Linux Deployments

This page describes in detail how you can achieve the following tasks:

  • Use an external PostgreSQL server instead of the built-in database
  • Configure HTTPS communication for the web server
  • Install MetaDefender Storage Security on a different disk

Use an external database

Production deployments of MetaDefender Storage Security should ensure high availability and/or load-balancing at the database level by using an external PostgreSQL (or any compatible service) instead of the built-in database that is included with the basic installation.

We recommend using a version of PostgreSQL that is the same as the built-in database version from this page.

How to setup an external PostgreSQL in MetaDefender Storage Security

The following steps should be performed before initializing MetaDefender Storage Security for the first time (i.e before the mdss -u init command from the Installation Methods).

These steps can be performed after the installation or at any other time but the existing data (if any) will be lost. In this case, the last step should be replaced with a restart instead of a start command.
  1. Ensure that your external PostgreSQL is properly configured and ready to accept remote connections

Note: it is recommended to setup access control for your external database as well as taking the necessary network security measures to ensure that only the server running MetaDefender Storage Security can access the database.

  1. Locate the configuration file created by the installer in /etc/mdss/customer.env
  2. Add the following configuration line:
Copy
  1. Please check the connection string documentation for more information. Make sure you add "mdss" as the target database as shown in the example above.
  2. Save the file.
  3. Initialize MetaDefender Storage Security by running the following command:
Copy
  1. Return to the steps in Installation Methods and continue the installation.

PostgreSQL SSL Configuration

To enable SSL/TLS certificate validation for the PostgreSQL connection, update the POSTGRESQL_URL variable in the customer.env file.

File Location

By default, the customer.env file is located at:

C:\Program Files\OPSWAT\MetaDefender Storage Security\config

The installer creates this file automatically.

Configuring POSTGRESQL_URL

The POSTGRESQL_URL variable can include additional parameters for SSL/TLS. By default SSL Mode is set to "prefer".

customer.env
Copy

SSL Mode Options

prefer (default): Attempts to connect using SSL. If SSL fails, falls back to unencrypted. No certificate validation.

require: Requires SSL encryption. Certificate validation is skipped — allows self-signed, expired, or otherwise invalid certifications.

verify-full: Requires SSL and performs full certificate validation, including hostname match and trusted CA.

Important Notes

• If certificate validation is required, use verify-full and provide a valid CA-signed certificate via the Root Certificate parameter.

• If using a self-signed or otherwise invalid certificate, use require, which skips validation but still encrypts the connection.

• The Root Certificate must point to the CA file if using verify-ca or verify-full.

How to modify it

Set the parameter in your customer.env file. Please find here more details on how to update the configuration file.

PostgreSQL advanced setup

For special use cases you may need to backup your database or restore it. MetaDefender Storage Security allows you to do this by using the following commands

Copy

Running this command will create a dump file in /etc/mdss/db_[...].tar this file can be use afterwards as a restore file using the import command:

Copy

Product versions 3.4.2 and above do not support importing databases from earlier versions (less than 3.4.2). When using the import_db utility on these versions, it will automatically restore the database from the most recent backup file named db_[...].tar.

Data corruption may occur if the MDSS service is running during database import.

Follow these steps:

1. Stop the service: mdss -c stop 2. Verify it's stopped: mdss -c status 3. Import your database 4. Restart the service: mdss -c start

Allow 30 seconds between stop and start commands.

Failure to follow this procedure may result in data loss.

Configure HTTPS communication for the web server

Production deployments should ensure that any HTTP traffic between clients (browsers or other API client) and MetaDefender Storage Security is encrypted using HTTPS.

Click here for detailed instructions on how to setup a certificate for NGINX web server.

Install MetaDefender Storage Security on a different disk

The following steps should be performed before initializing MetaDefender Storage Security for the first time (i.e before the mdss -u init command from the Linux Installation).

These steps should be performed right after the installation of Docker so that no data is lost.
  1. First make sure Docker is not running and the default directory is clean
  2. Remove existing images and volumes
Copy
  1. Stop Docker
Copy
  1. Remove the default Docker location
Copy
  1. Create a new empty directory in the default location
Copy
  1. Create a new empty directory on the new partition
Copy
  1. Mount the new location in the default directory
Copy
  1. Start back the docker service
Copy
  1. Initialize MetaDefender Storage Security by running the following command:
Copy
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Installation Methods
On This Page
Linux DeploymentsUse an external databaseHow to setup an external PostgreSQL in MetaDefender Storage SecurityPostgreSQL SSL ConfigurationFile LocationConfiguring POSTGRESQL_URLSSL Mode OptionsImportant NotesHow to modify itPostgreSQL advanced setupConfigure HTTPS communication for the web serverInstall MetaDefender Storage Security on a different disk