Docker Compose
If you want to customize your Docker installation manually, we prepared a git repository with a base docker-compose configuration. Clone it:
In docker-compose directory you'll find a template env file called .env.template
. Copy it:
And then edit the values in .env
file to setup your secrets. Those should be kept... well, secret. For more info on available configuration options see Configuration.
You can generate random strings for secrets with e.g.:
openssl rand -base64 55 | tr -d "=+/" | tr -d '\n' | cut -c1-63
gRPC SSL setup
It's crytically important to ensure SSL encryption between Defguard and gRPC client services (e.g. Gateway and Enrollment services). You should only skip this step if you plan to have a reverse proxy in between that adds encryption itself.
You'll need a valid:
CA certificate (defguard-ca.pem) - used by gRPC clients for Defguard identity verification & encryption
Certificate for Defguard signed by CA (defguard.crt) - used by Defguard to serve gRPC services
Private key for Defguard (defguard.key) - used by Defguard for encryption
Here is a good tutorial on how to generate a self-signed certificate.
Put the certificates in .volumes/ssl directory.
Once that's done you can start the stack with:
Make sure you have Docker and Docker Compose installed.
That's it, Defguard should be running on port 80 of your server (http://localhost if you're running locally).
OpenID RSA setup
By default Defguard uses HMAC algorithm for OIDC token validation. If you want to use RSA, you'll have to:
Create volume directory:
Generate RSA keys:
Add environment variable and mount the volume in docker-compose core service
LDAP
To setup LDAP integration, you'll have to configure environment variables for core service. You'll find more info on how to do this here.
Last updated