFile` in this configuration.
#### References
- To also allow clients to connect using username and password (without X509 certificates): <https://docs.mongodb.com/manual/reference/configuration-options/#net.ssl.allowConnectionsWithoutCertificates>
- For more extensive information regarding related configuration options: <https://docs.mongodb.com/manual/reference/program/mongod/#tls-ssl-options>,
Especially client authentication and requirements for common name and OU/DN/etc. fields in the certificates are important for creating a secure setup.
### Configuration file
The image looks for mounted configurations files in `/bitnami/mongodb/conf/`. You can mount a volume at `/bitnami/mongodb/conf/` and copy/edit the configurations in the `/path/to/mongodb-configuration-persistence/`. The default configurations will be populated to the `/opt/bitnami/mongodb/conf/` directory if it's empty.
Refer to the [configuration file options](http://docs.mongodb.org/v2.4/reference/configuration-options/) manual for the complete list of MongoDB&reg; configuration options.
### FIPS configuration in Bitnami Secure Images
The Bitnami MongoDB&reg; Docker image from the [Bitnami Secure Images](https://go-vmware.broadcom.com/contact-us) catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables:
- `OPENSSL_FIPS`: whether OpenSSL runs in FIPS mode or not. `yes` (default), `no`.
## Logging
The Bitnami MongoDB&reg; Docker image sends the container logs to the `stdout`. You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver.
## Notable Changes
### 4.4.8-debian-10-r31, and 5.0.2-debian-10-r0
- From now on, "Default Write Concern" need to be set before adding new members (secondary, arbiter or hidden) to the cluster. In order to maintain the safest default configuration, `{"setDefaultRWConcern" : 1, "defaultWriteConcern" : {"w" : "majority"}}` is configured before adding new members. See <https://docs.mongodb.com/manual/reference/command/setDefaultRWConcern/> and <https://docs.mongodb.com/v5.0/reference/mongodb-defaults/#default-write-concern>
### 3.6.14-r69, 4.0.13-r11, and 4.2.1-r12
- The configuration files mount point changed from `/opt/bitnami/mongodb/conf` to `/bitnami/mongodb/conf`.
### 3.6.13-r33, 4.0.10-r42, 4.1.13-r40 and 4.1.13-r41
- `MONGODB_ENABLE_IPV6` set to `false` by default, if you want to enable IPv6, you need to set this environment variable to `true`. You can find more info at the above ["Enabling/disabling IPv6"](#enablingdisabling-ipv6) section.
### 3.6.13-debian-9-r15, 3.6.13-ol-7-r15, 4.0.10-debian-9-r23, 4.0.10-ol-7-r24, 4.1.13-debian-9-r22, 4.1.13-ol-7-r23 or later
- Decrease the size of the container. Node.js is not needed anymore. MongoDB&reg; configuration logic has been moved to bash scripts in the rootfs folder.
### 3.6.9, 4.0.4 and 4.1.5 or later
- All MongoDB&reg; versions released after October 16, 2018 (3.6.9 or later, 4.0.4 or later or 4.1.5 or later) are licensed under the [Server Side Public License](https://www.mongodb.com/licensing/server-side-public-license) that is not currently accepted as a Open Source license by the Open Source Initiative (OSI).
### 3.6.6-r16 and 4.1.1-r9
- The MongoDB&reg; container has been migrated to a non-root user approach. Previously the container ran as the `root` user and the MongoDB&reg; daemon was started as the `mongo` user. From now on, both the container and the MongoDB&reg; daemon run as user `1001`. As a consequence, the data directory must be writable by that user. You can revert this behavior by changing `USER 1001` to `USER root` in the Dockerfile.
### 3.2.7-r5
- `MONGODB_USER` parameter has been renamed to `MONGODB_USERNAME`.
### 3.2.6-r0
- All volumes have been merged at `/bitnami/mongodb`. Now you only need to mount a single volume at `/bitnami/mongodb` for persistence.
- The logs are always sent to the `stdout` and are no longer collected in the volume.
## License
Copyright &copy; 2026 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Reference in New Issue View Git Blame Copy Permalink