networking – What does the –bindip configuration option in mongodb do?

networking – What does the –bindip configuration option in mongodb do?

On bindIp by convention is the IP address of localhost and is bound to the loopback interface, which is only accessible from the same machine.

Using this address as default is best practice, since doing so makes it impossible to accidentally expose a service to the public. You have to make the conscious choice to change the bind IP to make your service publicly available. Which you should only do after you made sure that you took proper security measures.

Note This is very simplified, skipping advanced topics

Typically, a machine has the loopback interface and one or more real network interfaces.

Say you have one network interface which is internal (only accessible by your application servers, since you put them into the same network) and you have one network interface which is external (reachable via the public internet for maintenance purposes). Now, if you would bind your MongoDB instance to all interfaces (you would use the IP address to do that), your MongoDB instance would be accessible from the public internet – hardly a desired situation. Attackers could try to brute force your passwords and may eventually get access to your MongoDB instance. Better to prevent any access from the public internet at all.

What you would rather want to have that your MongoDB instance is accessible for your application servers and from the machine it runs on. So you would bind MongoDB to both the loopback interfaces IP ( and the IP of the private network, which in general would be one of

  • the range from to
  • the range from to
  • the range from to

Let us take our example and say both the application servers and the MongoDB instance are in a private network in the range 192.168.X.X and you have given the MongoDB instance the IP address So you would want to have your MongoDB instance be accessible via so that the application servers can talk to it and via to use the administration tools from the machine MongoDB runs on effortlessly.

So with the YAML configuration syntax, you would pass multiple IPs

NOTE do not add space between commas on multiple IPs

# (or you really, really, really know what you are doing)

On the warnings

In short, this is MongoDBs way of saying:

Mate, you have two problems: you have not configured security yet and your MongoDB instance is only accessible from the local machine. The former is not as severe because of the latter. But you really should configure security before you bind the MongoDB instance to other IPs than localhost!

There is sort of an implied Unless you really know what you are doing!, because iirc, the warning vanishes if you either activate client authentication or change the bindIp.

In my case i change bindIp to in /etc/mongod.conf

sudo nano /etc/mongod.conf

# network interfaces
  port: 27017

networking – What does the –bindip configuration option in mongodb do?

Leave a Reply

Your email address will not be published.