This guide provides detailed instructions for installing MetaDefender Software Supply Chain and its dependencies on machines with limited or no internet connectivity. A machine connected to the internet will be needed to download the dependencies manually and copy them to the offline machine.
Offline License Activation
If you have installed, or if you wish to install or use, the MetaDefender Software Supply Chain's system in a restricted environment, you will have to allow access to the following hosts' to ensure MetaDefender Software Supply Chain's accurate functioning:
- https://activation.dl.opswat.com - this is for product activation/licensing.
- https://update.dl.opswat.com - this is for fetching engine/database updates.
Since August 2023, we've migrated to AWS Cloudfront as our CDN for Update Servers. Depending on your location, you'll be directed to specific Edge Locations, each with its own unique IP ranges. Ensure you've allowed the correct Cloudfront IP ranges by referring to: https://ip-ranges.amazonaws.com/ip-ranges.json
Installing Binary Packages
You will need to download and install the following binary packages for your respective operating system:
Debian/Ubuntu
curl, openssl, sudo, apt-utils, ca-certificates, jq, gnupg-agent, iproute2, apt-transport-https, software-properties-commonRedHat/CentOS
curl, openssl, sudo, apt-utils, ca-certificates, jq, gnupg-agent, iproute2, apt-transport-https, software-properties-commonNote: For detailed instructions, refer to the guide for Debian/Ubuntu or CentOS/RHEL
Installing Docker and Docker Compose
To be able to install the dependencies offline, you need a machine connected to the internet to download the required packages. Later, the packages will be copied to the offline machine.
To download the dependencies, follow the official guide for Docker Engine and Docker Compose
The compose plugin for docker can be installed only manually when in an offline environment using the following commands (also available in the official instructions in the link above):
mkdir -p /usr/local/lib/docker/cli-plugins/curl -SL https://github.com/docker/compose/releases/download/v2.28.0/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-composesudo chmod +x /usr/local/lib/docker/cli-plugins/docker-composeInstalling MetaDefender Software Supply Chain package
After the prerequisites above have been set up, you can run the MetaDefender Software Supply Chain installer to setup the compose files and the mdssc command line.
Debian/Ubuntu
sudo dpkg -i <name of the file>.deb || sudo apt-get install -fRedHat/CentOS
sudo yum install -y <name of the file>.rpmPulling the Docker Images
In offline environments, all required Docker images must be pulled on an internet-connected machine and transferred to the target system.
Required Images
MetaDefender Software Supply Chain requires:
- MDSSC service images
- OPSWAT platform services
- Third-party infrastructure images (database, cache, messaging)
All images are versioned per release.
Use the following placeholders:
<MDSSC_VERSION>— e.g.3.1.1<PLATFORM_VERSION>— e.g.platform-2.x
Step 1: Pull Images (Online Machine)
Can be tried on the offline machine also with the Docker whitelist: Allowlist | Docker Docs
docker pull opswat/mdssc_api:<MDSSC_VERSION>docker pull opswat/mdssc_frontend:<MDSSC_VERSION>docker pull opswat/mdssc_binaries:<MDSSC_VERSION>docker pull opswat/mdssc_sourcecode:<MDSSC_VERSION>docker pull opswat/mdssc_containers:<MDSSC_VERSION>docker pull opswat/mdssc_notifications:<MDSSC_VERSION>docker pull opswat/mdssc_mongomigrations:<MDSSC_VERSION>docker pull opswat/mdssc_pgmigrations:<MDSSC_VERSION>docker pull opswat/mdcloudservices_commonservices:<PLATFORM_VERSION>docker pull opswat/mdcloudservices_licensing:<PLATFORM_VERSION>docker pull mongo:<MONGO_VERSION>docker pull postgres:<POSTGRES_VERSION>docker pull redis:<REDIS_VERSION>docker pull rabbitmq:<RABBITMQ_VERSION>Step 2: Export Images
docker save \ opswat/mdssc_api:<MDSSC_VERSION> \ opswat/mdssc_frontend:<MDSSC_VERSION> \ opswat/mdssc_binaries:<MDSSC_VERSION> \ opswat/mdssc_sourcecode:<MDSSC_VERSION> \ opswat/mdssc_containers:<MDSSC_VERSION> \ opswat/mdssc_notifications:<MDSSC_VERSION> \ opswat/mdssc_mongomigrations:<MDSSC_VERSION> \ opswat/mdssc_pgmigrations:<MDSSC_VERSION> \ opswat/mdcloudservices_commonservices:<PLATFORM_VERSION> \ opswat/mdcloudservices_licensing:<PLATFORM_VERSION> \ mongo:<MONGO_VERSION> \ postgres:<POSTGRES_VERSION> \ redis:<REDIS_VERSION> \ rabbitmq:<RABBITMQ_VERSION> \ -o mdssc-images-<MDSSC_VERSION>.tarStep 3: Load Images (Offline Machine)
docker load -i mdssc-images-<MDSSC_VERSION>.# Check resultdocker image lsStarting MetaDefender Software Supply Chain
Finally, MDSSC can be started using the regular startup command:
sudo mdssc -c start
