Before running the setup, please check (System Requirements) to install all required dependencies of MetaDefender Cluster (MD Cluster).
Setup order requirement
Please follow the installation order to complete the system setup properly.
| Order | Service | Notes |
|---|---|---|
| 1 | Redis, RabbitMQ, PostgreSQL and MD Cluster Identity Service |
|
| 2 | MD Cluster Control Center |
|
| 3 | MD Cluster File Storage |
|
| 4 | MD Cluster Worker for MD Cluster API Gateway and MD Cluster Worker for MetaDefender Core |
|
Image name and version
All the images can be found at OPSWAT Docker Hub with the following information:
version is the currently release version.
MD Cluster Identity Service
opswat/metadefender-distributed-cluster:identity-service-<version>-debian-12MD Cluster File Storage
opswat/metadefender-distributed-cluster:file-storage-<version>-debian-12MD Cluster Control Center
opswat/metadefender-distributed-cluster:control-center-<version>-debian-12MD Cluster Worker for MD Cluster API Gateway
opswat/metadefender-distributed-cluster:worker-api-gateway-<version>-debian-12MD Cluster Worker for MetaDefender Core
opswat/metadefender-distributed-cluster:worker-core-<version>-debian-12Environment variables
1. MD Cluster Identity Service
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_IDENTITY_SERVICE_DB_HOST | Required | Provide the database host for MD Cluster Identity Service |
MDDC_IDENTITY_SERVICE_DB_PORT | Optional | Provide the database port for MD Cluster Identity Service Default: 5432 |
MDDC_IDENTITY_SERVICE_DB_USER | Required | Provide the database user for MD Cluster Identity Service |
MDDC_IDENTITY_SERVICE_DB_PASSWORD | Required | Provide the database password for MD Cluster Identity Service |
MDDC_USER | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_EMAIL | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_IDENTITY_SERVICE_CONNECTION_KEY | Required | Define the connection key in order to register to Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_IDENTITY_SERVICE_PORT | Optional | Define the expose port for MD Cluster Identity Service Default: 8891 |
LOG_LEVEL | Optional | Define the log level. Default value: info Accepted values: |
Start MD Cluster Identity Service container with docker run:
docker run -d --name mddc-identity-service \ -e MDDC_IDENTITY_SERVICE_DB_HOST=<your_postgres_host> \ -e MDDC_IDENTITY_SERVICE_DB_USER=<your_postgres_user> \ -e MDDC_IDENTITY_SERVICE_DB_PASSWORD=<your_postgres_password> \ -e MDDC_IDENTITY_SERVICE_CONNECTION_KEY=<your_connection_key> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -e MDDC_EMAIL=<your_mddc_admin_email> \ -p 8891:8891 opswat/metadefender-distributed-cluster:identity-service-<version>-debian-122. MD Cluster File Storage
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_FILE_STORAGE_CONNECTION_KEY | Required | Define the connection key in order to register to MD Cluster Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_FILE_STORAGE_PORT | Optional | Define the expose port for MD Cluster File Storage. Default is 8890. |
MDDC_FILE_STORAGE_HOST | Optional | Define the MD Cluster File Storage's host address. If it's not specified, it will get the container's internal IP address. |
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
MDDC_CONTROL_CENTER_HOST | Required | Provide the MD Cluster Control Center's host address. |
MDDC_CONTROL_CENTER_PORT | Optional | Provide the MD Cluster Control Center's port. Default is 8892. |
MDDC_USER | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
Persistent storage is located at /opt/opswat/mddc-file-storage. If end-users require data to be retained across container lifecycles, they must mount a volume to this path with 777 permissions to ensure full read/write access for all processes.
Start MD Cluster File Storage container with docker run.
docker run -d --name mddc-file-storage \ -e MDDC_FILE_STORAGE_CONNECTION_KEY=<your_connection_key> \ -e MDDC_FILE_STORAGE_PORT=8890 \ -e MDDC_CONTROL_CENTER_HOST=<control-center_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -p 8890:8890 opswat/metadefender-distributed-cluster:file-storage-<version>-debian-123. MD Cluster Control Center
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_LAKE_DB_HOST | Optional | Provide the database host for Data Lake. In case that the end-user does not have the Data Lake, it's required to provide this variable to automate the database preparation. |
MDDC_LAKE_DB_PORT | Optional | Provide the database port for Data Lake. Default is 5432. |
MDDC_LAKE_DB_USER | Optional | Provide the database user for Data Lake. In case that the end-user does not have the Data Lake, it's required to provide this variable to automate the database preparation. |
MDDC_LAKE_DB_PASSWORD | Optional | Provide the database password for Data Lake. In case that the end-user does not have the Data Lake, it's required to provide this variable to automate the database preparation. |
MDDC_WAREHOUSE_DB_HOST | Optional | Provide the database host for Data Warehouse. In case that the end-user does not have the Data Warehouse, it's required to provide this variable to automate the database preparation. |
MDDC_WAREHOUSE_DB_PORT | Optional | Provide the database port for Data Warehouse. Default is 5432. |
MDDC_WAREHOUSE_DB_USER | Optional | Provide the database user for Data Warehouse. In case that the end-user does not have the Data Warehouse, it's required to provide this variable to automate the database preparation. |
MDDC_WAREHOUSE_DB_PASSWORD | Optional | Provide the database password for Data Warehouse. In case that the end-user does not have the Data Warehouse, it's required to provide this variable to automate the database preparation. |
MDDC_CACHE_HOST | Optional | Provide the caching host (Redis). |
MDDC_CACHE_PORT | Optional | Provide the caching port (Redis). |
MDDC_CACHE_USER | Optional | Provide the caching username (Redis). If the end-user does not provide it, Redis will be added without authentication. |
MDDC_CACHE_PASSWORD | Optional | Provide the caching password (Redis). If the end-user does not provide it, Redis will be added without authentication. Do not support double quotes ( |
MDDC_BROKER_HOST | Optional | Provide the broker host (RabbitMQ). |
MDDC_BROKER_PORT | Optional | Provide the broker port (RabbitMQ). |
MDDC_BROKER_USER | Optional | Provide the broker username (RabbitMQ). |
MDDC_BROKER_PASSWORD | Optional | Provide the broker password (RabbitMQ). |
MDDC_CONTROL_CENTER_DB_HOST | Required | Provide the database host for MD Cluster Control Center. |
MDDC_CONTROL_CENTER_DB_PORT | Optional | Provide the database port for MD Cluster Control Center. Default is 5432. |
MDDC_CONTROL_CENTER_DB_USER | Required | Provide the database username for MD Cluster Control Center. |
MDDC_CONTROL_CENTER_DB_PASSWORD | Required | Provide the database password for MD Cluster Control Center. |
MDDC_USER | Required | Provide the administrator account that is defined in MD Cluster Identity Service. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Provide the administrator account that is defined in MD Cluster Identity Service. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Provide the administrator account that is defined in MD Cluster Identity Service. This account is to automatically do the following tasks:
|
MDDC_IDENTITY_SERVICE_HOST | Required | Provide the MD Cluster Identity Service host in order to add it to MD Cluster Control Center. |
MDDC_IDENTITY_SERVICE_PORT | Optional | Provide the IMD Cluster dentity Service port in order to add it to MD Cluster Control Center. Default is 8891. |
MDDC_IDENTITY_SERVICE_CONNECTION_KEY | Required | Provide the MD Cluster Identity Service connection key in order to add it to MD Cluster Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_CONTROL_CENTER_ENCRYPTION_KEY | Required | Define the encryption key for communication between MD Cluster Control Center and the services. Must be 32 characters long and contain only lowercase letters (a–z) and digits (0–9). |
MDDC_CERT_PATH | Optional | Provide the directory path that contains the certificate and private key in order to enable https
Note: when provide this variable, it's supposed to mount this path to Note: In cases where SSL fails to enable due to the File Storage service not being ready, the end-user can either restart the MD Cluster Control Center or manually activate SSL as a workaround. |
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
Start MD Cluster Control Center container with Docker run.
docker run -d --name mddc-control-center \ -e MDDC_CONTROL_CENTER_DB_HOST=<your_postgre_host> \ -e MDDC_CONTROL_CENTER_DB_USER=<your_postgre_user> \ -e MDDC_CONTROL_CENTER_DB_PASSWORD=<your_postgre_password> \ -e MDDC_IDENTITY_SERVICE_HOST=<your_identity_service_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -e MDDC_IDENTITY_SERVICE_CONNECTION_KEY=<your_connection_key> \ -e MDDC_CONTROL_CENTER_ENCRYPTION_KEY=<your_encryption_key> \ -e MDDC_CERT_PATH=/certs \ -v /new-certificates:/certs \ -p 8892:8892 opswat/metadefender-distributed-cluster:control-center-<version>-debian-124. MD Cluster Worker for API Gateway
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_WORKER_CONNECTION_KEY | Required | Define the connection key in order to register to MD Cluster Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_WORKER_PORT | Optional | Define the expose worker's port. Default is 8893. |
MDDC_WORKER_HOST | Optional | Define the worker's host address. If it's not specified, it will get the container's internal IP address. |
MDDC_CONTROL_CENTER_HOST | Required | Provide the MD Cluster Control Center's host address. |
MDDC_CONTROL_CENTER_PORT | Optional | Provide the MD Cluster Control Center's port Default is 8892. |
MDDC_USER | Required | Provide the administrator account that is defined in MD Cluster Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Provide the administrator account that is defined in MD Cluster Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Provide the administrator account that is defined in MD Cluster Identity Service. This account is to automatically do the following tasks:
|
MDDC_API_GATEWAY_PORT | Optional | Define the expose port to scan files via MD Cluster API Gateway. Default is 8899. |
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
If multiple MD Cluster API Gateway containers are deployed on the same host, make sure their ports are configured to avoid conflicts.
Start MD Cluster Worker for MD Cluster API Gateway container with Docker run.
docker run -d --name mddc-worker-api-gateway \ -e MDDC_WORKER_CONNECTION_KEY=<your_connection_key> \ -e MDDC_WORKER_HOST=<your_worker_host_address> \ -e MDDC_CONTROL_CENTER_HOST=<your_control_center_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -e MDDC_API_GATEWAY_PORT=8899 \ -p 8893:8893 -p 8899:8899 opswat/metadefender-distributed-cluster:worker-api-gateway-<version>-debian-125. MD Cluster Worker for Core
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_WORKER_CONNECTION_KEY | Required | Define the connection key in order to register to MD Cluster Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_WORKER_PORT | Optional | Define the expose worker's port. Default is 8893. |
MDDC_WORKER_HOST | Optional | Define the worker's host address. If it's not specified, it will get the container's internal IP address. |
MDDC_CONTROL_CENTER_HOST | Required | Provide the MD Cluster Control Center's host address. |
MDDC_CONTROL_CENTER_PORT | Optional | Provide the MD Cluster Control Center's port. Default is 8892. |
MDDC_USER | Required | Provide the administrator account that is defined in MD Cluster Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Provide the administrator account that is defined in MD Cluster Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Provide the administrator account that is defined in MD Cluster Identity Service. This account is to automatically do the following tasks:
|
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
MDDC_LICENSE_KEY | Optional | Provide the license key to activate MetaDefender Core. |
MDDC_LICENSE_DESCRIPTION | Optional | Define description of the license key. |
If multiple MetaDefender Core containers are deployed on the same host, make sure their ports and hosts are configured to avoid conflicts.
Start MD Cluster Worker for MetaDefender Core container with Docker run.
docker run -d --name mddc-worker-core \ -e MDDC_WORKER_CONNECTION_KEY=<your_connection_key> \ -e MDDC_WORKER_HOST=<your_core_host_address> \ -e MDDC_CONTROL_CENTER_HOST=<your_control_center_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=>your_mddc_admin_password> \ -p 8893:8893 opswat/metadefender-distributed-cluster:worker-core-<version>-debian-12Start MetaDefender Cluster with Docker Compose
- Create a local file named
docker-compose.yamland copy the following content to this file:
x
services redis rabbitmq postgres identity-service file-storage control-center worker-api-gateway worker-corenetworks ##Ensure to replace with your specific image tag- Prepare an environment variable file named
.env.exampleand provide with your own values - Run the application with the command:
docker compose up -dKnown limitation
- When the host experiences resource limitations or degraded performance, some containers may fail to start properly. In such cases, restarting the container is recommended to restore normal operation.
Was this page helpful?
On This Page
Container-Based SetupSetup order requirementImage name and versionEnvironment variables1. MD Cluster Identity Service2. MD Cluster File Storage3. MD Cluster Control Center4. MD Cluster Worker for API Gateway5. MD Cluster Worker for CoreStart MetaDefender Cluster with Docker ComposeKnown limitation
