Initial commit: abyssVpn project
- Tauri desktop app (apps/desktop) - Python Django API service (services/api) - Deployment scripts and docs
This commit is contained in:
@@ -0,0 +1,76 @@
|
||||
services:
|
||||
|
||||
netmaker:
|
||||
container_name: netmaker
|
||||
image: gravitl/netmaker:$SERVER_IMAGE_TAG
|
||||
env_file: ./netmaker.env
|
||||
restart: always
|
||||
volumes:
|
||||
- dnsconfig:/root/config/dnsconfig
|
||||
- sqldata:/root/data
|
||||
environment:
|
||||
# config-dependant vars
|
||||
- STUN_SERVERS=stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302
|
||||
# The domain/host IP indicating the mq broker address
|
||||
- BROKER_ENDPOINT=wss://broker.${NM_DOMAIN} # For EMQX broker use `BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}/mqtt`
|
||||
# For EMQX broker (uncomment the two lines below)
|
||||
#- BROKER_TYPE=emqx
|
||||
#- EMQX_REST_ENDPOINT=http://mq:18083
|
||||
# The base domain of netmaker
|
||||
- SERVER_NAME=${NM_DOMAIN}
|
||||
- SERVER_API_CONN_STRING=api.${NM_DOMAIN}:443
|
||||
# Address of the CoreDNS server. Defaults to SERVER_HOST
|
||||
- COREDNS_ADDR=${SERVER_HOST}
|
||||
# Overrides SERVER_HOST if set. Useful for making HTTP available via different interfaces/networks.
|
||||
- SERVER_HTTP_HOST=api.${NM_DOMAIN}
|
||||
|
||||
netmaker-ui:
|
||||
container_name: netmaker-ui
|
||||
image: gravitl/netmaker-ui:$UI_IMAGE_TAG
|
||||
env_file: ./netmaker.env
|
||||
environment:
|
||||
# config-dependant vars
|
||||
# URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT
|
||||
BACKEND_URL: "https://api.${NM_DOMAIN}"
|
||||
depends_on:
|
||||
- netmaker
|
||||
links:
|
||||
- "netmaker:api"
|
||||
restart: always
|
||||
|
||||
caddy:
|
||||
image: caddy:2.8.4
|
||||
container_name: caddy
|
||||
env_file: ./netmaker.env
|
||||
restart: unless-stopped
|
||||
extra_hosts:
|
||||
- "host.docker.internal:host-gateway"
|
||||
volumes:
|
||||
- ./Caddyfile:/etc/caddy/Caddyfile
|
||||
- caddy_data:/data
|
||||
- caddy_conf:/config
|
||||
ports:
|
||||
- "80:80/tcp"
|
||||
- "443:443/tcp"
|
||||
- "50051:50051"
|
||||
mq:
|
||||
container_name: mq
|
||||
image: eclipse-mosquitto:2.0.15-openssl
|
||||
env_file: ./netmaker.env
|
||||
depends_on:
|
||||
- netmaker
|
||||
restart: unless-stopped
|
||||
command: [ "/mosquitto/config/wait.sh" ]
|
||||
volumes:
|
||||
- ./mosquitto.conf:/mosquitto/config/mosquitto.conf
|
||||
- ./wait.sh:/mosquitto/config/wait.sh
|
||||
- mosquitto_logs:/mosquitto/log
|
||||
- mosquitto_data:/mosquitto/data
|
||||
volumes:
|
||||
caddy_data: { } # runtime data for caddy
|
||||
caddy_conf: { } # configuration file for Caddy
|
||||
sqldata: { }
|
||||
dnsconfig: { } # storage for coredns
|
||||
mosquitto_logs: { } # storage for mqtt logs
|
||||
mosquitto_data: { } # storage for mqtt data
|
||||
|
||||
+34
@@ -0,0 +1,34 @@
|
||||
# Dashboard
|
||||
https://dashboard.{$NM_DOMAIN} {
|
||||
# Apply basic security headers
|
||||
header {
|
||||
# Enable cross origin access to *.{$NM_DOMAIN}
|
||||
Access-Control-Allow-Origin *.{$NM_DOMAIN}
|
||||
# Enable HTTP Strict Transport Security (HSTS)
|
||||
Strict-Transport-Security "max-age=31536000;"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
# Prevent search engines from indexing
|
||||
X-Robots-Tag "none"
|
||||
# Remove the server name
|
||||
-Server
|
||||
}
|
||||
|
||||
reverse_proxy http://netmaker-ui
|
||||
}
|
||||
|
||||
# API
|
||||
https://api.{$NM_DOMAIN} {
|
||||
reverse_proxy http://netmaker:8081
|
||||
}
|
||||
|
||||
# MQ
|
||||
broker.{$NM_DOMAIN} {
|
||||
@ws {
|
||||
header Connection *Upgrade*
|
||||
header Upgrade websocket
|
||||
}
|
||||
reverse_proxy @ws mq:8883 # For EMQX websockets use `reverse_proxy @ws mq:8083`
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
per_listener_settings false
|
||||
listener 8883
|
||||
protocol websockets
|
||||
allow_anonymous false
|
||||
|
||||
listener 1883
|
||||
protocol websockets
|
||||
allow_anonymous false
|
||||
|
||||
password_file /mosquitto/password.txt
|
||||
+18
@@ -0,0 +1,18 @@
|
||||
#!/bin/ash
|
||||
|
||||
encrypt_password() {
|
||||
echo "${MQ_USERNAME}:${MQ_PASSWORD}" > /mosquitto/password.txt
|
||||
mosquitto_passwd -U /mosquitto/password.txt
|
||||
}
|
||||
|
||||
main(){
|
||||
|
||||
encrypt_password
|
||||
echo "Starting MQ..."
|
||||
# Run the main container command.
|
||||
/docker-entrypoint.sh
|
||||
/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
|
||||
|
||||
}
|
||||
|
||||
main "${@}"
|
||||
@@ -0,0 +1,111 @@
|
||||
# Email used for SSL certificates
|
||||
NM_EMAIL=
|
||||
# The base domain of netmaker
|
||||
NM_DOMAIN=
|
||||
# Public IPv4 endpoint of machine
|
||||
SERVER_HOST=
|
||||
# Public IPv6 endpoint of machine
|
||||
SERVER_HOST6=
|
||||
# The admin master key for accessing the API. Change this in any production installation.
|
||||
MASTER_KEY=
|
||||
# The username to set for MQ access
|
||||
MQ_USERNAME=
|
||||
# The password to set for MQ access
|
||||
MQ_PASSWORD=
|
||||
INSTALL_TYPE=
|
||||
NETMAKER_TENANT_ID=
|
||||
LICENSE_KEY=
|
||||
SERVER_IMAGE_TAG=
|
||||
UI_IMAGE_TAG=
|
||||
# used for HA - identifies this server vs other servers if unset uses host_name
|
||||
HOST_NAME=
|
||||
METRICS_EXPORTER=off
|
||||
#metrics exporter secret
|
||||
METRICS_SECRET=
|
||||
#metrics exporter user
|
||||
METRICS_USERNAME=netmaker
|
||||
# Enables DNS Mode, meaning all nodes will set hosts file for private dns settings
|
||||
DNS_MODE=on
|
||||
# Enable auto update of netclient ? ENUM:- enabled,disabled | default=enabled
|
||||
NETCLIENT_AUTO_UPDATE=enabled
|
||||
# The HTTP API port for Netmaker. Used for API calls / communication from front end.
|
||||
# If changed, need to change port of BACKEND_URL for netmaker-ui.
|
||||
API_PORT=8081
|
||||
EXPORTER_API_PORT=8085
|
||||
# The "allowed origin" for API requests. Change to restrict where API requests can come from with comma-separated
|
||||
# URLs. ex:- https://dashboard.netmaker.domain1.com,https://dashboard.netmaker.domain2.com
|
||||
CORS_ALLOWED_ORIGIN=*
|
||||
# Show keys permanently in UI (until deleted) as opposed to 1-time display.
|
||||
DISPLAY_KEYS=on
|
||||
# Database to use - sqlite, postgres
|
||||
DATABASE=sqlite
|
||||
# The address of the mq server. If running from docker compose it will be "mq". Otherwise, need to input address.
|
||||
# If using "host networking", it will find and detect the IP of the mq container.
|
||||
# For EMQX websockets use `SERVER_BROKER_ENDPOINT=ws://mq:8083/mqtt`
|
||||
SERVER_BROKER_ENDPOINT=ws://mq:1883
|
||||
# Logging verbosity level - 1, 2, or 3
|
||||
VERBOSITY=1
|
||||
DEBUG_MODE=off
|
||||
# Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST).
|
||||
REST_BACKEND=on
|
||||
# If turned "on", Server will not set Host based on remote IP check.
|
||||
# This is already overridden if SERVER_HOST is set. Turned "off" by default.
|
||||
DISABLE_REMOTE_IP_CHECK=off
|
||||
# Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.
|
||||
TELEMETRY=on
|
||||
###
|
||||
#
|
||||
# OAuth section
|
||||
#
|
||||
###
|
||||
# only mentioned domains will be allowded to signup using oauth, by default all domains are allowed
|
||||
ALLOWED_EMAIL_DOMAINS=*
|
||||
# "<azure-ad|github|google|oidc>"
|
||||
AUTH_PROVIDER=
|
||||
# "<client id of your oauth provider>"
|
||||
CLIENT_ID=
|
||||
# "<client secret of your oauth provider>"
|
||||
CLIENT_SECRET=
|
||||
# "https://dashboard.<netmaker base domain>"
|
||||
FRONTEND_URL=
|
||||
# "<only for azure, you may optionally specify the tenant for the OAuth>"
|
||||
AZURE_TENANT=
|
||||
# https://oidc.yourprovider.com - URL of oidc provider
|
||||
OIDC_ISSUER=
|
||||
# Duration of JWT token validity in seconds
|
||||
JWT_VALIDITY_DURATION=43200
|
||||
# Allow a user to connect to multiple networks simultaneously
|
||||
RAC_RESTRICT_TO_SINGLE_NETWORK=false
|
||||
# if turned on data will be cached on to improve performance significantly (IMPORTANT: If HA set to `false` )
|
||||
CACHING_ENABLED=true
|
||||
# if turned on netclient checks if peers are reachable over private/LAN address, and choose that as peer endpoint
|
||||
ENDPOINT_DETECTION=true
|
||||
# config for sending emails
|
||||
# mail server host
|
||||
SMTP_HOST=smtp.gmail.com
|
||||
# mail server port
|
||||
SMTP_PORT=587
|
||||
# sender email
|
||||
EMAIL_SENDER_ADDR=
|
||||
# sender smtp user, if unset sender email will be used
|
||||
EMAIL_SENDER_USER=
|
||||
# sender smtp password
|
||||
EMAIL_SENDER_PASSWORD=
|
||||
# default domain for internal DNS lookup
|
||||
DEFAULT_DOMAIN=nm.internal
|
||||
# managed dns setting, set to true to resolve dns entries on netmaker network
|
||||
MANAGE_DNS=true
|
||||
# set to true, old acl is supported, otherwise, old acl is disabled
|
||||
OLD_ACL_SUPPORT=true
|
||||
# if STUN is set to true, hole punch is called
|
||||
STUN=true
|
||||
# Metrics Collection Port
|
||||
METRICS_PORT=51821
|
||||
# Metrics Collection interval in minutes
|
||||
PUBLISH_METRIC_INTERVAL=15
|
||||
PROMETHEUS_HOST=http://prometheus:9090 #https://prometheus.${NM_DOMAIN}
|
||||
NETMAKER_METRICS_TARGET=http://netmaker-exporter:8085 #https://netmaker-exporter.${NM_DOMAIN}
|
||||
METRICS_SECRET=
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user