MongoDB Production Setup for Proxmox LXC Container

This repository contains a production-ready MongoDB setup using Docker Compose, designed to run on a Proxmox LXC container.

Overview

The configuration includes:

• MongoDB 6.0 with replica set configuration
• Mongo Express for web-based administration
• Persistent data storage
• Security features
• Health checks
• Resource limits

Prerequisites

• Proxmox VE with LXC container support
• Docker and Docker Compose installed on the LXC container
• Proper network configuration in Proxmox

Configuration Details

docker-compose.yml Explained

version: '3.8'  # Docker Compose file format version

services:
  mongodb:
    image: mongo:6.0  # Using MongoDB 6.0
    container_name: mongodb
    restart: always  # Ensures MongoDB restarts automatically
    environment:
      # Environment variables for authentication
      - MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USERNAME:-admin}  # Default: admin
      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD:-password}  # Default: password
    volumes:
      # Persistent data storage
      - mongodb_data:/data/db  # Database files
      - mongodb_config:/data/configdb  # Configuration files
      - ./init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro  # Initialization script
    ports:
      - "27017:27017"  # Expose MongoDB port
    command: ["--auth", "--bind_ip_all", "--replSet", "rs0"]  # Enable authentication and replica set
    healthcheck:
      # Regular health checks
      test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/admin --quiet
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 40s
    networks:
      - mongo_network
    ulimits:
      # Increase file descriptor limits for production
      nofile:
        soft: 64000
        hard: 64000
    logging:
      # Log rotation to prevent disk space issues
      driver: "json-file"
      options:
        max-size: "200m"
        max-file: "10"

  mongo-express:
    image: mongo-express:latest
    container_name: mongo-express
    restart: always
    environment:
      # Authentication for MongoDB connection
      - ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_ROOT_USERNAME:-admin}
      - ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_ROOT_PASSWORD:-password}
      - ME_CONFIG_MONGODB_SERVER=mongodb
      # Basic authentication for web interface
      - ME_CONFIG_BASICAUTH_USERNAME=${MONGOEXPRESS_USERNAME:-mexpress}
      - ME_CONFIG_BASICAUTH_PASSWORD=${MONGOEXPRESS_PASSWORD:-mexpress}
      - ME_CONFIG_MONGODB_ENABLE_ADMIN=true
      - ME_CONFIG_SITE_BASEURL=/mongo-express
    ports:
      - "8081:8081"  # Web interface port
    depends_on:
      - mongodb
    networks:
      - mongo_network
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "5"

networks:
  mongo_network:
    driver: bridge

volumes:
  mongodb_data:  # Persistent volume for database files
    driver: local
  mongodb_config:  # Persistent volume for configuration
    driver: local

Security Considerations

1. Authentication: MongoDB is configured with authentication enabled by default
2. Environment Variables: Sensitive information is passed via environment variables
3. Network Isolation: Services run on a dedicated bridge network
4. Mongo Express Security: Basic authentication is enabled for the web interface

Initialization Script

The init-mongo.js script:

• Initializes a MongoDB replica set (rs0)
• Creates a default application database (appdb)
• Sets up a dedicated user for application access

Usage

1. Create a .env file with your custom credentials:

MONGO_ROOT_USERNAME=your_admin_username
MONGO_ROOT_PASSWORD=your_secure_password
MONGOEXPRESS_USERNAME=your_express_username
MONGOEXPRESS_PASSWORD=your_express_password

2. Start the services:

docker-compose up -d

3. Access Mongo Express at http://your-server-ip:8081

4. Connect to MongoDB:

mongodb://appuser:apppassword@your-server-ip:27017/appdb?authSource=appdb&replicaSet=rs0

Proxmox LXC Container Configuration

For optimal performance in a Proxmox LXC container:

1. Ensure the container has sufficient resources:

   • At least 2 CPU cores
   • Minimum 4GB RAM
   • At least 20GB storage

2. Enable necessary features in the LXC container:

   pct set <container-id> -features nesting=1
   

3. Configure container for Docker:

   echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/unprivileged-userns-clone.conf
   sysctl -p /etc/sysctl.d/unprivileged-userns-clone.conf
   

Maintenance

• Backups: MongoDB data is stored in named volumes. Use Docker's volume backup mechanisms:

  docker run --rm -v mongodb_data:/data -v $(pwd):/backup alpine tar -czf /backup/mongodb-data-backup.tar.gz /data
  

• Monitoring: Consider adding Prometheus and Grafana for monitoring

• Updating: To update MongoDB version, change the image tag in docker-compose.yml and restart:

  docker-compose down
  # Edit docker-compose.yml to update image version
  docker-compose up -d
  

Troubleshooting

• Connection Issues: Ensure ports are not blocked by firewall
• Replica Set Problems: Check MongoDB logs with docker-compose logs mongodb
• Performance Issues: Monitor resource usage and adjust container limits if needed

License

This project is licensed under the MIT License - see the LICENSE file for details.