Merge pull request #986 from fersingb/master

Fix docker config to avoid exposing ports unnecessarily
2025-02-25 08:34:47 +08:00 · 2022-05-12 10:44:52 -04:00 · 2022-05-12 10:44:52 -04:00 · 60c6e377f8
commit 60c6e377f8
parent ca712e70d2 d919b311b5
3 changed files with 15 additions and 18 deletions
--- a/compose/docker-compose.contained.yml
+++ b/compose/docker-compose.contained.yml
@ -39,7 +39,6 @@ services:
      PORT_FORWARD_SERVICES: "dns"
    ports:
      - "51821-51830:51821-51830/udp"
-      - "8081:8081"
  netmaker-ui:
    container_name: netmaker-ui
    depends_on:
@ -47,8 +46,6 @@ services:
    image: gravitl/netmaker-ui:v0.13.1
    links:
      - "netmaker:api"
-    ports:
-      - "8082:80"
    environment:
      BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"
    restart: always
@ -65,7 +62,9 @@ services:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
-    network_mode: host # Wants ports 80 and 443!
+    ports:
+      - "80:80"
+      - "443:443"
    volumes:
      - /root/Caddyfile:/etc/caddy/Caddyfile
      # - $PWD/site:/srv # you could also serve a static site in site folder
@ -78,7 +77,6 @@ services:
    container_name: mq
    restart: unless-stopped
    ports:
-      - "127.0.0.1:1883:1883"
      - "8883:8883"
    volumes:
      - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
--- a/docker/Caddyfile
+++ b/docker/Caddyfile
@ -21,11 +21,10 @@ https://dashboard.NETMAKER_BASE_DOMAIN {
                -Server
        }

-        reverse_proxy http://127.0.0.1:8082
+        reverse_proxy http://netmaker-ui
 }

 # API
 https://api.NETMAKER_BASE_DOMAIN {
-        reverse_proxy http://127.0.0.1:8081
+        reverse_proxy http://netmaker:8081
 }
-
--- a/scripts/nm-quick.sh
+++ b/scripts/nm-quick.sh
@ -176,23 +176,23 @@ sleep 2
 setup_mesh() {
 echo "creating default network (10.101.0.0/16)"

-curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"default"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
+curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"default"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks

 sleep 2

 echo "creating default key"

-curlresponse=$(curl -s -d '{"uses":99999,"name":"defaultkey"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks/default/keys)
+curlresponse=$(curl -s -d '{"uses":99999,"name":"defaultkey"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks/default/keys)
 ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse})

 sleep 2

 echo "configuring netmaker server as ingress gateway"

-curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default)
+curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/default)
 SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})

-curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default/$SERVER_ID/createingress
+curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/default/$SERVER_ID/createingress

 echo "finished configuring server and network. You can now add clients."
 echo ""
@ -217,16 +217,16 @@ echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
 setup_vpn() {
 echo "creating vpn network (10.201.0.0/16)"

-curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
+curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks

 sleep 2

 echo "configuring netmaker server as vpn inlet..."

-curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
+curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
 SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})

-curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/createingress
+curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/createingress

 echo "waiting 10 seconds for server to apply configuration..."

@ -239,7 +239,7 @@ echo "configuring netmaker server vpn gateway..."

 echo "gateway iface: $GATEWAY_IFACE"

-curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
+curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
 SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})

 EGRESS_JSON=$( jq -n \
@ -248,7 +248,7 @@ EGRESS_JSON=$( jq -n \


 echo "egress json: $EGRESS_JSON"
-curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/creategateway
+curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/creategateway

 echo "creating client configs..."

@ -258,7 +258,7 @@ do
                  --arg clientid "vpnclient-$a" \
                  '{clientid: $clientid}' )

-        curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/extclients/vpn/$SERVER_ID
+        curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/extclients/vpn/$SERVER_ID
 done

 echo "finished configuring vpn server."