Connect to a Deployment (original) (raw)
This page shows how to use the MongoDB Shell to connect to a MongoDB deployment. You can connect to aMongoDB Atlas cloud-hosted deployment, connect to a local deployment, or connect to another remote host withMongoDB Shell.
To use the MongoDB Shell, you must have a MongoDB deployment to connect to.
- For a free cloud-hosted deployment, you can useMongoDB Atlas.
- To learn how to run a local MongoDB deployment, seeInstall MongoDB.
You can use the MongoDB Shell to connect to MongoDB version 4.2 or greater.
These procedures assume you have already installed mongosh. For more information about installing mongosh, refer toInstall mongosh.
You can connect to your MongoDB Atlas deployment directly from your shell.
If you haven't alreadycreated a database user, you must set a username and password. To connect to Atlas, pass your username with the Atlas connection string. After you issue the connect command, the shell prompts for your password.
To establish your connection, run the mongosh command with your connection string and options to establish the connection.
The connection string includes the following elements:
- Your cluster name
- A hash
- A flag for the API version
- A flag for the username you want to use to connect
It resembles the following string:
mongosh "mongodb+srv://YOUR_CLUSTER_NAME.YOUR_HASH.mongodb.net/" --apiVersion YOUR_API_VERSION --username YOUR_USERNAME
Note
Learn More
You can use other connection security options to connect to Atlas viamongosh. For information on connecting with a private IP for peering or a Private Endpoint connection, refer to theAtlas Connect via mongoshdocumentation.
To connect to a MongoDB deployment running on localhost withdefault port 27017, run mongosh without any options:
This is equivalent to the following command:
mongosh "mongodb://localhost:27017"
To specify a port to connect to on localhost, you can use either:
- A connection string with the chosen port
- The
--portcommand-line option
For example, the following commands connect to a deployment running on localhost port 28015:
mongosh "mongodb://localhost:28015"
To specify a remote host and port, you can use either:
- A connection string with the chosen host and port.
- The
--hostand--portcommand-line options. If you omit the--portoption,mongoshuses the default port 27017.
For example, the following commands connect to a MongoDB deployment running on host mongodb0.example.com and port 28015:
mongosh "mongodb://mongodb0.example.com:28015"
mongosh --host mongodb0.example.com --port 28015
Note
Connect to MongoDB Atlas
If your remote host is an Atlas cluster, you can copy your connection string from the Atlas UI. To learn more, seeConnect to a Clusterin the Atlas documentation.
Specify different connection options to connect to different types of deployments.
To connect to a MongoDB deployment that requires authentication, use the--username and --authenticationDatabase options. mongosh prompts you for a password, which it hides as you type.
For example, to authenticate as user alice on the admindatabase, run the following command:
mongosh "mongodb://mongodb0.example.com:28015" --username alice --authenticationDatabase admin
To provide a password as part of the connection command instead of using the prompt, use the --password option. Use this option for programmatic usage of mongosh, like a driver.
See also:
- To enforce authentication on a deployment, seeEnable Access Control.
- To provision access to a MongoDB deployment, see Database Users.
To connect to a deployment using OpenID Connect, use the --authenticationMechanism option and set it to MONGODB-OIDC.mongosh redirects you to a browser where you enter your identity provider's log-in information.
For example, the following connects to a local deployment using MONGODB-OIDC:
mongosh "mongodb://localhost/" --authenticationMechanism MONGODB-OIDC
To connect to a deployment using LDAP:
- Set --username to a username that respects the security.ldap.authz.queryTemplate, or any configured security.ldap.userToDNMapping template.
- Set --password to the appropriate password. If you do not specify the password to the
--passwordcommand-line option,mongoshprompts you for the password. - Set --authenticationDatabaseto
$external. The$externalargument must be placed in single quotes, not double quotes, to prevent the shell from interpreting$externalas a variable. - Set --authenticationMechanismto
PLAIN.
Warning
When you use one-time passwords with LDAP authentication, adding the connection string options maxPoolSize=1&srvMaxHosts=1 to your connection string is recommended to reduce the potential for connection failures.
Include the --host and--port of the MongoDB deployment, along with any other options relevant to your deployment.
For example, the following operation authenticates to a MongoDB deployment running with LDAP authentication and authorization:
mongosh --username alice@dba.example.com --password --authenticationDatabase '$external' --authenticationMechanism "PLAIN" --host "mongodb.example.com" --port 27017
To connect to a replica set, you can either:
- Use the DNS Seedlist Connection Format.
- Explicitly specify the replica set name and members in the connection string.
Important
When a replica set runs in Docker, it might expose only one MongoDB endpoint. In this case, the replica set is not discoverable, and specifyingdirectConnection=false can prevent your application from connecting to it.
In a test or development environment, you can connect to the replica set by specifyingdirectConnection=true in your connection URI. In a production environment, we recommend configuring the cluster to make each MongoDB instance accessible outside of the Docker virtual network.
To use the DNS seedlist connection format, include the +srv modifier in your connection string.
For example, to connect to a replica set on server.example.com, run the following command:
mongosh "mongodb+srv://server.example.com/"
Note
+srv TLS Behavior
When you use the +srv connection string modifier, MongoDB automatically sets the --tls connection option totrue. To override this behavior, set --tls to false.
You can specify individual replica set members in theconnection string.
For example, to connect to a three-member replica set named replA, run the following command:
mongosh "mongodb://mongodb0.example.com.local:27017,mongodb1.example.com.local:27017,mongodb2.example.com.local:27017/?replicaSet=replA"
Note
directConnection Parameter Added Automatically
When you specify individual replica set members in the connection string, mongosh automatically adds the directConnection=trueparameter, unless at least one of the following is true:
- The
replicaSetquery parameter is present in the connection string. - The connection string uses the
mongodb+srv://connection string format. - The connection string contains a seed list with multiple hosts.
- The connection string already contains a
directConnectionparameter.
When directConnection=true, all operations are run on the host specified in the connection URI.
To connect to a deployment using TLS, you can either:
- Use the DNS Seedlist Connection Format. The
+srvconnection string modifier automatically sets thetlsoption totruefor the connection.
For example, to connect to a DNS seedlist-defined replica set withtlsenabled, run the following command:
mongosh "mongodb+srv://server.example.com/" - Set the --tls option to
truein the connection string.
For example, to enabletlswith a connection string option, run the following command:
mongosh "mongodb://mongodb0.example.com:28015/?tls=true" - Specify the
--tlscommand-line option.
For example, to connect to a remote host withtlsenabled, run the following command:
mongosh "mongodb://mongodb0.example.com:28015" --tls To connect to a specific default database, specify a database in yourconnection string URI path. If unspecified by the connection string, the default database is the test database.
For example, to connect to a database called qa on localhost, run the following command:
mongosh "mongodb://localhost:27017/qa"
You can specify the authentication database in your connection string using the authSource connection option. If specified, the client uses this database to verify your user identity and credentials. If authSource is unspecified, it defaults to the default database specified in the connection string. If both authSourceand the default database are unspecified,authSource defaults to the admin database.
The following connection string sets the default database to myDefaultDBand the authentication database to admin:
mongodb://myDatabaseUser:D1fficultP%40ssw0rd@mongodb0.example.com:27017/myDefaultDB?authSource=admin
To establish a connection with proxy configurations, you can use the following environment variables:
| Variable | Description | Example |
|---|---|---|
| MONGODB_PROXY | Proxy connections to mongodb:// and mongodb+srv:// URLs, such as database clusters. | The following example sets the MONGODB_PROXY environment variable to proxy all MongoDB connections through a CONNECT proxy located atexample.com:8080 with TLS enabled.export MONGODB_PROXY=https://example.com:8080 |
| HTTP_PROXY | Proxy connections to http:// URLs. HTTP connections are mostly used for OIDC authentication.If you also set HTTPS_PROXY, the value of HTTPS_PROXY takes precedence for all requests. | The following example sets the HTTP_PROXY environment variable to proxy HTTP connections through a CONNECT proxy located atexample.com:8080:export HTTP_PROXY=http://example.com:8080 |
| HTTPS_PROXY | Proxy connections to https:// URLs. HTTPS connections are mostly used for OIDC authentication.If you also set HTTP_PROXY, the value of HTTPS_PROXY takes precedence for all requests. | The following example sets the HTTPS_PROXY environment variable to proxy all HTTPS connections through a CONNECT proxy located atlocalhost:8080 without TLS:export HTTPS_PROXY=http://localhost:8080 |
| ALL_PROXY | Proxy all connections to the specified URL. | The following example sets the ALL_PROXY environment variable to proxy all outbound network connections through a Socks5 proxy located atexample.com:1234 with credentials included in the URL:export ALL_PROXY=socks5://username:password@example.com:1234 |
| NO_PROXY | Comma-separated list of hostnames that should be excluded from proxying. | The following example sets the NO_PROXY environment variable to bypass the proxy for connections to localhost andinternal-db.example.com.export NO_PROXY=localhost,internal-db.example.com |
Note
mongosh supports the following proxy types:
- Socks5 proxies
- HTTP proxies
- CONNECT proxies
- PAC URLs that resolve to one of the previously listed proxies
If you are already connected to a deployment in the MongoDB Shell, you can use the Mongo() or connect() method to connect to a different deployment from within the MongoDB Shell.
To learn how to connect to a different deployment using these methods, see Open a New Connection.
To verify your current database connection, use thedb.getMongo() method.
The method returns the connection string URI for your current connection.
To disconnect from a deployment and exit mongosh, perform one of the following actions:
- Type
.exit,exit, orexit(). - Type
quitorquit(). - Press
Ctrl+D. - Press
Ctrl+Ctwice.
The shell displays a warning message when you connect to non-genuine MongoDB instances. Non-genuine instances may behave differently from the official MongoDB instances due to missing, inconsistent, or incomplete features.
- Kerberos authentication does not allow
authMechanismProperties=CANONICALIZE_HOST_NAME:true|falsein the connection string. Instead, use either:authMechanismProperties=CANONICALIZE_HOST_NAME:forwardauthMechanismProperties=CANONICALIZE_HOST_NAME:forwardAndReverseauthMechanismProperties=CANONICALIZE_HOST_NAME:none
mongoshcurrently only supports thezlibcompressor. The following compressors are not supported:zstdsnappy
- Starting in
mongosh2.0.0:
For boolean values in connection strings, you:- must use
trueorfalse. - cannot use
1,y,yes, ortinstead oftrue. - cannot use
-1,0,n,no, orfinstead offalse.
- must use