Container-Based Setup
Before running the setup, please check (System Requirements) to install all required dependencies of MetaDefender Distributed Cluster (MDDC).
Setup order requirement
Please follow the installation order to complete the system setup properly.
| Order | Service | Notes |
|---|---|---|
| 1 | Redis, RabbitMQ, PostgreSQL and MDDC Identity Service |
|
| 2 | MDDC Control Center |
|
| 3 | MDDC File Storage |
|
| 4 | MDDC Worker for MDDC API Gateway and MDDC Worker for MetaDefender Core |
|
Image name and version
All the images can be found at OPSWAT Docker Hub with the following information:
version is the currently release version.
MDDC Identity Service
opswat/metadefender-distributed-cluster:identity-service-<version>-debian-12MDDC File Storage
opswat/metadefender-distributed-cluster:file-storage-<version>-debian-12MDDC Control Center
opswat/metadefender-distributed-cluster:control-center-<version>-debian-12MDDC Worker for MDDC API Gateway
opswat/metadefender-distributed-cluster:worker-api-gateway-<version>-debian-12MDDC Worker for MetaDefender Core
opswat/metadefender-distributed-cluster:worker-core-<version>-debian-12Environment variables
1. MDDC Identity Service
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_IDENTITY_SERVICE_DB_HOST | Required | Provide the database host for MDDC Identity Service |
MDDC_IDENTITY_SERVICE_DB_PORT | Optional | Provide the database port for MDDC Identity Service Default: 5432 |
MDDC_IDENTITY_SERVICE_DB_USER | Required | Provide the database user for MDDC Identity Service |
MDDC_IDENTITY_SERVICE_DB_PASSWORD | Required | Provide the database password for MDDC Identity Service |
MDDC_USER | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_EMAIL | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_IDENTITY_SERVICE_CONNECTION_KEY | Required | Define the connection key in order to register to Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_IDENTITY_SERVICE_PORT | Optional | Define the expose port for MDDC Identity Service Default: 8891 |
LOG_LEVEL | Optional | Define the log level. Default value: info Accepted values: |
Start MDDC Identity Service container with docker run:
docker run -d --name mddc-identity-service \ -e MDDC_IDENTITY_SERVICE_DB_HOST=<your_postgres_host> \ -e MDDC_IDENTITY_SERVICE_DB_USER=<your_postgres_user> \ -e MDDC_IDENTITY_SERVICE_DB_PASSWORD=<your_postgres_password> \ -e MDDC_IDENTITY_SERVICE_CONNECTION_KEY=<your_connection_key> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -e MDDC_EMAIL=<your_mddc_admin_email> \ -p 8891:8891 opswat/metadefender-distributed-cluster:identity-service-<version>-debian-122. MDDC File Storage
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_FILE_STORAGE_CONNECTION_KEY | Required | Define the connection key in order to register to MDDC Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_FILE_STORAGE_PORT | Optional | Define the expose port for MDDC File Storage. Default is 8890. |
MDDC_FILE_STORAGE_HOST | Optional | Define the MDDC File Storage's host address. If it's not specified, it will get the container's internal IP address. |
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
MDDC_CONTROL_CENTER_HOST | Required | Provide the MDDC Control Center's host address. |
MDDC_CONTROL_CENTER_PORT | Optional | Provide the MDDC Control Center's port. Default is 8892. |
MDDC_USER | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Define the information to initiate the administrator account. This account is to automatically do the following tasks:
|
Persistent storage is located at /opt/opswat/mddc-file-storage. If end-users require data to be retained across container lifecycles, they must mount a volume to this path with 777 permissions to ensure full read/write access for all processes.
Start MDDC File Storage container with docker run.
docker run -d --name mddc-file-storage \ -e MDDC_FILE_STORAGE_CONNECTION_KEY=<your_connection_key> \ -e MDDC_FILE_STORAGE_PORT=8890 \ -e MDDC_CONTROL_CENTER_HOST=<control-center_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -p 8890:8890 opswat/metadefender-distributed-cluster:file-storage-<version>-debian-123. MDDC Control Center
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_LAKE_DB_HOST | Optional | Provide the database host for Data Lake. In case that the end-user does not have the Data Lake, it's required to provide this variable to automate the database preparation. |
MDDC_LAKE_DB_PORT | Optional | Provide the database port for Data Lake. Default is 5432. |
MDDC_LAKE_DB_USER | Optional | Provide the database user for Data Lake. In case that the end-user does not have the Data Lake, it's required to provide this variable to automate the database preparation. |
MDDC_LAKE_DB_PASSWORD | Optional | Provide the database password for Data Lake. In case that the end-user does not have the Data Lake, it's required to provide this variable to automate the database preparation. |
MDDC_WAREHOUSE_DB_HOST | Optional | Provide the database host for Data Warehouse. In case that the end-user does not have the Data Warehouse, it's required to provide this variable to automate the database preparation. |
MDDC_WAREHOUSE_DB_PORT | Optional | Provide the database port for Data Warehouse. Default is 5432. |
MDDC_WAREHOUSE_DB_USER | Optional | Provide the database user for Data Warehouse. In case that the end-user does not have the Data Warehouse, it's required to provide this variable to automate the database preparation. |
MDDC_WAREHOUSE_DB_PASSWORD | Optional | Provide the database password for Data Warehouse. In case that the end-user does not have the Data Warehouse, it's required to provide this variable to automate the database preparation. |
MDDC_CACHE_HOST | Optional | Provide the caching host (Redis). |
MDDC_CACHE_PORT | Optional | Provide the caching port (Redis). |
MDDC_CACHE_USER | Optional | Provide the caching username (Redis). If the end-user does not provide it, Redis will be added without authentication. |
MDDC_CACHE_PASSWORD | Optional | Provide the caching password (Redis). If the end-user does not provide it, Redis will be added without authentication. Do not support double quotes ( |
MDDC_BROKER_HOST | Optional | Provide the broker host (RabbitMQ). |
MDDC_BROKER_PORT | Optional | Provide the broker port (RabbitMQ). |
MDDC_BROKER_USER | Optional | Provide the broker username (RabbitMQ). |
MDDC_BROKER_PASSWORD | Optional | Provide the broker password (RabbitMQ). |
MDDC_CONTROL_CENTER_DB_HOST | Required | Provide the database host for MDDC Control Center. |
MDDC_CONTROL_CENTER_DB_PORT | Optional | Provide the database port for MDDC Control Center. Default is 5432. |
MDDC_CONTROL_CENTER_DB_USER | Required | Provide the database username for MDDC Control Center. |
MDDC_CONTROL_CENTER_DB_PASSWORD | Required | Provide the database password for MDDC Control Center. |
MDDC_USER | Required | Provide the administrator account that is defined in MDDC Identity Service. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Provide the administrator account that is defined in MDDC Identity Service. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Provide the administrator account that is defined in MDDC Identity Service. This account is to automatically do the following tasks:
|
MDDC_IDENTITY_SERVICE_HOST | Required | Provide the MDDC Identity Service host in order to add it to MDDC Control Center. |
MDDC_IDENTITY_SERVICE_PORT | Optional | Provide the IMDDC dentity Service port in order to add it to MDDC Control Center. Default is 8891. |
MDDC_IDENTITY_SERVICE_CONNECTION_KEY | Required | Provide the MDDC Identity Service connection key in order to add it to MDDC Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_CONTROL_CENTER_ENCRYPTION_KEY | Required | Define the encryption key for communication between MDDC Control Center and the services. Must be 32 characters long and contain only lowercase letters (a–z) and digits (0–9). |
MDDC_CERT_PATH | Optional | Provide the directory path that contains the certificate and private key in order to enable https
Note: when provide this variable, it's supposed to mount this path to Note: In cases where SSL fails to enable due to the File Storage service not being ready, the end-user can either restart the MDDC Control Center or manually activate SSL as a workaround. |
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
Start MDDC Control Center container with Docker run.
docker run -d --name mddc-control-center \ -e MDDC_CONTROL_CENTER_DB_HOST=<your_postgre_host> \ -e MDDC_CONTROL_CENTER_DB_USER=<your_postgre_user> \ -e MDDC_CONTROL_CENTER_DB_PASSWORD=<your_postgre_password> \ -e MDDC_IDENTITY_SERVICE_HOST=<your_identity_service_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -e MDDC_IDENTITY_SERVICE_CONNECTION_KEY=<your_connection_key> \ -e MDDC_CONTROL_CENTER_ENCRYPTION_KEY=<your_encryption_key> \ -e MDDC_CERT_PATH=/certs \ -v /new-certificates:/certs \ -p 8892:8892 opswat/metadefender-distributed-cluster:control-center-<version>-debian-124. MDDC Worker for API Gateway
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_WORKER_CONNECTION_KEY | Required | Define the connection key in order to register to MDDC Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_WORKER_PORT | Optional | Define the expose worker's port. Default is 8893. |
MDDC_WORKER_HOST | Optional | Define the worker's host address. If it's not specified, it will get the container's internal IP address. |
MDDC_CONTROL_CENTER_HOST | Required | Provide the MDDC Control Center's host address. |
MDDC_CONTROL_CENTER_PORT | Optional | Provide the MDDC Control Center's port Default is 8892. |
MDDC_USER | Required | Provide the administrator account that is defined in MDDC Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Provide the administrator account that is defined in MDDC Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Provide the administrator account that is defined in MDDC Identity Service. This account is to automatically do the following tasks:
|
MDDC_API_GATEWAY_PORT | Optional | Define the expose port to scan files via MDDC API Gateway. Default is 8899. |
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
If multiple MDDC API Gateway containers are deployed on the same host, make sure their ports are configured to avoid conflicts.
Start MDDC Worker for MDDC API Gateway container with Docker run.
docker run -d --name mddc-worker-api-gateway \ -e MDDC_WORKER_CONNECTION_KEY=<your_connection_key> \ -e MDDC_WORKER_HOST=<your_worker_host_address> \ -e MDDC_CONTROL_CENTER_HOST=<your_control_center_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=<your_mddc_admin_password> \ -e MDDC_API_GATEWAY_PORT=8899 \ -p 8893:8893 -p 8899:8899 opswat/metadefender-distributed-cluster:worker-api-gateway-<version>-debian-125. MDDC Worker for Core
| Environment Variable | Necessity | Description |
|---|---|---|
MDDC_WORKER_CONNECTION_KEY | Required | Define the connection key in order to register to MDDC Control Center. Must be 4 to 64 characters long, using only letters and digits (0–9, a–z, A–Z). |
MDDC_WORKER_PORT | Optional | Define the expose worker's port. Default is 8893. |
MDDC_WORKER_HOST | Optional | Define the worker's host address. If it's not specified, it will get the container's internal IP address. |
MDDC_CONTROL_CENTER_HOST | Required | Provide the MDDC Control Center's host address. |
MDDC_CONTROL_CENTER_PORT | Optional | Provide the MDDC Control Center's port. Default is 8892. |
MDDC_USER | Required | Provide the administrator account that is defined in MDDC Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_PASSWORD | Required | Provide the administrator account that is defined in MDDC Identity Service. It can be optional if the end-user provides the MDDC_APIKEY. This account is to automatically do the following tasks:
|
MDDC_APIKEY | Optional | Provide the administrator account that is defined in MDDC Identity Service. This account is to automatically do the following tasks:
|
LOG_LEVEL | Optional | Define the log level.
Default value: Accepted values: |
MDDC_LICENSE_KEY | Optional | Provide the license key to activate MetaDefender Core. |
MDDC_LICENSE_DESCRIPTION | Optional | Define description of the license key. |
If multiple MetaDefender Core containers are deployed on the same host, make sure their ports and hosts are configured to avoid conflicts.
Start MDDC Worker for MetaDefender Core container with Docker run.
docker run -d --name mddc-worker-core \ -e MDDC_WORKER_CONNECTION_KEY=<your_connection_key> \ -e MDDC_WORKER_HOST=<your_core_host_address> \ -e MDDC_CONTROL_CENTER_HOST=<your_control_center_host_address> \ -e MDDC_USER=<your_mddc_admin_user> \ -e MDDC_PASSWORD=>your_mddc_admin_password> \ -p 8893:8893 opswat/metadefender-distributed-cluster:worker-core-<version>-debian-12Start MetaDefender Distributed Cluster with Docker Compose
- Create a local file named
docker-compose.yamland copy the following content to this file:
x
services redis rabbitmq postgres identity-service file-storage control-center worker-api-gateway worker-corenetworks ##Ensure to replace with your specific image tag- Prepare an environment variable file named
.env.exampleand provide with your own values - Run the application with the command:
docker compose up -dKnown limitation
- When the host experiences resource limitations or degraded performance, some containers may fail to start properly. In such cases, restarting the container is recommended to restore normal operation.
Was this page helpful?