Advanced installation for Unix-based deployments
This page describes in detail how you can achieve the following tasks:
- Use an external MongoDB server instead of the built-in database
- Configure HTTPS communication for the web server
- Install MetaDefender Software Supply Chain on a different disk
Use an external database
Production deployments of MetaDefender Software Supply Chain should ensure high availability and/or load-balancing at the database level by using an external MongoDB (or any compatible service) instead of the built-in database that is included with the basic installation.
How to setup an external MongoDB in MetaDefender Software Supply Chain
The following steps should be performed before initializing MetaDefender Software Supply Chain for the first time (i.e before the mdssc -u init command from the installation guide).
- Ensure that your external MongoDB is properly configured and ready to accept remote connections
Note: it is recommended to setup access control for your external database as well as taking the necessary network security measures to ensure that only the server running MetaDefender Software Supply Chain can access the database.
These steps can be performed after the installation or at any other time but the existing data (if any) will be lost. In this case, the last step should be replaced with a restart instead of a start command.
We recommend using a version of MongoDB that is the same as the built-in database version from the System Requirements | Installation components page.
- Locate the configuration file created by the installer in /etc/mdssc/customer.env
- Add the following configuration line:
MONGO_URL=mongodb://user:password@server:port/MDCS?authSource=admin- Please check the connection string documentation for more information. Make sure you add MDCS as the target database as shown in the example above.
- Save the file.
- Initialize MetaDefender Software Supply Chain by running the following command:
sudo mdssc -u init- Return to the installation process and continue the installation.
MongoDB advanced setup
For special use cases you may need to backup your database or restore it. MetaDefender Software Supply Chain allows you to do this by using the following commands
sudo mdssc -u export_dbRunning this command will create a dump file in /etc/mdssc/db_[...].tar this file can be use afterwards as a restore file using the import command:
sudo mdssc -u import_dbTo ensure data integrity, always stop the MDSSC product before importing the database.
Use mdssc -c stop to stop the product, and once the import is complete, mdssc -c start to start it.
Configure HTTPS communication for the web server
Production deployments should ensure that any HTTP traffic between clients (browsers or other API client) and MetaDefender Software Supply Chain is encrypted using HTTPS.
In order to setup HTTPS communication please follow these steps:
- Obtain the certificate and the private key as two separate files (for example, crt.pem & key.pem )
- Rename the private key file in the form of <name>.key such that the extension of the file is .key
- Place your certificates in /etc/mdssc/webclient/
- Run the enable_https utility by executing the bellow command
- Verify that HTTPS is configured correctly by navigating with your browser.
sudo mdssc -u enable_httpsDisabling HTTPS communication for the web server
For disabling HTTPS communication, run the following command:
sudo mdssc -u disable_httpsAdd Self Signed SSL certification of service providers and MD Core
For various on-prem instances of services like GitHub, GitLab, Bitbucket, SVN, Jfrog, or an on-prem instance of MD Core with self signed SSL certifications, it is necessary that the correct certification chains should be copied in the MDSSC installation directory, under the subfolder ca-certificates:
Default location of ca-certificates is: /etc/mdssc/ca-certificates
Install MetaDefender Software Supply Chain on a different disk
The following steps should be performed before initializing MetaDefender Software Supply Chain for the first time (i.e. before the mdssc -u init command from the installation guide).
These steps should be performed right after the installation of Docker so that no data is lost.
- First make sure Docker is not running and the default directory is clean
- Remove existing images and volumes
sudo docker rm -f $(docker ps -aq); docker rmi -f $(docker images -q)- Stop Docker
sudo systemctl stop docker- Remove the default Docker location
sudo rm -rf /var/lib/docker- Create a new empty directory in the default location
sudo mkdir /var/lib/docker- Create a new empty directory on the new partition
sudo mkdir /<PATH_TO_NEW_LOCATION>- Mount the new location in the default directory
sudo mount --rbind //<PATH_TO_NEW_LOCATION> /var/lib/docker- Start back the docker service
sudo systemctl start docker- Initialize MetaDefender Software Supply Chain by running the following command:
sudo mdssc -u init