Comment on page
Docker Compose
If you want to customize your Docker installation manually, we prepared a git repository with a base docker-compose configuration. Clone it:
git clone https://github.com/DefGuard/deployment.git && cd deployment
In docker-compose directory you'll find a template env file called
.env.template. Copy it:cd docker-compose
cp .env.template .env
And then edit the values in
.env file to setup your secrets. Those should be kept... well, secret.You can generate random strings for secrets with e.g.:
openssl rand -base64 55 | tr -d "=+/" | tr -d '\n' | cut -c1-63It's crytically important to ensure SSL encryption between Defguard and gRPC client services (e.g. Gateway and Enrollment services). You should only skip this step if you plan to have a reverse proxy in between that adds encryption itself.
You'll need a valid:
- CA certificate (defguard-ca.pem) - used by gRPC clients for Defguard identity verification & encryption
- Certificate for Defguard signed by CA (defguard.crt) - used by Defguard to serve gRPC services
- Private key for Defguard (defguard.key) - used by Defguard for encryption
Put the certificates in .volumes/ssl directory.
Once that's done you can start the stack with:
docker-compose up
That's it, Defguard should be running on port 80 of your server (http://localhost if you're running locally).
- 1.Create volume directory:
mkdir -p .volumes/core
- 2.Generate RSA keys:
openssl genpkey -out .volumes/core/rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
- 3.Add environment variable and mount the volume in docker-compose core service
core:
...
environment:
...
DEFGUARD_OPENID_KEY: /keys/rsakey.pem
...
volumes:
- ./.volumes/core/rsakey.pem:/keys/rsakey.pem
To setup LDAP integration, you'll have to configure environment variables for core service. You'll find more info on how to do this here.
Last modified 2mo ago