Container-Based Setup

Before running the setup, please check [Central Hub] Recommended System Configuration to install all required dependencies.

Setup order requirement

Please follow installation steps in order to complete the system setup properly:

Order no.	Service	Notes
1	Redis, RabbitMQ, PostgreSQL and File Server (NAS)	Could be setup in parallel in any order among them. Make sure they are all fully functional and accessible before proceeding to the next setup order #2.
2	First MetaDefender Core instance in the shared DB mode.	A valid license must be provisioned and activated. In case of MetaDefender Core upgrade scenario, make sure all other MetaDefender Core instances' service are stopped while upgrading this first MetaDefender Core instance. Make sure they are all fully functional and accessible. Heath check constraints to be reviewed and confirmed. In the Central Hub model, MetaDefender Core will not consume any processing tasks from the central queue while staying unheathy via the heath check.
3	The Hub instance, and any other MetaDefender Core instances in the shared DB mode.	Could be setup in parallel in any order among them. Make sure it is fully functional and accessible.

1. Redis caching server

Pull the target docker image from Redis repository on DockerHub e.g. https://hub.docker.com/layers/library/redis/7.0.5/images/sha256-2bd864580926b790a22c8b96fd74496fe87b3c59c0774fe144bab2788e78e676?context=explore

Bash
    
 
docker pull redis:<version>
Copy

Run the image:

Bash
    
 
docker run -d --name <container name> \ -p <redis port>:6379 \ <redis image name>
Copy

Check container log to ensure everything works properly:

Bash
    
​x
 
docker logs -f <container name>​# Write a log file from container logdocker logs <container name> > <filename>.log
Copy

Example:

Pull Redis version 7.0.5 from DockerHub.
Run the image with name set to 'redis', port tied to '6379' and image name set to 'redis:7.0.5'
Check container log.

Bash
    
 
docker pull redis:7.0.5docker run -d --name redis -p 6379:6379 redis:7.0.5docker logs -f redis
Copy

2. RabbitMQ broker server

Pull the target docker image from RabbitMQ repository on DockerHub e.g. https://hub.docker.com/layers/library/rabbitmq/3.10.7/images/sha256-90801171d4fdffc9b8877bb3ea5edb974cc123a2f27a678d5fd81488fb5025a2?context=explore

Bash
    
 
docker pull rabbitmq:<version>
Copy

Run the inage:

Bash
    
 
docker run -d --name <container name> \  [-e RABBITMQ_DEFAULT_USER=<rabbitmq user>] \  [-e RABBITMQ_DEFAULT_PASS=<rabbitmq password>] \  -p <rabbitmq port>:5672 \  <rabbitmq image name>
Copy

Check container log to ensure everything works properly:

Bash
    
 
docker logs -f <container name>​# Write a log file from container logdocker logs <container name> > <filename>.log
Copy

Example:

Pull RabbitMQ version 3.10.7 from DockerHub.
Run the image with name set to 'rabbitmq', username and password set to 'admin', port tied to '6379' and image name set to 'rabbitmq:3.10.7'
Check container log in real time.

Bash
    
 
docker pull rabbitmq:3.10.7docker run -d --name rabbitmq \  -e RABBITMQ_DEFAULT_USER=admin \  -e RABBITMQ_DEFAULT_PASS=admin \  -p 5672:5672 \  rabbitmq:3.10.7docker logs -f rabbitmq
Copy

3. PostgreSQL database server

Pull the target docker image from PostgreSQL repository on DockerHub e.g. https://hub.docker.com/layers/library/postgres/12.10/images/sha256-788f33abeef419b4252f73bf55ddf6fc6f77db759f81c7557fb8e1a72fad353b?context=explore

Bash
    
 
docker pull postgres:<version>
Copy

Run the image:

Bash
    
 
docker run -d --name <container name> \  [-e POSTGRES_PASSWORD=<postgres password>] \  -p <postgres port>:5432 \  <postgres image name>
Copy

Check container log to ensure everything works properly:

Bash
    
 
docker logs -f <container name>​# Write a log file from container logdocker logs <container name> > <filename>.log
Copy

Example:

Pull PostgreSQL version 12.10 from DockerHub.
Run the image with name set to 'postgres', password set to 'admin', port tied to '5432' and image name set to 'postgres:12.10'
Check container log in real time.

Bash
    
 
docker pull postgres:12.10docker run -d --name postgres \  -e POSTGRES_PASSWORD=admin \  -p 5432:5432 \  postgres:12.10docker logs -f postgres
Copy

4. File storage server (NAS)

Create a designated folder for <NAS config folder> e.g. ~/mdcore/nas_config
Generate private key, certificate in X509 format and store to a designated location <NAS config folder>
Complete configuration file ometascan_nas.conf MetaDefender Core NAS (File Storage Server) and store it in <NAS config folder>
Pull the target docker image from OPSWAT repository on DockerHub

Bash
    
 
docker pull <repository>/mdnas-<platform>:<version>
Copy

<repository>: opswat
<platform>: debianor rocky
<version>: File storage server version, default is latest

Run the image and mount <NAS config folder> to/etc/opswat

Bash
    
 
docker run -d  --name <container name> \  -v <nas config folder>:/etc/opswat \  -p <nas port>:8888 \  <image name>
Copy

Check container log to ensure everything works properly

Bash
    
 
docker logs -f <container name>​# Write a log file from container logdocker logs <container name> > <filename>.log
Copy

Example 1:

Docker pull NAS version 1.0 from DockerHub
Create folder ~/mdcore/nas_config
Generate private key, certificate and store to ~/mdcore/nas_config
Fill configuration file ometascan_nas.conf and store to ~/mdcore/nas_config
Run the image with /etc/opswat folder tied to ~/mdcore/nas_config , port tied to '8888' and image name set to 'mdnas-debian:1.0.0'
Check container log

Bash
    
 
docker pull opswat/mdnas-debian:latestmkdir -p ~/mdcore/nas_configopenssl req -new -newkey rsa:4096 -days 36500 \ -nodes -x509 \ -keyout ~/mdcore/nas_config/localhost-100y.key \ -out ~/mdcore/nas_config/localhost-100y.certvim ~/mdcore/nas_config/ometascan_nas.confdocker run -d --name nas \ -v ~/mdcore/nas_config:/etc/opswat \ -p 8888:8888 \ mdnas-debian:1.0.0docker logs -f nas
Copy

Example 2 (Run as non-root with random uid use --user and uid !=0):

Bash
    
 
docker pull opswat/mdnas-debian:latestmkdir -p ~/mdcore/nas_configopenssl req -new -newkey rsa:4096 -days 36500 \ -nodes -x509 \ -keyout ~/mdcore/nas_config/localhost-100y.key \ -out ~/mdcore/nas_config/localhost-100y.certvim ~/mdcore/nas_config/ometascan_nas.confchmod 755 -R ~/mdcore/nas_configdocker run -d --name nas_debian \ -v ~/mdcore/nas_config:/etc/opswat \ --user 1000:1000 \ -p 8888:8888 \  opswat/mdnas-debian:latestdocker logs -f nas_debian
Copy

Example 3 (Run with enabled read-only mode):

Bash
    
 
docker pull opswat/mdnas-debian:latestmkdir -p ~/mdcore/nas_configopenssl req -new -newkey rsa:4096 -days 36500 \ -nodes -x509 \ -keyout ~/mdcore/nas_config/localhost-100y.key \ -out ~/mdcore/nas_config/localhost-100y.certvim ~/mdcore/nas_config/ometascan_nas.confchmod 755 -R ~/mdcore/nas_configdocker run -d --name nas_debian \ -v ~/mdcore/nas_config:/etc/opswat \ --read-only \ -p 8888:8888 \  opswat/mdnas-debian:latestdocker logs -f nas_debian
Copy

5. MetaDefender Core server

Create a designated folder for <Core ignition folder> e.g. ~/mdcore/ignition_file
Complete ignition file ometascan.conf MetaDefender Core and store it in <Core ignition folder>
Pull the target docker image from OPSWAT repository on DockerHub

Bash
    
 
docker pull <repository>/metadefendercore-<platform>:<version>
Copy

<repository>: opswat
<platform>: debian or rocky
<version>: MetaDefender Core version, default is latest

Run the image and mount <Core ignition folder> to/opt/ometascan/core_data/opswat

Bash
    
 
docker run -d  --name <container name> \  -v <core config folder>:/opt/ometascan/core_data/opswat \  -p <core port>:8008 \  <image name>
Copy

Check container log to ensure everything works properly

Bash
    
 
docker logs -f <container name>​# Write a log file from container logdocker logs <container name> > <filename>.log
Copy

Example 1:

Docker pull MetaDefender Core version 5.3.0 from DockerHub
Create folder ~/mdcore/ignition_file
Fill configuration file ometascan.conf and store to ~/mdcore/ignition_file
Run the image with /opt/ometascan/core_data/opswat folder tied to ~/mdcore/ignition_file , port tied to '8888' and image name set to 'mdcore-debian:5.3.0'
Check container log

Bash
    
 
docker pull opswat/metadefendercore-debian:latestmkdir -p ~/mdcore/ignition_filevim ~/mdcore/ignition_file/ometascan.confchmod 666 -R ~/mdcore/ignition_filedocker run -d --name core_debian \ -v ~/mdcore/ignition_file:/opt/ometascan/core_data/opswat \ -p 8008:8008 opswat/metadefendercore-debian:latestdocker logs -f core_debian
Copy

Example 2 (Run as non-root with random uid):

Bash
    
 
docker pull opswat/metadefendercore-debian:latestmkdir -p ~/mdcore/ignition_filevim ~/mdcore/ignition_file/ometascan.confchmod 777 -R ~/mdcore/ignition_filedocker run -d --name core_debian \ -v ~/mdcore/ignition_file:/opt/ometascan/core_data/opswat \ -p 8008:8008 --user 1000:1000 opswat/metadefendercore-debian:latestdocker logs -f core_debian
Copy

Example 3 (Run with enabled read-only):

Bash
    
 
docker pull opswat/metadefendercore-debian:latestmkdir -p ~/mdcore/ignition_filevim ~/mdcore/ignition_file/ometascan.confchmod 777 -R ~/mdcore/ignition_filedocker run -d --name core_debian \ -v ~/mdcore/ignition_file:/opt/ometascan/core_data/opswat \ -p 8008:8008 --read-only opswat/metadefendercore-debian:latestdocker logs -f core_debian
Copy

6. Hub server

Create a designated folder for <Hub config folder> e.g. ~/mdcore/hub_config
Complete configuration file ometascan_hub.conf MetaDefender Core Hub (Hub) and store it in <Hub config folder>
Pull the target docker image from OPSWAT repository on DockerHub

Bash
    
 
docker pull <repository>/mdhub-<platform>:<version>
Copy

<repository>: opswat
<platform>: debian or rocky
<version>: Hub version, default is latest

Run the image and mount <Hub config folder> to/etc/opswat

Bash
    
 
docker run -d  --name <container name> \  -v <hub config folder>:/etc/opswat \  -p <hub port>:8889 \  <image name>
Copy

Check container log to ensure everything works properly

Bash
    
 
docker logs -f <container name>​# Write a log file from container logdocker logs <container name> > <filename>.log
Copy

Example 1:

Docker pull Hub version 1.0 from DockerHub
Create folder ~/mdcore/hub_config
Fill configuration file ometascan_hub.conf and store to ~/mdcore/hub_config
Run the image with /etc/opswat folder tied to ~/mdcore/hub_config , port tied to '8889' and image name set to 'mdhub-debian:1.0.0'
Check container log

Bash
    
 
docker pull opswat/mdhub-debian:latestmkdir -p ~/mdcore/hub_configvim ~/mdcore/hub_config/ometascan_hub.confdocker run -d --name hub_debian \ -v ~/mdcore/hub_config:/etc/opswat \ -p 8889:8889 \  opswat/mdhub-debian:1.0.0docker logs -f hub_debian
Copy

Example 2 (Run as non-root random uid with option --user <uid>:<gid>):

Bash
    
 
docker pull opswat/mdhub-debian:latestmkdir -p ~/mdcore/hub_configvim ~/mdcore/hub_config/ometascan_hub.confdocker run -d --name hub_debian \ -v ~/mdcore/hub_config:/etc/opswat \ --user 1000:1000 \ -p 8889:8889 \  opswat/mdhub-debian:1.0.0docker logs -f hub_debian
Copy

Example 3 (Run with enabled read only file-system with option --ready-only):

Bash
    
 
docker pull opswat/mdhub-debian:latestmkdir -p ~/mdcore/hub_configvim ~/mdcore/hub_config/ometascan_hub.confdocker run -d --name hub_debian \ -v ~/mdcore/hub_config:/etc/opswat \ --read-only \ -p 8889:8889 \  opswat/mdhub-debian:1.0.0docker logs -f hub_debian
Copy

Last updated on

Was this page helpful?