Comment on page
git clone https://github.com/DefGuard/deployment.git && cd deployment
In docker-compose directory you'll find a template env file called
.env.template. Copy it:
cp .env.template .env
And then edit the values in
.envfile to setup your secrets. Those should be kept... well, secret.
You can generate random strings for secrets with e.g.:
openssl rand -base64 55 | tr -d "=+/" | tr -d '\n' | cut -c1-63
It's crytically important to ensure SSL encryption between Defguard and gRPC client services (e.g. Gateway and Enrollment services). You should only skip this step if you plan to have a reverse proxy in between that adds encryption itself.
You'll need a valid:
- CA certificate (defguard-ca.pem) - used by gRPC clients for Defguard identity verification & encryption
- Certificate for Defguard signed by CA (defguard.crt) - used by Defguard to serve gRPC services
- Private key for Defguard (defguard.key) - used by Defguard for encryption
Put the certificates in .volumes/ssl directory.
Once that's done you can start the stack with:
- 1.Create volume directory:
mkdir -p .volumes/core
- 2.Generate RSA keys:
openssl genpkey -out .volumes/core/rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
- 3.Add environment variable and mount the volume in docker-compose core service