Fatally you have overridden the entrypoint and have not specificed --auth. The entrypoint is where the environment variables are used to set the ROOT username and password and more importantly, detect they are configured and enable authentication.
So essentially the mongo container is running without authentication.
https://hub.docker.com/_/mongo has fairly good instructions on how to use the container image correctly. Most additional options should be passed as values to the command: key in the compose-file.
This is actually the default for the container image.
Restricting access by IP address should be done via your firewall/security groups.
Addressed above, you’re running without authorization enabled because the entrypoint was overridden and --auth was not specified in the replacement.
I’d still put the options on the command section. The container entrypoint is very good and it is is how the container is designed to be used.
However you will still be missing a couple of things that should be on any installation. Cluster auth (keyfile or x509) will be needed for replicaset members to connect to each other when auth is enabled. And TLS should be enabled.
Ok, thank you. I’ll be reading up on MongoDB university. On Atlas, I get that, but pricing just isn’t there for the project I’m working on, with at least 50-75Gb of data, so I’m stuck using a local version.