DataMasque Installation on a Linux Server
This guide describes the process for deploying DataMasque with Docker Compose on a Linux server.
- System requirements
- Installing DataMasque
- Upgrading DataMasque
- Troubleshooting and maintenance
Supported Operating Systems:
- Ubuntu 18.04 or 20.04 LTS, x86 64-bit
- Red Hat Enterprise Linux (RHEL) 7 or 8, x86 64-bit
8 GiB RAM
40 GiB total disk space
Free space: DataMasque requires at least 6GB of free space inside the Docker root directory before install or upgrade. By default, the Docker root directory is
A static external IP or hostname
Ingress requests allowed on port
443(and optionally port
- These ports are used to serve DataMasque's web interface.
- If HTTP traffic is allowed on port
80, it will be automatically upgraded to HTTPS on port
For admin access (SSH), ingress requests allowed on port
Client web browser: Google Chrome 85 or above
- Docker 19.03 to 25.0.0 (Ubuntu and RHEL) or Podman 4.4.1 to 5.0 (RHEL only)
- Docker Compose 1.17 to 1.29
DataMasque is a container-based application and runs on both the Docker and Podman container managers. Follow one of the links below according to which container manager you are using.
It is recommended that you take backups of all rulesets, connections and uploaded files before upgrading your DataMasque instance.
To upgrade your DataMasque instance, extract the new DataMasque Docker Compose package,
and run the included installation script with the
tar -xvzf datamasque-docker-v<version>.pkg
sudo ./install.sh --upgrade
Note: If your user belongs to the
datamasquegroups, root privilege escalation via
sudois not necessary for Docker installations.
For installations with Podman:
sudo ./install.sh --podman --upgrade
Troubleshooting and maintenance
See the General Troubleshooting and Maintenance page.
- Scaling: If you intend to run masking tasks in parallel or to perform multiple masking runs simultaneously, you should ensure your system has 1 vCPU and at least 1 GiB of RAM per concurrent masking task.
- Network and I/O: Refer to Network and I/O best practices for server networking recommendations.
- Host security: Deploy DataMasque on a dedicated VM/server with appropriate access control and enable host filesystem encryption.
Starting DataMasque automatically on boot
DataMasque's containers are configured with Docker Compose to always restart, so DataMasque will start automatically after system boot if the Docker daemon is configured to start on boot (which is the default configuration for a standard installation of Docker). For more information on configuring Docker to start on boot, refer to: https://docs.docker.com/engine/install/linux-postinstall/#configure-docker-to-start-on-boot-with-systemd.
It is recommended to take regular backups of your DataMasque EC2 instance. It is also recommended to periodically save copies of your Run Logs, as well as Ruleset and Connection configurations.