2021-08-10 22:02:15 +08:00
===============
2021-07-28 21:31:18 +08:00
Quick Install
2021-08-10 22:02:15 +08:00
===============
2021-05-26 05:57:06 +08:00
2021-08-10 22:02:15 +08:00
This quick start guide is an **opinionated** guide for getting up and running with Netmaker as quickly as possible.
2021-05-26 05:57:06 +08:00
2021-10-04 03:50:22 +08:00
If just trialing netmaker, you may also want to check out the 3-minute PoC install of Netmaker in the README on GitHub. The following is just a guided version of that script, plus a custom domain (instead of nip.io): https://github.com/gravitl/netmaker .
Introduction
2021-08-10 22:02:15 +08:00
==================
2021-07-28 21:31:18 +08:00
2021-09-24 00:01:12 +08:00
We assume for this installation that you want all of the Netmaker features enabled, you want your server to be secure, and you want your server to be accessible from anywhere.
2021-05-26 05:57:06 +08:00
2021-09-24 00:01:12 +08:00
This instance will not be HA. However, it should comfortably handle around one hundred concurrent clients and support the most common use cases.
2021-08-10 22:02:15 +08:00
2021-09-24 00:01:12 +08:00
If you are deploying for a business or enterprise use case and this setup will not fit your needs, please contact info@gravitl.com, or check out the business subscription plans at https://gravitl.com/plans/business.
2021-05-26 05:57:06 +08:00
2021-10-04 03:50:22 +08:00
By the end of this guide, you will have Netmaker installed on a public VM linked to your custom domain, secured behind a Caddy reverse proxy.
2021-07-28 21:31:18 +08:00
2021-09-24 00:01:12 +08:00
For information about deploying more advanced configurations, see the :doc: `Advanced Installation <./server-installation>` docs.
2021-08-10 22:02:15 +08:00
2021-10-04 03:50:22 +08:00
0. Prerequisites
2021-05-26 05:57:06 +08:00
==================
2021-07-28 21:31:18 +08:00
- **Virtual Machine**
- Preferably from a cloud provider (e.x: DigitalOcean, Linode, AWS, GCP, etc.)
2021-10-04 03:50:22 +08:00
- (We do not recommend Oracle Cloud, as VM's here have been known to cause network interference.)
2021-07-28 21:31:18 +08:00
- Public, static IP
2021-10-04 03:50:22 +08:00
- Min 1GB RAM, 1 CPU (4GB RAM, 2CPU preferred for production installs)
2021-09-23 05:48:39 +08:00
- 2GB+ of storage
2021-10-04 03:50:22 +08:00
2021-07-28 21:31:18 +08:00
- Ubuntu 20.04 Installed
- **Domain**
- A publicly owned domain (e.x. example.com, mysite.biz)
- Permission and access to modify DNS records via DNS service (e.x: Route53)
2021-10-04 03:50:22 +08:00
1. Prepare DNS
================
2021-07-28 21:31:18 +08:00
2022-01-18 00:28:28 +08:00
Create a wildcard A record pointing to the public IP of your VM. As an example, \*.netmaker.example.com.
2021-07-29 00:56:55 +08:00
2021-10-04 03:50:22 +08:00
Caddy will create 3 subdomains with this wildcard, EX:
2021-07-28 21:31:18 +08:00
2021-08-10 22:02:15 +08:00
- dashboard.netmaker.example.com
2021-07-28 21:31:18 +08:00
2021-08-10 22:02:15 +08:00
- api.netmaker.example.com
2021-07-28 21:31:18 +08:00
2021-08-10 22:02:15 +08:00
- grpc.netmaker.example.com
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
2. Install Dependencies
========================
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
.. code-block ::
2021-10-04 04:02:31 +08:00
2021-10-04 03:50:22 +08:00
ssh root@your-host
sudo apt-get update
2021-10-07 06:24:38 +08:00
sudo apt-get install -y docker.io docker-compose wireguard
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
At this point you should have all the system dependencies you need.
3. Open Firewall
===============================
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
Make sure firewall settings are set for Netmaker both on the VM and with your cloud security groups (AWS, GCP, etc).
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
Make sure the following ports are open both on the VM and in the cloud security groups:
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
- **443 (tcp):** for Dashboard, REST API, and gRPC
2022-02-09 22:06:46 +08:00
- **80 (tcp):** for LetsEncrypt
- **53 (udp and tcp):** for CoreDNS - This is no longer necessary as of 0.10.0, as by default DNS queries will run over WireGuard.
2021-10-04 03:50:22 +08:00
- **51821-518XX (udp):** for WireGuard - Netmaker needs one port per network, starting with 51821, so open up a range depending on the number of networks you plan on having. For instance, 51821-51830.
2021-08-11 11:27:13 +08:00
.. code-block ::
2021-10-04 03:50:22 +08:00
sudo ufw allow proto tcp from any to any port 443 && sudo ufw allow 53/udp && sudo ufw allow 53/tcp && sudo ufw allow 51821:51830/udp
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
**Again, based on your cloud provider, you may additionally need to set inbound security rules for your server (for instance, on AWS). This will be dependent on your cloud provider. Be sure to check before moving on:**
2021-07-29 01:35:41 +08:00
- allow 443/tcp from all
2022-02-09 22:06:46 +08:00
- allow 80/tcp from all
- (optional) allow 53/udp and 53/tcp from all
2021-10-04 03:50:22 +08:00
- allow 51821-51830/udp from all
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
4. Install Netmaker
========================
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
Prepare Docker Compose
------------------------
2021-07-29 01:35:41 +08:00
2022-02-09 22:06:46 +08:00
**Note 1 on COREDNS_IP:** As of 0.10.0, the default installation does not require COREDNS_IP to be set. Queries will run over WireGuard.
**Note 2 on COREDNS_IP:** Depending on your cloud provider, the public IP may not be bound directly to the VM on which you are running. In such cases, CoreDNS cannot bind to this IP, and you should use the IP of the default interface on your machine in place of COREDNS_IP. This command will get you the correct IP for CoreDNS in many cases:
2021-07-28 21:31:18 +08:00
2021-08-11 11:27:13 +08:00
.. code-block ::
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
ip route get 1 | sed -n 's/^.*src \([0-9.]* \) .*$/\1/p'
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
Now, insert the values for your base (wildcard) domain, public ip, and coredns ip.
2021-09-24 00:01:12 +08:00
2021-08-11 11:27:13 +08:00
.. code-block ::
2021-07-29 02:13:37 +08:00
2021-11-17 21:21:30 +08:00
wget -O docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.contained.yml
2021-09-24 00:01:12 +08:00
sed -i 's/NETMAKER_BASE_DOMAIN/<your base domain>/g' docker-compose.yml
sed -i 's/SERVER_PUBLIC_IP/<your server ip>/g' docker-compose.yml
2021-10-04 03:50:22 +08:00
sed -i 's/COREDNS_IP/<default interface ip>/g' docker-compose.yml
2021-07-28 21:31:18 +08:00
Generate a unique master key and insert it:
2021-07-29 02:13:37 +08:00
2021-08-11 11:27:13 +08:00
.. code-block ::
2021-07-29 02:13:37 +08:00
2021-08-11 11:27:13 +08:00
tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo ''
2021-09-24 00:01:12 +08:00
sed -i 's/REPLACE_MASTER_KEY/<your generated key>/g' docker-compose.yml
You may want to save this key for future use with the API.
2021-07-28 21:31:18 +08:00
2021-10-04 03:50:22 +08:00
Prepare Caddy
------------------------
.. code-block ::
2021-11-17 21:21:30 +08:00
wget -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile
2021-10-04 03:50:22 +08:00
sed -i 's/NETMAKER_BASE_DOMAIN/<your base domain>/g' /root/Caddyfile
sed -i 's/YOUR_EMAIL/<your email>/g' /root/Caddyfile
2022-02-09 22:06:46 +08:00
Prepare MQ
------------------------
You must retrieve the MQ configuration file for Mosquitto.
.. code-block ::
wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf
2021-07-28 21:31:18 +08:00
Start Netmaker
----------------
2021-07-29 02:13:37 +08:00
2021-10-04 03:50:22 +08:00
`` sudo docker-compose up -d ``
2021-07-28 21:31:18 +08:00
2021-10-04 19:16:13 +08:00
navigate to dashboard.<your base domain> to begin using Netmaker.
2021-08-10 07:09:32 +08:00
2021-08-10 22:02:15 +08:00
To troubleshoot issues, start with:
2021-08-10 07:09:32 +08:00
`` docker logs netmaker ``
2021-08-20 08:57:19 +08:00
Or check out the :doc: `troubleshoooting docs <./troubleshoot>` .