<liclass="md-nav__item"><ahref="#slim-install-no-dns-no-client-mode-no-secure-grpc"class="md-nav__link">Slim Install - No DNS, No Client Mode, No Secure GRPC</a>
<liclass="md-nav__item"><ahref="#slim-install-no-dns-no-client-mode-no-secure-grpc"class="md-nav__link">Slim Install - No DNS, No Client Mode, No Secure GRPC</a>
<h1id="server-installation--page-root">Server Installation<aclass="headerlink"href="#server-installation--page-root"title="Permalink to this headline">¶</a></h1>
<p>This section outlines installing the Netmaker server, including Netmaker, Netmaker UI, MongoDB, and CoreDNS</p>
<h2id="notes-on-optional-features">Notes on Optional Features<aclass="headerlink"href="#notes-on-optional-features"title="Permalink to this headline">¶</a></h2>
<p>There are a few key options to keep in mind when deploying Netmaker. All of the following options are enabled by default but can be disabled with a single flag at runtime (see Customization). In addition to these options, there are many more Customizable components which will be discussed later on and help to solve for special challenges and use cases.</p>
<p><strong>Client Mode:</strong> Client Mode enables Netmaker to control the underlying host server’s Network. This can make management a bit easier, because Netmaker can be added into networks via a button click in the UI. This is especially useful for things like Gateways, and will open up additional options in future versions, for instance, allowing Netmaker to easily become a relay server.</p>
<p>Client Mode requires many additional privileges on the host machine, since Netmaker needs to control kernel WireGuard. Because of this, if running in Client Mode, you must run with root privileges and mount many system directories to the Netmaker container. Running without Client Mode allows you to install without privilege escalation and increases the number of compatible systems substantially.</p>
<p><strong>DNS Mode:</strong> DNS Mode enables Netmaker to write configuration files for CoreDNS, which can be set as a DNS Server for nodes. DNS Mode, paired with a CoreDNS deployment, requires use of port 53. On many linux systems (such as Ubuntu), port 53 is already in use to support local DNS, via systemd-resolved. Running in DNS Mode may require making modifications on the host machine.</p>
<p><strong>Secure GRPC</strong>: Secure GRPC ensures all communications between nodes and the server are encrypted. Netmaker sets up a default “comms” network that exists only for nodes to connect to the server. It acts as a hub-and-spoke WireGuard network. In the below installation instructions, when port 50555 needs to be open, this is referring to the WireGuard port for Netmaker’s GRPC comms. When it is port 50051, secure comms is not enabled.</p>
<p>When Secure GRPC is enabled, before any nodes can join a Netmaker network, they request to join the comms network, and are given the appropriate WireGuard configs to connect to the server. Then they are able to make requests against the private netmaker endpoint specified for the comms network (10.101.0.1 by default). If switched off, communications are not secure between the hub and nodes over GRPC (it is like http vs https), and likewise, certificates must be added to gain secure communications.</p>
<p><strong>Agent Backend:</strong> The Agent Backend is the GRPC server (by default running on port 50051). This port is not needed for the admin server. If your use case requires special access configuration, you can run two Netmaker instances, one for the admin server, and one for node access.</p>
<p><strong>REST Backend:</strong> Similar to the above, the REST backend runs by default on port 8081, and is used for admin API and UI access. By enabling the REST backend while disabling the Agent backend, you can separate the two functions for more restricted environments.</p>
<h2id="system-compatibility">System Compatibility<aclass="headerlink"href="#system-compatibility"title="Permalink to this headline">¶</a></h2>
<p>Both <strong>Client Mode</strong> and <strong>Secure GRPC</strong> require WireGuard to be installed on the host system, and will require elevated privileges to perform network operations..</p>
<p>When both of these features are <strong>disabled</strong>, Netmaker can be run on any system that supports Docker, including Windows, Mac, and Linux, and other systems. With these features disabled, no special privileges are required. Netmaker will only need ports for GRPC (50051 by default), the API (8081 by default), and CoreDNS (53, if enabled).</p>
<p>With Client Mode and/or Secure GRPC <strong>enabled</strong> (the default), Netmaker has the same limitations as the <aclass="reference internal"href="client-installation.html"><spanclass="doc">netclient</span></a> (client networking agent), because client mode just means that the Netmaker server is also running a netclient.</p>
<p>These modes require privileged (root) access to the host machine. In addition, Client Mode requires multiple host directory mounts. WireGuard must be installed, the system must be systemd Linux (see <aclass="reference internal"href="architecture.html"><spanclass="doc">compatible systems</span></a> for more details).</p>
<p>To run a non-docker installation, you must run the Netmaker binary, CoreDNS binary, MongoDB, and a web server directly on the host. This requires all the requirements for those individual components. Our guided install assumes systemd-based linux, but there are many other ways to install Netmaker’s individual components onto machines that do not support Docker.</p>
<h2id="dns-mode-prereqisite-setup">DNS Mode Prereqisite Setup<aclass="headerlink"href="#dns-mode-prereqisite-setup"title="Permalink to this headline">¶</a></h2>
<p>If you plan on running the server in DNS Mode, know that a <aclass="reference external"href="https://coredns.io/manual/toc/">CoreDNS Server</a> will be installed. CoreDNS is a light-weight, fast, and easy-to-configure DNS server. It is recommended to bind CoreDNS to port 53 of the host system, and it will do so by default. The clients will expect the nameserver to be on port 53, and many systems have issues resolving a different port.</p>
<p>However, on your host system (for Netmaker), this may conflict with an existing process. On linux systems running systemd-resolved, there is likely a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. Be warned that this may have consequences for any existing private DNS configuration. The following was tested on Ubuntu 20.04 and should be run prior to deploying the docker containers.</p>
<p>Port 53 should now be available for CoreDNS to use.</p>
<h2id="docker-compose-install">Docker Compose Install<aclass="headerlink"href="#docker-compose-install"title="Permalink to this headline">¶</a></h2>
<p>The most simple (and recommended) way of installing Netmaker is to use one of the provided <aclass="reference external"href="https://github.com/gravitl/netmaker/tree/feature_v0.3.5_docs/compose">Docker Compose files</a>. Below are instructions for several different options to install Netmaker via Docker Compose, followed by an annotated reference Docker Compose in case your use case requires additional customization.</p>
<h3id="slim-install-no-dns-no-client-mode-no-secure-grpc">Slim Install - No DNS, No Client Mode, No Secure GRPC<aclass="headerlink"href="#slim-install-no-dns-no-client-mode-no-secure-grpc"title="Permalink to this headline">¶</a></h3>
<p>This is the same docker compose covered in the <aclass="reference internal"href="quick-start.html"><spanclass="doc">quick start</span></a>. It requires no special privileges and can run on any system with Docker and Docker Compose. However, it also does not have the full feature set, and lacks Client Mode and DNS Mode.</p>
<li><p>You can still run the netclient on the host system even if Client Mode is not enabled. It will just be managed like the netclient on any other nodes, and will not be automatically managed by thhe server/UI.</p></li>
<li><p>You can change the port mappings in the Docker Compose if the listed ports are already in use.</p></li>
</ul>
</dd>
</dl>
<p>Assuming you have Docker and Docker Compose installed, you can just run the following, replacing <strong>< Insert your-host IP Address Here ></strong> with your host IP (or domain):</p>
<h3id="full-install-dns-client-mode-and-secure-grpc-enabled">Full Install - DNS, Client Mode, and Secure GRPC Enabled<aclass="headerlink"href="#full-install-dns-client-mode-and-secure-grpc-enabled"title="Permalink to this headline">¶</a></h3>
<li><p>You can change the port mappings in the Docker Compose if the listed ports are already in use.</p></li>
<li><p>You can run CoreDNS on a non-53 port, but this likely will cause issues on the client side (DNS on non-standard port). We do not recommend this and do not cover how to manage running CoreDNS on a different port for clients, which will likely have problems resolving a nameserver on a non-53 port.</p></li>
</ul>
</dd>
</dl>
<p>Assuming you have Docker and Docker Compose installed, you can just run the following, replacing <strong>< Insert your-host IP Address Here ></strong> with your host IP (or domain):</p>
<h3id="server-only-install-ui-dns-client-disabled">Server Only Install - UI, DNS, Client Disabled<aclass="headerlink"href="#server-only-install-ui-dns-client-disabled"title="Permalink to this headline">¶</a></h3>
<p>A “Server Only” install can be helpful for scenarios in which you do not want to run the UI. the UI is not mandatory for running a Netmaker network, but it makes the process easier. This mode also diables DNS and Client Modes, though you can add those back in if needed. There is no UI dependency on Client Mode or DNS Mode.</p>
<li><p>You can still run the netclient on the host system even if Client Mode is not enabled. It will just be managed like the netclient on any other nodes, and will not be automatically managed by thhe server/UI.</p></li>
<li><p>You can change the port mappings in the Docker Compose if the listed ports are already in use.</p></li>
</ul>
</dd>
</dl>
<p>Assuming you have Docker and Docker Compose installed, you can just run the following, replacing <strong>< Insert your-host IP Address Here ></strong> with your host IP (or domain):</p>
<h3id="no-dns-coredns-disabled-client-enabled">No DNS - CoreDNS Disabled, Client Enabled<aclass="headerlink"href="#no-dns-coredns-disabled-client-enabled"title="Permalink to this headline">¶</a></h3>
<p>DNS Mode is currently limited to clients that can run resolvectl (systemd-resolved, see <aclass="reference internal"href="architecture.html"><spanclass="doc">Architecture docs</span></a> for more info). You may wish to disable DNS mode for various reasons. This installation option gives you the full feature set minus CoreDNS.</p>
<li><p>You can change the port mappings in the Docker Compose if the listed ports are already in use.</p></li>
<li><p>If you would like to run DNS Mode, but disable it on some clients, this is also an option. See the <aclass="reference internal"href="client-installation.html"><spanclass="doc">client installation</span></a> documentation for more details.</p></li>
</ul>
</dd>
</dl>
<p>Assuming you have Docker and Docker Compose installed, you can just run the following, replacing <strong>< Insert your-host IP Address Here ></strong> with your host IP (or domain):</p>
<h3id="no-client-dns-enabled-client-disabled">No Client - DNS Enabled, Client Disabled<aclass="headerlink"href="#no-client-dns-enabled-client-disabled"title="Permalink to this headline">¶</a></h3>
<p>You may want to provide DNS, but do not want to run the server with special privileges, in which case you can run with just Client Mode disabled. It requires no special privileges and can run on any system with Docker and Docker Compose.</p>
<li><p>You can still run the netclient on the host system even if Client Mode is not enabled. It will just be managed like the netclient on any other nodes, and will not be automatically managed by thhe server/UI.</p></li>
<li><p>You can change the port mappings in the Docker Compose if the listed ports are already in use.</p></li>
</ul>
</dd>
</dl>
<p>Assuming you have Docker and Docker Compose installed, you can just run the following, replacing <strong>< Insert your-host IP Address Here ></strong> with your host IP (or domain):</p>
<h3id="reference-compose-file-annotated">Reference Compose File - Annotated<aclass="headerlink"href="#reference-compose-file-annotated"title="Permalink to this headline">¶</a></h3>
<p>All environment variables and options are enabled in this file. It is the equivalent to running the “full install” from the above section. However, all environment variables are included, and are set to the default values provided by Netmaker (if the environment variable was left unset, it would not change the installation). Comments are added to each option to show how you might use it to modify your installation.</p>
<spanclass="p p-Indicator">-</span><spanclass="s">"27017:27017"</span><spanclass="c1"># Port Mapping for MongoDB. Can be modified, but be sure to change the MONGO_PORT env var in netmaker</span>
<spanclass="nt">MONGO_INITDB_ROOT_USERNAME</span><spanclass="p">:</span><spanclass="l l-Scalar l-Scalar-Plain">mongoadmin</span><spanclass="c1"># Default username. Recommend changing for production installs. You will need to set MONGO_ADMIN netmaker env var.</span>
<spanclass="nt">MONGO_INITDB_ROOT_PASSWORD</span><spanclass="p">:</span><spanclass="l l-Scalar l-Scalar-Plain">mongopass</span><spanclass="c1"># Default password. Recommend changing for production installs. You will need to set MONGO_PASS netmaker env var.</span>
<spanclass="nt">netmaker</span><spanclass="p">:</span><spanclass="c1"># The Primary Server for running Netmaker</span>
<spanclass="nt">privileged</span><spanclass="p">:</span><spanclass="l l-Scalar l-Scalar-Plain">true</span><spanclass="c1"># Necessary to run sudo/root level commands on host system. Take out if not running with CLIENT_MODE=on</span>
<spanclass="nt">volumes</span><spanclass="p">:</span><spanclass="c1"># Volume mounts necessary for CLIENT_MODE to control netclient, wireguard, and networking on host (except dnsconfig, which is where dns config files are stored for use by CoreDNS)</span>
<spanclass="p p-Indicator">-</span><spanclass="l l-Scalar l-Scalar-Plain">dnsconfig:/root/config/dnsconfig</span><spanclass="c1"># Netmaker writes Corefile to this location, which gets mounted by CoreDNS for DNS configuration.</span>
<spanclass="nt">network_mode</span><spanclass="p">:</span><spanclass="l l-Scalar l-Scalar-Plain">host</span><spanclass="c1"># Necessary for CLIENT_MODE. Should be removed if turned off, but then need to add port mappings</span>
<spanclass="nt">SERVER_HOST</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># All the Docker Compose files pre-populate this with HOST_IP, which you replace as part of the install instructions. This will set both HTTP and GRPC host.</span>
<spanclass="nt">SERVER_HTTP_HOST</span><spanclass="p">:</span><spanclass="s">"127.0.0.1"</span><spanclass="c1"># Overrides SERVER_HOST if set. Useful for making HTTP and GRPC available via different interfaces/networks.</span>
<spanclass="nt">SERVER_GRPC_HOST</span><spanclass="p">:</span><spanclass="s">"127.0.0.1"</span><spanclass="c1"># Overrides SERVER_HOST if set. Useful for making HTTP and GRPC available via different interfaces/networks.</span>
<spanclass="nt">API_PORT</span><spanclass="p">:</span><spanclass="l l-Scalar l-Scalar-Plain">8081</span><spanclass="c1"># The HTTP API port for Netmaker. Used for API calls / communication from front end. If changed, need to change port of BACKEND_URL for netmaker-ui.</span>
<spanclass="nt">GRPC_PORT</span><spanclass="p">:</span><spanclass="l l-Scalar l-Scalar-Plain">50051</span><spanclass="c1"># The GRPC port for Netmaker. Used for communications from nodes.</span>
<spanclass="nt">MASTER_KEY</span><spanclass="p">:</span><spanclass="s">"secretkey"</span><spanclass="c1"># The admin master key for accessing the API. Change this in any production installation.</span>
<spanclass="nt">CORS_ALLOWED_ORIGIN</span><spanclass="p">:</span><spanclass="s">"*"</span><spanclass="c1"># The "allowed origin" for API requests. Change to restrict where API requests can come from.</span>
<spanclass="nt">REST_BACKEND</span><spanclass="p">:</span><spanclass="s">"on"</span><spanclass="c1"># Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST). Change to "off" to turn off.</span>
<spanclass="nt">AGENT_BACKEND</span><spanclass="p">:</span><spanclass="s">"on"</span><spanclass="c1"># Enables the AGENT backend (GRPC running on GRPC_PORT at SERVER_GRPC_HOST). Change to "off" to turn off.</span>
<spanclass="nt">CLIENT_MODE</span><spanclass="p">:</span><spanclass="s">"on"</span><spanclass="c1"># Enables Client Mode, meaning netclient will be deployed on server and will be manageable from UI. Change to "off" to turn off.</span>
<spanclass="nt">DNS_MODE</span><spanclass="p">:</span><spanclass="s">"on"</span><spanclass="c1"># Enables DNS Mode, meaning config files will be generated for CoreDNS. Note, turning "off" does not remove CoreDNS. You still need to remove CoreDNS from compose file.</span>
<spanclass="nt">DISABLE_REMOTE_IP_CHECK</span><spanclass="p">:</span><spanclass="s">"off"</span><spanclass="c1"># If turned "on", Server will not set Host based on remote IP check. This is already overridden if SERVER_HOST is set. Turned "off" by default.</span>
<spanclass="nt">MONGO_ADMIN</span><spanclass="p">:</span><spanclass="s">"mongoadmin"</span><spanclass="c1"># Admin user for MongoDB. Change to match above MongoDB instance</span>
<spanclass="nt">MONGO_PASS</span><spanclass="p">:</span><spanclass="s">"mongopass"</span><spanclass="c1"># Admin password for MongoDB. Change to match above MongoDB instance</span>
<spanclass="nt">MONGO_HOST</span><spanclass="p">:</span><spanclass="s">"127.0.0.1"</span><spanclass="c1"># Address of MongoDB. Change if necessary.</span>
<spanclass="nt">MONGO_PORT</span><spanclass="p">:</span><spanclass="s">"27017"</span><spanclass="c1"># Port of MongoDB. Change if necessary.</span>
<spanclass="nt">MONGO_OPTS</span><spanclass="p">:</span><spanclass="s">"/?authSource=admin"</span><spanclass="c1"># Opts to enable admin login for Mongo.</span>
<spanclass="nt">SERVER_GRPC_WIREGUARD</span><spanclass="p">:</span><spanclass="s">"on"</span><spanclass="c1"># Whether to run GRPC over a WireGuard network. On by default. Secures server comms. Switch to "off" to turn off.</span>
<spanclass="nt">SERVER_GRPC_WG_INTERFACE</span><spanclass="p">:</span><spanclass="s">"nm-grpc-wg"</span><spanclass="c1"># Interface to use for GRPC WireGuard network if enabled</span>
<spanclass="nt">SERVER_GRPC_WG_ADDRESS</span><spanclass="p">:</span><spanclass="s">"10.101.0.1"</span><spanclass="c1"># Private Address to use for GRPC WireGuard network if enabled</span>
<spanclass="nt">SERVER_GRPC_WG_ADDRESS_RANGE</span><spanclass="p">:</span><spanclass="s">"10.101.0.0/16"</span><spanclass="c1"># Private Address range to use for GRPC WireGard clients if enabled</span>
<spanclass="nt">SERVER_GRPC_WG_PORT</span><spanclass="p">:</span><spanclass="s">"50555"</span><spanclass="c1"># Port to use for GRPC WireGuard if enabled</span>
<spanclass="nt">SERVER_GRPC_WG_PUBKEY</span><spanclass="p">:</span><spanclass="s">"SERVER_GRPC_WG_PUBKEY"</span><spanclass="c1"># PublicKey for GRPC WireGuard interface. Generated if blank.</span>
<spanclass="nt">SERVER_GRPC_WG_PRIVKEY</span><spanclass="p">:</span><spanclass="s">"SERVER_GRPC_WG_PRIVKEY"</span><spanclass="c1"># PrivateKey for GRPC WireGuard interface. Generated if blank.</span>
<spanclass="nt">BACKEND_URL</span><spanclass="p">:</span><spanclass="s">"http://HOST_IP:8081"</span><spanclass="c1"># URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT</span>
<spanclass="nt">MASTER_KEY</span><spanclass="p">:</span><spanclass="s">"secretkey"</span><spanclass="c1"># Master Key for API calls. Will be removed in v0.3.5</span>
<spanclass="nt">coredns</span><spanclass="p">:</span><spanclass="c1"># The DNS Server. Remove this section if DNS_MODE="off"</span>
<spanclass="nt">command</span><spanclass="p">:</span><spanclass="l l-Scalar l-Scalar-Plain">-conf /root/dnsconfig/Corefile</span><spanclass="c1"># Config location for Corefile. This is the path of file which is also mounted to Netmaker for modification.</span>
<spanclass="p p-Indicator">-</span><spanclass="s">"53:53/udp"</span><spanclass="c1"># Likely needs to run at port 53 for adequate nameserver usage.</span>
<h2id="linux-install-without-docker">Linux Install without Docker<aclass="headerlink"href="#linux-install-without-docker"title="Permalink to this headline">¶</a></h2>
<p>Most systems support Docker, but some, such as LXC, do not. In such environments, there are many options for installing Netmaker. Netmaker is available as a binary file, and there is a zip file of the Netmaker UI static HTML on GitHub. Beyond the UI and Server, you need to install MongoDB and CoreDNS (optional).</p>
<p>Below is a guided set of instructions for installing without Docker on Ubuntu 20.04. Depending on your system, the steps may vary.</p>
<h3id="mongodb-setup">MongoDB Setup<aclass="headerlink"href="#mongodb-setup"title="Permalink to this headline">¶</a></h3>
<olclass="arabic simple">
<li><dlclass="simple">
<dt>Install MongoDB on your server:</dt><dd><ulclass="simple">
<li><p>For more advanced installation or other operating systems, see the <aclass="reference external"href="https://docs.mongodb.com/manual/administration/install-community/">MongoDB documentation</a>.</p></li>
<li><p>If any settings are incorrect such as host or mongo credentials, change them under /etc/netmaker/config/environments/< your env >.yaml and then run <codeclass="docutils literal notranslate"><spanclass="pre">sudo</span><spanclass="pre">systemctl</span><spanclass="pre">restart</span><spanclass="pre">netmaker</span></code></p></li>
</ol>
<h3id="ui-setup">UI Setup<aclass="headerlink"href="#ui-setup"title="Permalink to this headline">¶</a></h3>
<p>The following uses NGinx as an http server. You may alternatively use Apache or any other web server that serves static web files.</p>
<h3id="coredns-setup">CoreDNS Setup<aclass="headerlink"href="#coredns-setup"title="Permalink to this headline">¶</a></h3>
<h2id="kubernetes-install">Kubernetes Install<aclass="headerlink"href="#kubernetes-install"title="Permalink to this headline">¶</a></h2>
<p><strong>This configuration is coming soon.</strong> It will allow you to deploy Netmaker on a Kubernetes cluster.</p>
<h2id="configuration-reference">Configuration Reference<aclass="headerlink"href="#configuration-reference"title="Permalink to this headline">¶</a></h2>
<p>The “Reference Compose File” (above) explains many of these options. However, it is important to understand fundamentally how Netmaker sets its configuration:</p>
<olclass="arabic simple">
<li><p>Defaults</p></li>
<li><p>Config File</p></li>
<li><p>Environment Variables</p></li>
</ol>
<h3id="variable-description">Variable Description<aclass="headerlink"href="#variable-description"title="Permalink to this headline">¶</a></h3>
<dl>
<dt>SERVER_HOST:</dt><dd><p><strong>Default:</strong> Server will perform an IP check and set automatically unless explicitly set, or DISABLE_REMOTE_IP_CHECK is set to true, in which case it defaults to 127.0.0.1</p>
<p><strong>Description:</strong> Sets the SERVER_HTTP_HOST and SERVER_GRPC_HOST variables if they are unset. The address where traffic comes in.</p>
</dd>
<dt>SERVER_HTTP_HOST:</dt><dd><p><strong>Default:</strong> Equals SERVER_HOST if set, “127.0.0.1” if SERVER_HOST is unset.</p>
<p><strong>Description:</strong> Set to make the HTTP and GRPC functions available via different interfaces/networks.</p>
</dd>
<dt>SERVER_GRPC_HOST:</dt><dd><p><strong>Default:</strong> Equals SERVER_HOST if set, “127.0.0.1” if SERVER_HOST is unset.</p>
<p><strong>Description:</strong> Set to make the HTTP and GRPC functions available via different interfaces/networks.</p>
<p><strong>Description:</strong> Enables Client Mode, meaning netclient will be deployed on server and will be manageable from UI. Change to “off” to turn off.</p>
<p><strong>Description:</strong> If turned “on”, Server will not set Host based on remote IP check. This is already overridden if SERVER_HOST is set. Turned “off” by default.</p>
<p><strong>Description:</strong> Whether to run GRPC over a WireGuard network. On by default. Secures the server comms. Switch to “off” to turn off. If off and running in production, make sure to have certificates installed to secure GRPC communications.</p>
<p><strong>Description:</strong> Private Address range to use for GRPC WireGard clients if enabled. Gives 65,534 total addresses for all of netmaker. If running a larger network, will need to configure addresses differently, for instance using ipv6, or use certificates instead.</p>
<p><strong>Description:</strong> Determines if an Access Key is required to join the Comms network. Blank (meaning ‘no’) by default. Set to “yes” to turn on.</p>
<h3id="config-file-reference">Config File Reference<aclass="headerlink"href="#config-file-reference"title="Permalink to this headline">¶</a></h3>
<p>A config file may be placed under config/environments/<env-name>.yml. To read this file at runtime, provide the environment variable ENV at runtime. For instance, dev.yml paired with ENV=dev. Netmaker will load the specified Config file. This allows you to store and manage configurations for different environments. Below is a reference Config File you may use.</p>
<spanclass="nt">apihost</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 127.0.0.1 or remote ip (SERVER_HOST) if DisableRemoteIPCheck is not set to true. SERVER_API_HOST if set</span>
<spanclass="nt">apiport</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 8081 or HTTP_PORT (if set)</span>
<spanclass="nt">grpchost</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 127.0.0.1 or remote ip (SERVER_HOST) if DisableRemoteIPCheck is not set to true. SERVER_GRPC_HOST if set.</span>
<spanclass="nt">grpcport</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 50051 or GRPC_PORT (if set)</span>
<spanclass="nt">masterkey</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 'secretkey' or MASTER_KEY (if set)</span>
<spanclass="nt">allowedorigin</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to '*' or CORS_ALLOWED_ORIGIN (if set)</span>
<spanclass="nt">restbackend</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "on" or REST_BACKEND (if set)</span>
<spanclass="nt">agentbackend</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "on" or AGENT_BACKEND (if set)</span>
<spanclass="nt">clientmode</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "on" or CLIENT_MODE (if set)</span>
<spanclass="nt">dnsmode</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "on" or DNS_MODE (if set)</span>
<spanclass="nt">disableremoteipcheck</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "false" or DISABLE_REMOTE_IP_CHECK (if set)</span>
<spanclass="nt">user</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "mongoadmin" or MONGO_ADMIN (if set)</span>
<spanclass="nt">pass</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "mongopass" or MONGO_PASS (if set)</span>
<spanclass="nt">host</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 127.0.0.1 or MONGO_HOST (if set)</span>
<spanclass="nt">port</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 27017 or MONGO_PORT (if set)</span>
<spanclass="nt">opts</span><spanclass="p">:</span><spanclass="s">''</span><spanclass="c1"># defaults to '/?authSource=admin' or MONGO_OPTS (if set)</span>
<spanclass="nt">keyrequired</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "". If set to "yes", a key is required for signing up for the comms network </span>
<spanclass="nt">grpcwg</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to "on" or SERVER_GRPC_WIREGUARD if set</span>
<spanclass="nt">grpciface</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to nm-grpc-wg or SERVER_GRPC_WG_INTERFACE if set</span>
<spanclass="nt">grpcaddr</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 10.101.0.1 or SERVER_GRPC_WG_ADDRESS if set</span>
<spanclass="nt">grpcaddrrange</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 10.101.0.0/16 or SERVER_GRPC_WG_ADDRESS_RANGE if set</span>
<spanclass="nt">grpcendpoint</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to SERVER_HOST if unset</span>
<spanclass="nt">grpcport</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to 50555 or SERVER_GRPC_WG_PORT if set</span>
<spanclass="nt">pubkey</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to generated value or SERVER_GRPC_WG_PUBKEY if set</span>
<spanclass="nt">privkey</span><spanclass="p">:</span><spanclass="s">""</span><spanclass="c1"># defaults to generated value or SERVER_GRPC_WG_PRIVKEY if set</span>
