Production considerations for Unix-based deployments
This page describes in detail how you can achieve the following tasks:
- Use an external MongoDB server instead of the built-in database
- Configure HTTPS communication for the web server
- Install MetaDefender Storage Security on a different disk
Use an external database
Production deployments of MetaDefender Storage Security should ensure high availability and/or load-balancing at the database level by using an external MongoDB (or any compatible service) instead of the built-in database that is included with the basic installation.
We recommend using a version of MongoDB that is the same as the built-in database version from the Unix-based deployments | System Requirements page.
How to setup an external MongoDB in MetaDefender Storage Security
The following steps should be performed before initializing MetaDefender Storage Security for the first time (i.e before the mdss -u init command from the installation guide).
These steps can be performed after the installation or at any other time but the existing data (if any) will be lost. In this case, the last step should be replaced with a restart instead of a start command.
- Ensure that your external MongoDB is properly configured and ready to accept remote connections
Note: it is recommended to setup access control for your external database as well as taking the necessary network security measures to ensure that only the server running MetaDefender Storage Security can access the database.
- Locate the configuration file created by the installer in /etc/mdss/customer.env
- Add the following configuration line:
- Please check the connection string documentation for more information. Make sure you add MDCS as the target database as shown in the example above.
- Save the file.
- Initialize MetaDefender Storage Security by running the following command:
- Return to the installation process and continue the installation.
MongoDB advanced setup
For special use cases you may need to backup your database or restore it. MetaDefender Storage Security allows you to do this by using the following commands
Running this command will create a dump file in /etc/mdss/db_[...].tar this file can be use afterwards as a restore file using the import command:
The import_db utility will use the latest db_[...].tar file as restore point
Configure HTTPS communication for the web server
Production deployments should ensure that any HTTP traffic between clients (browsers or other API client) and MetaDefender Storage Security is encrypted using HTTPS.
Click here for detailed instructions on how to setup a certificate for NGINX web server.
Install MetaDefender Storage Security on a different disk
The following steps should be performed before initializing MetaDefender Storage Security for the first time (i.e before the mdss -u init command from the installation guide).
These steps should be performed right after the installation of Docker so that no data is lost.
- First make sure Docker is not running and the default directory is clean
- Remove existing images and volumes
- Stop Docker
- Remove the default Docker location
- Create a new empty directory in the default location
- Create a new empty directory on the new partition
- Mount the new location in the default directory
- Start back the docker service
- Initialize MetaDefender Storage Security by running the following command: