SignServer without Database
It is possible to operate SignServer without a database management system and instead rely on SignServer to manage persistence using local files.
Note that all features of SignServer are not supported without having a database and the performance and scalability characteristics might differ. Features not available without database:
Audit logging to database / database protection
Archiving to database
Key wrapping
To increase throughput it is recommended to disable the key usage counter, as every request would otherwise have to lock and update that file. For more information, see the property DISABLEKEYUSAGECOUNTER in the section Limiting the number of signatures.
Upgrading to a later version should generally be handled automatically during the first startup. Review Upgrade SignServer and SignServer Upgrade Notes and create a backup of the file-based database files before attempting to run a later version.
Configuration
For all steps included in installing SignServer, see Install SignServer.
The following section highlights configuring deployment properties when running SignServer without a database.
Deployment Properties
To run SignServer without a database, set database.name to nodb in the signserver_deploy.properties
file:
database.name=nodb
Set the location for the local file-based database:
database.nodb.location=/opt/signserver/nodb
Ensure to specify a path to a location where SignServer can write files. The default value is empty. If a relative path is used, it is most likely relative to the application server's working directory. The directory should either point to an existing SignServer file database, or be completely empty. If the directory is empty, SignServer will create the initial database structure at startup.
mkdir /opt/signserver/nodb
Structure of Data
The file-based database uses a number of files in the specified directory. Read/write synchronization is handled internally in the application and it is thus not supported to manually change files while the application server is running. Generally, it is neither supported to have multiple application servers running with SignServer using the same database directory.
Migrating to/from Database
When migrating either to or from another database management system, without setting up all worker configurations from scratch, it is recommended to use the admin command dumpproperties
to dump the current configuration to a file, and then on the new system use setproperties
followed by the reload
command for every worker id.
Note that the dumpproperties
command will not include the list of authorized clients and these need to be set up again in the new system. To check for authorized clients, run the admin command listauthorizedclients.