diff --git a/.env-template b/.env-template deleted file mode 100644 index c21dbcb07c..0000000000 --- a/.env-template +++ /dev/null @@ -1,37 +0,0 @@ -### Core configuration ### -DEFGUARD_AUTH_SECRET=defguard-auth-secret -DEFGUARD_GATEWAY_SECRET=defguard-gateway-secret -DEFGUARD_YUBIBRIDGE_SECRET=defguard-yubibridge-secret -DEFGUARD_SECRET_KEY=defguard-secret-key -DEFGUARD_URL=http://localhost:8000 -# For localhost only: -DEFGUARD_COOKIE_INSECURE=true -# How long auth session lives in seconds -DEFGUARD_AUTH_SESSION_LIFETIME=604800 -# Optional. Generated based on DEFGUARD_URL if not provided. -# DEFGUARD_WEBAUTHN_RP_ID=localhost -DEFGUARD_ADMIN_GROUPNAME=admin -DEFGUARD_DEFAULT_ADMIN_PASSWORD=pass123 - -### Logging ### -DEFGUARD_LOG_LEVEL=info - -### Proxy configuration ### -# Optional. URL of proxy gRPC server -# DEFGUARD_PROXY_URL=http://localhost:50051 - -### LDAP configuration ### -DEFGUARD_LDAP_URL=ldap://localhost:389 -DEFGUARD_LDAP_SERVICE_PASSWORD=adminpassword -DEFGUARD_LDAP_USER_SEARCH_BASE="ou=users,dc=example,dc=org" -DEFGUARD_LDAP_GROUP_SEARCH_BASE="ou=groups,dc=example,dc=org" -DEFGUARD_LDAP_DEVICE_SEARCH_BASE="ou=devices,dc=example,dc=org" - -### DB configuration ### -DEFGUARD_DB_HOST="localhost" -DEFGUARD_DB_PORT=5432 -DEFGUARD_DB_NAME="defguard" -DEFGUARD_DB_USER="defguard" -DEFGUARD_DB_PASSWORD="defguard" -# for SQLX CLI -DATABASE_URL="postgresql://defguard:defguard@localhost/defguard" diff --git a/.env.example b/.env.example new file mode 100644 index 0000000000..457538b68c --- /dev/null +++ b/.env.example @@ -0,0 +1,28 @@ +### DB configuration ### +DEFGUARD_DB_HOST="localhost" +DEFGUARD_DB_PORT=5432 +DEFGUARD_DB_NAME="defguard" +DEFGUARD_DB_USER="defguard" +DEFGUARD_DB_PASSWORD="defguard" +# for SQLX CLI +DATABASE_URL="postgresql://defguard:defguard@localhost/defguard" + +### For localhost only ### +# DEFGUARD_COOKIE_INSECURE=true + +### Logging ### +DEFGUARD_LOG_LEVEL=info + +### HTTP Port ### +DEFGUARD_HTTP_PORT=8000 + +### GRPC Port ### +DEFGUARD_GRPC_PORT=50055 +# DEFGUARD_GRPC_BIND_ADDRESS= +# DEFGUARD_HTTP_BIND_ADDRESS= + +### OpenID Connect ### +# DEFGUARD_OPENID_KEY= + +### Docker-compose images ### +IMAGE_TAG=dev diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e5eb11577..14825e0e18 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -149,7 +149,7 @@ jobs: fpm_args: "defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service - .env-template=/etc/defguard/core.conf" + .env.example=/etc/defguard/core.conf" fpm_opts: "--architecture amd64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb" - name: Build aarch64 DEB package @@ -158,7 +158,7 @@ jobs: fpm_args: "defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service - .env-template=/etc/defguard/core.conf" + .env.example=/etc/defguard/core.conf" fpm_opts: "--architecture arm64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb" - name: Build x86_64 RPM package @@ -167,7 +167,7 @@ jobs: fpm_args: "defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service - .env-template=/etc/defguard/core.conf" + .env.example=/etc/defguard/core.conf" fpm_opts: "--architecture amd64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm" - name: Build aarch64 RPM package @@ -176,7 +176,7 @@ jobs: fpm_args: "defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service - .env-template=/etc/defguard/core.conf" + .env.example=/etc/defguard/core.conf" fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm" - name: Build FreeBSD package @@ -185,7 +185,7 @@ jobs: fpm_args: "defguard-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard - .env-template=/etc/defguard/core.conf" + .env.example=/etc/defguard/core.conf" fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' --depends openssl" - name: Upload Linux x86_64 archive diff --git a/docker-compose.e2e.yaml b/docker-compose.e2e.yaml index cc5eac6a52..1d981cc404 100644 --- a/docker-compose.e2e.yaml +++ b/docker-compose.e2e.yaml @@ -2,29 +2,26 @@ services: core: image: ghcr.io/defguard/defguard:${IMAGE_TAG} environment: - DEFGUARD_DEFAULT_ADMIN_PASSWORD: pass123 DEFGUARD_COOKIE_INSECURE: true DEFGUARD_COOKIE_DOMAIN: localhost DEFGUARD_LOG_LEVEL: debug - DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94 - DEFGUARD_AUTH_SECRET: defguard-auth-secret - DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret - DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret DEFGUARD_DB_HOST: db DEFGUARD_DB_PORT: 5432 DEFGUARD_DB_USER: defguard DEFGUARD_DB_PASSWORD: defguard DEFGUARD_DB_NAME: defguard - DEFGUARD_URL: http://localhost:8000 - DEFGUARD_LICENSE_KEY: ${DEFGUARD_LICENSE_KEY:-} + DEFGUARD_GRPC_PORT: 50055 RUST_BACKTRACE: 1 ports: + # REST API - "8000:8000" + # Default Core GRPC port + - "50055:50055" depends_on: - db db: - image: public.ecr.aws/docker/library/postgres:17-alpine + image: postgres:18-alpine environment: POSTGRES_DB: defguard POSTGRES_USER: defguard @@ -38,10 +35,13 @@ services: retries: 5 start_period: 5s - proxy: + edge: image: ghcr.io/defguard/defguard-proxy:${IMAGE_TAG} ports: + # REST API - "8080:8080" + # Default Edge GRPC port + - "50051:50051" environment: DEFGUARD_PROXY_GRPC_PORT: 50051 RUST_BACKTRACE: 1 diff --git a/docker-compose.ldap.yaml b/docker-compose.ldap.yaml index abee0c9bcf..207ed3ce52 100644 --- a/docker-compose.ldap.yaml +++ b/docker-compose.ldap.yaml @@ -1,87 +1,69 @@ services: core: - image: ghcr.io/defguard/defguard:latest + image: ghcr.io/defguard/defguard:${IMAGE_TAG} build: context: . dockerfile: Dockerfile environment: - DEFGUARD_COOKIE_INSECURE: "true" - DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94 - DEFGUARD_AUTH_SECRET: defguard-auth-secret - DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret - DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret DEFGUARD_DB_HOST: db DEFGUARD_DB_PORT: 5432 DEFGUARD_DB_USER: defguard DEFGUARD_DB_PASSWORD: defguard DEFGUARD_DB_NAME: defguard - DEFGUARD_URL: http://localhost:8000 RUST_BACKTRACE: 1 ports: - # rest api + # REST API - "8000:8000" - # grpc + # Default Core GRPC port - "50055:50055" depends_on: - db gateway: - image: ghcr.io/defguard/gateway:latest - environment: - DEFGUARD_GRPC_URL: http://core:50055 - DEFGUARD_STATS_PERIOD: 60 - DEFGUARD_TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJEZWZHdWFyZCIsInN1YiI6IlRlc3ROZXQiLCJjbGllbnRfaWQiOiIiLCJleHAiOjU5NjE3NDcwNzYsIm5iZiI6MTY2Njc3OTc4MSwicm9sZXMiOltdfQ.uEUMnw_gO23W0K2q3N1lToeP0D2zAY1swr8N-84sRHA - RUST_LOG: debug + image: ghcr.io/defguard/gateway:${IMAGE_TAG} ports: # WireGuard endpoint - "50051:50051/udp" + # Default Gateway GRPC port + - "50066:50066" depends_on: - core cap_add: - NET_ADMIN db: - image: postgres:17-alpine + image: postgres:18-alpine environment: POSTGRES_DB: defguard POSTGRES_USER: defguard POSTGRES_PASSWORD: defguard volumes: - - ./.volumes/db:/var/lib/postgresql/data + - ./.volumes/db:/var/lib/postgresql ports: - "5432:5432" - device: - build: - context: . - dockerfile: Dockerfile.device - depends_on: - - gateway - cap_add: - - NET_ADMIN + # vector: + # image: timberio/vector:latest-alpine + # profiles: + # - observability + # container_name: vector + # volumes: + # - ./configs/vector.yaml:/etc/vector/vector.yaml:ro + # - ./configs/key.pem:/etc/vector/key.pem:ro + # - ./configs/cert.pem:/etc/vector/cert.pem:ro + # command: ["--config", "/etc/vector/vector.yaml"] + # ports: + # - "8686:8686" + # - "8001:8001" - vector: - image: timberio/vector:latest-alpine - profiles: - - observability - container_name: vector - volumes: - - ./configs/vector.yaml:/etc/vector/vector.yaml:ro - - ./configs/key.pem:/etc/vector/key.pem:ro - - ./configs/cert.pem:/etc/vector/cert.pem:ro - command: ["--config", "/etc/vector/vector.yaml"] - ports: - - "8686:8686" - - "8001:8001" - - logstash: - image: docker.elastic.co/logstash/logstash:8.14.0 - profiles: - - observability - ports: - - "8002:8002" - volumes: - - ./configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro + # logstash: + # image: docker.elastic.co/logstash/logstash:8.14.0 + # profiles: + # - observability + # ports: + # - "8002:8002" + # volumes: + # - ./configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro openldap: image: bitnamilegacy/openldap:2.6 diff --git a/docker-compose.yaml b/docker-compose.yaml index 96034653cd..15e5815933 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,54 +1,53 @@ services: core: - image: ghcr.io/defguard/defguard + image: ghcr.io/defguard/defguard:${IMAGE_TAG} build: context: . dockerfile: Dockerfile environment: - DEFGUARD_COOKIE_INSECURE: "true" - DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94 - DEFGUARD_AUTH_SECRET: defguard-auth-secret - DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret - DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret DEFGUARD_DB_HOST: db DEFGUARD_DB_PORT: 5432 DEFGUARD_DB_USER: defguard DEFGUARD_DB_PASSWORD: defguard DEFGUARD_DB_NAME: defguard - DEFGUARD_URL: http://localhost:8000 RUST_BACKTRACE: 1 ports: - # rest api + # REST API - "8000:8000" - # grpc + # Default Core GRPC port - "50055:50055" depends_on: - db gateway: - image: ghcr.io/defguard/gateway - environment: - DEFGUARD_GRPC_URL: http://core:50055 - DEFGUARD_STATS_PERIOD: 60 - DEFGUARD_TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJEZWZHdWFyZCIsInN1YiI6IlRlc3ROZXQiLCJjbGllbnRfaWQiOiIiLCJleHAiOjU5NjE3NDcwNzYsIm5iZiI6MTY2Njc3OTc4MSwicm9sZXMiOltdfQ.uEUMnw_gO23W0K2q3N1lToeP0D2zAY1swr8N-84sRHA - RUST_LOG: debug + image: ghcr.io/defguard/gateway:${IMAGE_TAG} ports: # WireGuard endpoint - "50051:50051/udp" + # Default Gateway GRPC port - "50066:50066" - depends_on: - - core cap_add: - NET_ADMIN + edge: + image: ghcr.io/defguard/defguard-proxy:${IMAGE_TAG} + ports: + # REST API + - "8080:8080" + # Default Edge GRPC port + - "50051:50051" + environment: + DEFGUARD_PROXY_GRPC_PORT: 50051 + RUST_BACKTRACE: 1 + db: - image: postgres:17-alpine + image: postgres:18-alpine environment: POSTGRES_DB: defguard POSTGRES_USER: defguard POSTGRES_PASSWORD: defguard volumes: - - ./.volumes/db:/var/lib/postgresql/data + - ./.volumes/db:/var/lib/postgresql ports: - "5432:5432" healthcheck: @@ -57,34 +56,25 @@ services: timeout: 5s retries: 5 - device: - build: - context: . - dockerfile: Dockerfile.device - depends_on: - - gateway - cap_add: - - NET_ADMIN - - vector: - image: timberio/vector:latest-alpine - profiles: - - observability - container_name: vector - volumes: - - ./configs/vector.yaml:/etc/vector/vector.yaml:ro - - ./configs/key.pem:/etc/vector/key.pem:ro - - ./configs/cert.pem:/etc/vector/cert.pem:ro - command: ["--config", "/etc/vector/vector.yaml"] - ports: - - "8686:8686" - - "8001:8001" + # vector: + # image: timberio/vector:latest-alpine + # profiles: + # - observability + # container_name: vector + # volumes: + # - ./configs/vector.yaml:/etc/vector/vector.yaml:ro + # - ./configs/key.pem:/etc/vector/key.pem:ro + # - ./configs/cert.pem:/etc/vector/cert.pem:ro + # command: ["--config", "/etc/vector/vector.yaml"] + # ports: + # - "8686:8686" + # - "8001:8001" - logstash: - image: docker.elastic.co/logstash/logstash:8.14.0 - profiles: - - observability - ports: - - "8002:8002" - volumes: - - ./configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro + # logstash: + # image: docker.elastic.co/logstash/logstash:8.14.0 + # profiles: + # - observability + # ports: + # - "8002:8002" + # volumes: + # - ./configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro diff --git a/e2e/utils/globalSetup.ts b/e2e/utils/globalSetup.ts index 0ce0486741..420a70a3a9 100644 --- a/e2e/utils/globalSetup.ts +++ b/e2e/utils/globalSetup.ts @@ -107,7 +107,9 @@ const runWizard = async () => { await page.getByTestId('field-common_name').waitFor({ state: 'visible' }); await page.getByTestId('field-common_name').fill('edge-test'); - await page.getByTestId('field-ip_or_domain').fill('proxy'); + await page.getByTestId('field-ip_or_domain').fill('edge'); + + // Adopt Edge component await page.getByRole('button', { name: 'Adopt Edge component' }).click(); await page.getByRole('button', { name: 'Continue' }).waitFor({ state: 'visible' }); diff --git a/web/src/shared/defguard-ui b/web/src/shared/defguard-ui index 82eef0626e..99fc954a0d 160000 --- a/web/src/shared/defguard-ui +++ b/web/src/shared/defguard-ui @@ -1 +1 @@ -Subproject commit 82eef0626e8c0f54dc8ecadfc112ae54314925e8 +Subproject commit 99fc954a0d25b5b2771f6876c98b82c2d55572b6