86 lines
3.5 KiB
YAML
86 lines
3.5 KiB
YAML
services:
|
|
db:
|
|
image: postgres:15-alpine
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_DB: defguard
|
|
POSTGRES_USER: defguard
|
|
POSTGRES_PASSWORD: ${DEFGUARD_DB_PASSWORD}
|
|
volumes:
|
|
- ${VOLUME_DIR:-./.volumes}/db:/var/lib/postgresql/data
|
|
# ports:
|
|
# - "5432:5432"
|
|
|
|
|
|
core:
|
|
image: ghcr.io/defguard/defguard:${CORE_IMAGE_TAG:-latest}
|
|
restart: unless-stopped
|
|
environment:
|
|
DEFGUARD_AUTH_SECRET: ${DEFGUARD_AUTH_SECRET}
|
|
DEFGUARD_GATEWAY_SECRET: ${DEFGUARD_GATEWAY_SECRET}
|
|
DEFGUARD_YUBIBRIDGE_SECRET: ${DEFGUARD_YUBIBRIDGE_SECRET}
|
|
DEFGUARD_SECRET_KEY: ${DEFGUARD_SECRET_KEY}
|
|
DEFGUARD_DEFAULT_ADMIN_PASSWORD: ${DEFGUARD_DEFAULT_ADMIN_PASSWORD}
|
|
DEFGUARD_DB_HOST: db
|
|
DEFGUARD_DB_PORT: 5432
|
|
DEFGUARD_DB_USER: defguard
|
|
DEFGUARD_DB_PASSWORD: ${DEFGUARD_DB_PASSWORD}
|
|
DEFGUARD_DB_NAME: defguard
|
|
DEFGUARD_URL: ${DEFGUARD_URL}
|
|
DEFGUARD_LOG_LEVEL: info
|
|
DEFGUARD_WEBAUTHN_RP_ID: ${DEFGUARD_WEBAUTHN_RP_ID}
|
|
DEFGUARD_COOKIE_INSECURE: ${DEFGUARD_COOKIE_INSECURE:-false}
|
|
DEFGUARD_ENROLLMENT_URL: ${DEFGUARD_ENROLLMENT_URL} # [ENROLLMENT]
|
|
DEFGUARD_PROXY_URL: http://proxy:50052 # [ENROLLMENT]
|
|
DEFGUARD_PROXY_GRPC_CA: /ssl/defguard-ca.pem # [ENROLLMENT]
|
|
DEFGUARD_GRPC_CERT: /ssl/defguard-grpc.crt
|
|
DEFGUARD_GRPC_KEY: /ssl/defguard-grpc.key
|
|
## RSA setup guide: https://defguard.gitbook.io/defguard/community-features/setting-up-your-instance/docker-compose#openid-rsa-setup
|
|
DEFGUARD_OPENID_KEY: /keys/rsakey.pem
|
|
## LDAP setup guide: https://defguard.gitbook.io/defguard/features/ldap-synchronization-setup
|
|
# DEFGUARD_LDAP_URL: ldap://localhost:389 # [LDAP]
|
|
# DEFGUARD_LDAP_BIND_USERNAME: cn=admin,dc=example,dc=org # [LDAP]
|
|
# DEFGUARD_LDAP_BIND_PASSWORD: password # [LDAP]
|
|
ports:
|
|
# web
|
|
- "8850:8000"
|
|
# grpc
|
|
- "50055:50055"
|
|
depends_on:
|
|
- db
|
|
volumes:
|
|
# SSL setup guide: https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#ssl-setup
|
|
- ${VOLUME_DIR:-./.volumes}/ssl:/ssl
|
|
## RSA setup guide: https://defguard.gitbook.io/defguard/community-features/setting-up-your-instance/docker-compose#openid-rsa-setup
|
|
- ${VOLUME_DIR:-./.volumes}/core/rsakey.pem:/keys/rsakey.pem
|
|
proxy: # [ENROLLMENT]
|
|
image: ghcr.io/defguard/defguard-proxy:${PROXY_IMAGE_TAG:-latest} # [ENROLLMENT]
|
|
restart: unless-stopped # [ENROLLMENT]
|
|
environment: # [ENROLLMENT]
|
|
DEFGUARD_PROXY_GRPC_PORT: 50052 # [ENROLLMENT]
|
|
DEFGUARD_PROXY_GRPC_CERT: /ssl/defguard-proxy-grpc.crt # [ENROLLMENT]
|
|
DEFGUARD_PROXY_GRPC_KEY: /ssl/defguard-proxy-grpc.key # [ENROLLMENT]
|
|
volumes: # [ENROLLMENT]
|
|
# SSL setup guide: https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#ssl-setup
|
|
- ${VOLUME_DIR:-./.volumes}/ssl:/ssl # [ENROLLMENT]
|
|
ports:
|
|
# web
|
|
- "8080:8080"
|
|
depends_on: # [ENROLLMENT]
|
|
- core # [ENROLLMENT]
|
|
|
|
gateway:
|
|
image: ghcr.io/defguard/gateway:${GATEWAY_IMAGE_TAG:-latest}
|
|
restart: unless-stopped
|
|
network_mode: "host"
|
|
environment:
|
|
DEFGUARD_GRPC_URL: https://localhost:50055
|
|
DEFGUARD_GRPC_CA: /ssl/defguard-ca.pem
|
|
DEFGUARD_STATS_PERIOD: 30
|
|
DEFGUARD_TOKEN: ${DEFGUARD_TOKEN}
|
|
volumes:
|
|
# SSL setup guide: https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#ssl-setup
|
|
- ${VOLUME_DIR:-./.volumes}/ssl:/ssl
|
|
cap_add:
|
|
- NET_ADMIN
|