Quick installation method
The easiest method to get started with Databunker is to start it as a standard Docker container with minimal parameters. In that case, it will use an internal built-in SQLite database to store encrypted records. This method is good for development and not recommended for production use.
- An external database is not required.
- You can use
DEMOas a root token.
- Suitable for local development.
- You just run it and it works.
- Just one container.
- A local SQLite database will be used to store encrypted records. SQLite is not built for network access.
- When the container is stopped all the data will be lost.
- No security.
DEMOis a root access token.
- Not recommended for production.
So, how to get up and running?
Run the service with the following command:
docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo
Databunker service will listen for connections on port
Now, you can open in your browser http://localhost:3000/ and get to the product user interface.
Note: if the Docker container is stopped or killed the data will be lost. To prevent the system from losing your data you will need to mount the data directory from your host machine inside this Databunker container and provide DATABUNKER_MASTERKEY that you can extract from a
dbunker container logs (run
docker logs dbunker). It is printed during service initialization.
Run the following commands:
mkdir ~/data chmod 0777 ~/data docker run -v ~/data:/databunker/data \ -p 3000:3000 \ -e DATABUNKER_MASTERKEY=< copy this value from docker log> \ --rm --name dbunker securitybunker/databunker demo
Running Databunker with docker-compose
This method will also start the MySQL database as an additional container and will configure Databunker to use MySQL as a storage for encrypted records. You can use the following commands:
./generate-env-files.sh docker-compose up -d
Now, you can open in your browser http://localhost:3000/
How does this work?
generate-env-files.sh command will generate all environment variables, generate random passwords, master key, and root token. All variables will be saved under
DATABUNKER_ROOTTOKEN variable will be saved in the
.env/databunker-root.env file. You can use this variable as a root token when calling Databunker API requests.
docker-compose up -d command will start all containers. The initial setup might take up to 30 seconds.
Automatic deployment in AWS cloud
We have built Terraform configuration files and Helm charts to deploy Databunker with all required components in AWS. Detailed instructions can be found here:
Step-by-step production installation
Start with backend server
For production installation, we recommend using MySQL backend storage. MySQL server will be used for the storage of encrypted user records. For that, you will need to have a MySQL server up and running. For example, you can spin MySQL as a Docker container or use a cloud MySQL version provided by Google Cloud and AWS, etc… Just make sure to create a database for storing Databunker records and create a database user to allow Databunker access to MySQL. Using the following command MySQL server will be started; it will create a
databunkerdb database for Databunker and create
bunkeruser for Databunker access to MySQL.
mkdir ~/data chmod 0777 ~/data docker run --restart unless-stopped \ -v ~/data:/var/lib/mysql \ -e MYSQL_ROOT_PASSWORD=SuperAdmin4 \ -e MYSQL_DATABASE=databunkerdb \ -e MYSQL_USER=bunkeruser \ -e MYSQL_PASSWORD=BunkerUserPassword4 \ --name=mysqlsrv -d mysql/mysql-server
Note: make sure to change the passwords above.
First Databunker initialization step
Before Databunker can serve user requests it needs to create all tables; generate a master encryption key if not provided; generate root access token if not provided. This process is called Databunker initialization. You will need to do it just for the first time.
Run the following command to initialize Databunker:
docker run --rm -it --link mysqlsrv \ -e MYSQL_HOST=mysqlsrv \ -e MYSQL_PORT=3306 \ -e MYSQL_USER_NAME=bunkeruser \ -e MYSQL_USER_PASS=BunkerUserPassword4 \ --entrypoint /bin/sh \ --name dbunker securitybunker/databunker \ -c '/databunker/bin/databunker -init -db databunkerdb -conf /databunker/conf/databunker.yaml'
In the command output, you will see the
Master key and
API Root token values.
Start the Databunker service
DATABUNKER_MASTERKEY you can start the Databunker service using the following command:
docker run --restart unless-stopped -d -p 3000:3000 \ --link mysqlsrv -e MYSQL_HOST=mysqlsrv \ -e DATABUNKER_MASTERKEY=8c9e892a1732881e14960f2b0437a720ad01ae47cd23baa7 \ -e MYSQL_PORT=3306 \ -e MYSQL_USER_NAME=bunkeruser \ -e MYSQL_USER_PASS=BunkerUserPassword4 \ --entrypoint /bin/sh \ --name dbunker securitybunker/databunker \ -c '/databunker/bin/databunker -db databunkerdb -conf /databunker/conf/databunker.yaml'
Databunker has a configuration file that you can alter to enable custom email gateway, SMS gateway configuration, service logo, etc…
There is a number of ways you can change the configuration file in the container, for example by creating your own Docker file. Another option is to create a configuration file outside of the container in conf/ directory and mount this directory in the container.
You can do it as following:
- Download the default configuration file and place it in ~/conf/ directory.
mkdir ~/conf curl https://raw.githubusercontent.com/securitybunker/databunker/master/databunker.yaml \ -o ~/conf/databunker.yaml
After that, you can alter the configuration file with your editor: ~/conf/databunker.yaml
Run container with the following additional command argument
For example, you can start Databunker as following:
docker run --restart unless-stopped -d -p 3000:3000 -v ~/conf:/databunker/conf \ --link mysqlsrv -e MYSQL_HOST=mysqlsrv \ -e DATABUNKER_MASTERKEY=8c9e892a1732881e14960f2b0437a720ad01ae47cd23baa7 \ -e MYSQL_PORT=3306 \ -e MYSQL_USER_NAME=bunkeruser \ -e MYSQL_USER_PASS=BunkerUserPassword4 \ --entrypoint /bin/sh \ --name dbunker securitybunker/databunker \ -c '/databunker/bin/databunker -db databunkerdb -conf /databunker/conf/databunker.yaml'
You can generate SSL certificates and place them in the
/databunker/certs directory in the running container.
For example, you can do this by mounting
/databunker/certs to a local ~/certs/ directory as:
cd ~ mkdir -p certs # generate certificates, check bellow docker run --restart unless-stopped -d -p 3000:3000 -v ~/conf:/databunker/conf -v ~/certs:/databunker/certs \ --link mysqlsrv -e MYSQL_HOST=mysqlsrv \ -e DATABUNKER_MASTERKEY=8c9e892a1732881e14960f2b0437a720ad01ae47cd23baa7 \ -e MYSQL_PORT=3306 \ -e MYSQL_USER_NAME=bunkeruser \ -e MYSQL_USER_PASS=BunkerUserPassword4 \ --entrypoint /bin/sh \ --name dbunker securitybunker/databunker \ -c '/databunker/bin/databunker -db databunkerdb -conf /databunker/conf/databunker.yaml'
So, you need to prepare server.cer and server.key files.
Generate self-signed certificates
You can do the following command to generate one:
cd ~ mkdir -p certs cd certs openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ -subj "/C=UK/ST=/L=London/O=Your-company Ltd./CN=databunker.your-company.com" \ -keyout server.key -out server.cer
Use certificates generated by Letsencrypt
Copy Letsencrypt generated file privkey.pem to ~/certs/server.key
Copy Letsencrypt generated file fullchain.pem file to ~/certs/server.cer
Create a test record
You can download and run a small test script that will create a user record, user app record, user consent, etc…
curl https://raw.githubusercontent.com/securitybunker/databunker/master/create-test-user.sh -o test.sh chmod 755 ./test.sh ./test.sh DEMO
DEMO is a root token. In your production environment is must be diferent.
You can now open browser at http://localhost:3000/
Use the following account details: