netmaker/compose/docker-compose.yml

version: "3.4"

services:
  netmaker:
    container_name: netmaker
    image: gravitl/netmaker:v0.15.1
    cap_add: 
      - NET_ADMIN
      - NET_RAW
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
    restart: always
    volumes:
      - dnsconfig:/root/config/dnsconfig
      - sqldata:/root/data
      - shared_certs:/etc/netmaker
    environment:
      SERVER_NAME: "broker.NETMAKER_BASE_DOMAIN"
      SERVER_HOST: "SERVER_PUBLIC_IP"
      SERVER_API_CONN_STRING: "api.NETMAKER_BASE_DOMAIN:443"
      COREDNS_ADDR: "SERVER_PUBLIC_IP"
      DNS_MODE: "on"
      SERVER_HTTP_HOST: "api.NETMAKER_BASE_DOMAIN"
      API_PORT: "8081"
      CLIENT_MODE: "on"
      MASTER_KEY: "REPLACE_MASTER_KEY"
      CORS_ALLOWED_ORIGIN: "*"
      DISPLAY_KEYS: "on"
      DATABASE: "sqlite"
      NODE_ID: "netmaker-server-1"
      MQ_HOST: "mq"
      MQ_PORT: "443"
      MQ_SERVER_PORT: "1883"
      HOST_NETWORK: "off"
      VERBOSITY: "1"
      MANAGE_IPTABLES: "on"
      PORT_FORWARD_SERVICES: "dns"
    ports:
      - "51821-51830:51821-51830/udp"
    expose:
      - "8081"
    labels:
      - traefik.enable=true
      - traefik.http.routers.netmaker-api.entrypoints=websecure
      - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`)
      - traefik.http.routers.netmaker-api.service=netmaker-api
      - traefik.http.services.netmaker-api.loadbalancer.server.port=8081
  netmaker-ui:
    container_name: netmaker-ui
    image: gravitl/netmaker-ui:v0.15.1
    depends_on:
      - netmaker
    links:
      - "netmaker:api"
    restart: always
    environment:
      BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"
    expose:
      - "80"
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN
      - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000
      - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true
      - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN
      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none
      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name
      - traefik.http.routers.netmaker-ui.entrypoints=websecure
      - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker
      - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`)
      - traefik.http.routers.netmaker-ui.service=netmaker-ui
      - traefik.http.services.netmaker-ui.loadbalancer.server.port=80
  coredns:
    container_name: coredns
    image: coredns/coredns
    command: -conf /root/dnsconfig/Corefile
    depends_on:
      - netmaker
    restart: always
    volumes:
      - dnsconfig:/root/dnsconfig
  traefik:
    image: traefik:v2.6
    container_name: traefik
    command:
      - "--certificatesresolvers.http.acme.email=YOUR_EMAIL"
      - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.http.acme.tlschallenge=true"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--entrypoints.websecure.http.tls.certResolver=http"
      - "--log.level=INFO"
      - "--providers.docker=true"
      - "--providers.docker.exposedByDefault=false"
      - "--serverstransport.insecureskipverify=true"
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_certs:/letsencrypt
    ports:
      - "443:443"
  mq:
    container_name: mq
    image: eclipse-mosquitto:2.0.11-openssl
    depends_on:
      - netmaker
    restart: unless-stopped
    volumes:
      - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
      - /root/dynamic-security.json:/mosquitto/config/dynamic-security.json
      - mosquitto_data:/mosquitto/data
      - mosquitto_logs:/mosquitto/log
    expose:
      - "8883"
    labels:
      - traefik.enable=true
      - traefik.tcp.routers.mqtts.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
      - traefik.tcp.routers.mqtts.tls.passthrough=true
      - traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883
      - traefik.tcp.routers.mqtts.service=mqtts-svc
      - traefik.tcp.routers.mqtts.entrypoints=websecure
volumes:
  traefik_certs: {}
  shared_certs: {}
  sqldata: {}
  dnsconfig: {}
  mosquitto_data: {}
  mosquitto_logs: {}
dns server setup 2021-05-05 05:36:55 +08:00			`version: "3.4"`
first commit 2021-03-26 00:17:52 +08:00
			`services:`
modify docker compose 2021-03-26 00:59:14 +08:00			`netmaker:`
			`container_name: netmaker`
versions for v0.15.1 2022-09-08 08:04:57 +08:00			`image: gravitl/netmaker:v0.15.1`
server installation section completed 2021-05-19 01:55:06 +08:00			`cap_add:`
			`- NET_ADMIN`
updating docker compose files 2022-02-09 11:22:16 +08:00			`- NET_RAW`
			`- SYS_MODULE`
			`sysctls:`
			`- net.ipv4.ip_forward=1`
			`- net.ipv4.conf.all.src_valid_mark=1`
updated v0.13.0 composes 2022-04-26 22:41:44 +08:00			`- net.ipv6.conf.all.disable_ipv6=0`
fixing ipv6 2022-05-02 22:48:00 +08:00			`- net.ipv6.conf.all.forwarding=1`
first commit 2021-03-26 00:17:52 +08:00			`restart: always`
updating composes 2022-07-07 22:54:18 +08:00			`volumes:`
			`- dnsconfig:/root/config/dnsconfig`
			`- sqldata:/root/data`
			`- shared_certs:/etc/netmaker`
completed quickstart guide 2021-05-17 23:55:03 +08:00			`environment:`
compose update 2 2022-04-26 23:02:21 +08:00			`SERVER_NAME: "broker.NETMAKER_BASE_DOMAIN"`
fixing default dns settings 2021-08-12 00:19:28 +08:00			`SERVER_HOST: "SERVER_PUBLIC_IP"`
updating install docs 2021-09-23 12:12:32 +08:00			`SERVER_API_CONN_STRING: "api.NETMAKER_BASE_DOMAIN:443"`
fixing default dns settings 2021-08-12 00:19:28 +08:00			`COREDNS_ADDR: "SERVER_PUBLIC_IP"`
			`DNS_MODE: "on"`
updating install docs 2021-09-23 12:12:32 +08:00			`SERVER_HTTP_HOST: "api.NETMAKER_BASE_DOMAIN"`
fixing default dns settings 2021-08-12 00:19:28 +08:00			`API_PORT: "8081"`
update composes 2021-10-07 23:28:24 +08:00			`CLIENT_MODE: "on"`
fixing default dns settings 2021-08-12 00:19:28 +08:00			`MASTER_KEY: "REPLACE_MASTER_KEY"`
			`CORS_ALLOWED_ORIGIN: "*"`
updating docs 2021-11-17 11:39:28 +08:00			`DISPLAY_KEYS: "on"`
updating docs to fix bugs and include telemetry 2022-01-23 01:31:32 +08:00			`DATABASE: "sqlite"`
fixing docker-compose 2021-11-04 04:50:42 +08:00			`NODE_ID: "netmaker-server-1"`
updating docker compose files 2022-02-09 11:22:16 +08:00			`MQ_HOST: "mq"`
updating composes 2022-07-07 22:54:18 +08:00			`MQ_PORT: "443"`
updating composes 2022-07-08 03:57:19 +08:00			`MQ_SERVER_PORT: "1883"`
updating docker compose files 2022-02-09 11:22:16 +08:00			`HOST_NETWORK: "off"`
			`VERBOSITY: "1"`
adding DNS to docker-compose 2022-05-03 23:40:45 +08:00			`MANAGE_IPTABLES: "on"`
updating readme 2022-05-25 03:17:39 +08:00			`PORT_FORWARD_SERVICES: "dns"`
updating docs to fix bugs and include telemetry 2022-01-23 01:31:32 +08:00			`ports:`
			`- "51821-51830:51821-51830/udp"`
updating composes 2022-07-07 22:54:18 +08:00			`expose:`
			`- "8081"`
			`labels:`
			`- traefik.enable=true`
			`- traefik.http.routers.netmaker-api.entrypoints=websecure`
			- traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`)
			`- traefik.http.routers.netmaker-api.service=netmaker-api`
			`- traefik.http.services.netmaker-api.loadbalancer.server.port=8081`
modify docker compose 2021-03-26 00:59:14 +08:00			`netmaker-ui:`
			`container_name: netmaker-ui`
versions for v0.15.1 2022-09-08 08:04:57 +08:00			`image: gravitl/netmaker-ui:v0.15.1`
first commit 2021-03-26 00:17:52 +08:00			`depends_on:`
modify docker compose 2021-03-26 00:59:14 +08:00			`- netmaker`
dns server setup 2021-05-05 05:36:55 +08:00			`links:`
			`- "netmaker:api"`
updating composes 2022-07-07 22:54:18 +08:00			`restart: always`
first commit 2021-03-26 00:17:52 +08:00			`environment:`
fixing default dns settings 2021-08-12 00:19:28 +08:00			`BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"`
updating composes 2022-07-07 22:54:18 +08:00			`expose:`
			`- "80"`
			`labels:`
			`- traefik.enable=true`
			`- traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN`
			`- traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000`
			`- traefik.http.middlewares.nmui-security.headers.browserXssFilter=true`
			`- traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN`
			`- traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none`
			`- traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name`
			`- traefik.http.routers.netmaker-ui.entrypoints=websecure`
			`- traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker`
			- traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`)
			`- traefik.http.routers.netmaker-ui.service=netmaker-ui`
			`- traefik.http.services.netmaker-ui.loadbalancer.server.port=80`
server installation section completed 2021-05-19 01:55:06 +08:00			`coredns:`
updating composes 2022-07-07 22:54:18 +08:00			`container_name: coredns`
server installation section completed 2021-05-19 01:55:06 +08:00			`image: coredns/coredns`
			`command: -conf /root/dnsconfig/Corefile`
updating composes 2022-07-07 22:54:18 +08:00			`depends_on:`
			`- netmaker`
server installation section completed 2021-05-19 01:55:06 +08:00			`restart: always`
			`volumes:`
			`- dnsconfig:/root/dnsconfig`
updating composes 2022-07-07 22:54:18 +08:00			`traefik:`
			`image: traefik:v2.6`
			`container_name: traefik`
			`command:`
			`- "--certificatesresolvers.http.acme.email=YOUR_EMAIL"`
			`- "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"`
			`- "--certificatesresolvers.http.acme.tlschallenge=true"`
			`- "--entrypoints.websecure.address=:443"`
			`- "--entrypoints.websecure.http.tls=true"`
			`- "--entrypoints.websecure.http.tls.certResolver=http"`
			`- "--log.level=INFO"`
			`- "--providers.docker=true"`
			`- "--providers.docker.exposedByDefault=false"`
			`- "--serverstransport.insecureskipverify=true"`
			`restart: always`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`- traefik_certs:/letsencrypt`
updating readme 2022-05-25 03:17:39 +08:00			`ports:`
			`- "443:443"`
updating docker compose files 2022-02-09 11:22:16 +08:00			`mq:`
updating composes 2022-07-07 22:54:18 +08:00			`container_name: mq`
compose update 2 2022-04-26 23:02:21 +08:00			`image: eclipse-mosquitto:2.0.11-openssl`
			`depends_on:`
			`- netmaker`
updating docker compose files 2022-02-09 11:22:16 +08:00			`restart: unless-stopped`
			`volumes:`
			`- /root/mosquitto.conf:/mosquitto/config/mosquitto.conf`
add mq dynamic security conf to docker 2022-09-14 02:03:17 +08:00			`- /root/dynamic-security.json:/mosquitto/config/dynamic-security.json`
updating docker compose files 2022-02-09 11:22:16 +08:00			`- mosquitto_data:/mosquitto/data`
			`- mosquitto_logs:/mosquitto/log`
updating composes 2022-07-07 22:54:18 +08:00			`expose:`
			`- "8883"`
			`labels:`
			`- traefik.enable=true`
			- traefik.tcp.routers.mqtts.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
			`- traefik.tcp.routers.mqtts.tls.passthrough=true`
			`- traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883`
			`- traefik.tcp.routers.mqtts.service=mqtts-svc`
			`- traefik.tcp.routers.mqtts.entrypoints=websecure`
first commit 2021-03-26 00:17:52 +08:00			`volumes:`
updating composes 2022-07-07 22:54:18 +08:00			`traefik_certs: {}`
			`shared_certs: {}`
fixing default dns settings 2021-08-12 00:19:28 +08:00			`sqldata: {}`
server installation section completed 2021-05-19 01:55:06 +08:00			`dnsconfig: {}`
updating docker compose files 2022-02-09 11:22:16 +08:00			`mosquitto_data: {}`
			`mosquitto_logs: {}`