Skip to content

Update environmental variables #2721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jakub-tldr merged 11 commits into from
Apr 16, 2026
Merged

Update environmental variables #2721

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
0769c01
bump submodule (#2711)
jakub-tldr Apr 15, 2026
aa2c213
remove unused variables, add comments
jakub-tldr Apr 15, 2026
7933cf9
fix comments, add image_tag, delete mysterious "device"
jakub-tldr Apr 15, 2026
0d00431
remove depends on
jakub-tldr Apr 15, 2026
a9fd38b
adjust e2e
jakub-tldr Apr 15, 2026
8c3a300
add eol
jakub-tldr Apr 15, 2026
36aa264
change order
jakub-tldr Apr 16, 2026
c4bab02
remove variable
jakub-tldr Apr 16, 2026
d716250
Merge branch 'release/2.0' into update-env-variables
jakub-tldr Apr 16, 2026
888d412
change env-template to env.example
jakub-tldr Apr 16, 2026
20fe8f8
change volume (version 18+ require other path)
jakub-tldr Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 0 additions & 37 deletions .env-template
View file
Open in desktop

This file was deleted.

28 changes: 28 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
### DB configuration ###
DEFGUARD_DB_HOST="localhost"
DEFGUARD_DB_PORT=5432
DEFGUARD_DB_NAME="defguard"
DEFGUARD_DB_USER="defguard"
DEFGUARD_DB_PASSWORD="defguard"
# for SQLX CLI
DATABASE_URL="postgresql://defguard:defguard@localhost/defguard"

### For localhost only ###
# DEFGUARD_COOKIE_INSECURE=true

### Logging ###
DEFGUARD_LOG_LEVEL=info

### HTTP Port ###
DEFGUARD_HTTP_PORT=8000

### GRPC Port ###
DEFGUARD_GRPC_PORT=50055
# DEFGUARD_GRPC_BIND_ADDRESS=
# DEFGUARD_HTTP_BIND_ADDRESS=

### OpenID Connect ###
# DEFGUARD_OPENID_KEY=

### Docker-compose images ###
IMAGE_TAG=dev
10 changes: 5 additions & 5 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ jobs:
fpm_args:
"defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
.env-template=/etc/defguard/core.conf"
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture amd64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb"

- name: Build aarch64 DEB package
Expand All @@ -158,7 +158,7 @@ jobs:
fpm_args:
"defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
.env-template=/etc/defguard/core.conf"
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture arm64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb"

- name: Build x86_64 RPM package
Expand All @@ -167,7 +167,7 @@ jobs:
fpm_args:
"defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
.env-template=/etc/defguard/core.conf"
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture amd64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm"

- name: Build aarch64 RPM package
Expand All @@ -176,7 +176,7 @@ jobs:
fpm_args:
"defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
.env-template=/etc/defguard/core.conf"
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm"

- name: Build FreeBSD package
Expand All @@ -185,7 +185,7 @@ jobs:
fpm_args:
"defguard-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard
defguard.service.freebsd=/usr/local/etc/rc.d/defguard
.env-template=/etc/defguard/core.conf"
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' --depends openssl"

- name: Upload Linux x86_64 archive
Expand Down
18 changes: 9 additions & 9 deletions docker-compose.e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,29 +2,26 @@ services:
core:
image: ghcr.io/defguard/defguard:${IMAGE_TAG}
environment:
DEFGUARD_DEFAULT_ADMIN_PASSWORD: pass123
DEFGUARD_COOKIE_INSECURE: true
DEFGUARD_COOKIE_DOMAIN: localhost
DEFGUARD_LOG_LEVEL: debug
DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94
DEFGUARD_AUTH_SECRET: defguard-auth-secret
DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret
DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret
DEFGUARD_DB_HOST: db
DEFGUARD_DB_PORT: 5432
DEFGUARD_DB_USER: defguard
DEFGUARD_DB_PASSWORD: defguard
DEFGUARD_DB_NAME: defguard
DEFGUARD_URL: http://localhost:8000
DEFGUARD_LICENSE_KEY: ${DEFGUARD_LICENSE_KEY:-}
DEFGUARD_GRPC_PORT: 50055
RUST_BACKTRACE: 1
ports:
# REST API
- "8000:8000"
# Default Core GRPC port
- "50055:50055"
depends_on:
- db

db:
image: public.ecr.aws/docker/library/postgres:17-alpine
image: postgres:18-alpine
environment:
POSTGRES_DB: defguard
POSTGRES_USER: defguard
Expand All @@ -38,10 +35,13 @@ services:
retries: 5
start_period: 5s

proxy:
edge:
image: ghcr.io/defguard/defguard-proxy:${IMAGE_TAG}
ports:
# REST API
- "8080:8080"
# Default Edge GRPC port
- "50051:50051"
environment:
DEFGUARD_PROXY_GRPC_PORT: 50051
RUST_BACKTRACE: 1
76 changes: 29 additions & 47 deletions docker-compose.ldap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,87 +1,69 @@
services:
core:
image: ghcr.io/defguard/defguard:latest
image: ghcr.io/defguard/defguard:${IMAGE_TAG}
build:
context: .
dockerfile: Dockerfile
environment:
DEFGUARD_COOKIE_INSECURE: "true"
DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94
DEFGUARD_AUTH_SECRET: defguard-auth-secret
DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret
DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret
DEFGUARD_DB_HOST: db
DEFGUARD_DB_PORT: 5432
DEFGUARD_DB_USER: defguard
DEFGUARD_DB_PASSWORD: defguard
DEFGUARD_DB_NAME: defguard
DEFGUARD_URL: http://localhost:8000
RUST_BACKTRACE: 1
ports:
# rest api
# REST API
- "8000:8000"
# grpc
# Default Core GRPC port
- "50055:50055"
depends_on:
- db

gateway:
image: ghcr.io/defguard/gateway:latest
environment:
DEFGUARD_GRPC_URL: http://core:50055
DEFGUARD_STATS_PERIOD: 60
DEFGUARD_TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJEZWZHdWFyZCIsInN1YiI6IlRlc3ROZXQiLCJjbGllbnRfaWQiOiIiLCJleHAiOjU5NjE3NDcwNzYsIm5iZiI6MTY2Njc3OTc4MSwicm9sZXMiOltdfQ.uEUMnw_gO23W0K2q3N1lToeP0D2zAY1swr8N-84sRHA
RUST_LOG: debug
image: ghcr.io/defguard/gateway:${IMAGE_TAG}
ports:
# WireGuard endpoint
- "50051:50051/udp"
# Default Gateway GRPC port
- "50066:50066"
depends_on:
- core
cap_add:
- NET_ADMIN

db:
image: postgres:17-alpine
image: postgres:18-alpine
environment:
POSTGRES_DB: defguard
POSTGRES_USER: defguard
POSTGRES_PASSWORD: defguard
volumes:
- ./.volumes/db:/var/lib/postgresql/data
- ./.volumes/db:/var/lib/postgresql
ports:
- "5432:5432"

device:
build:
context: .
dockerfile: Dockerfile.device
depends_on:
- gateway
cap_add:
- NET_ADMIN
# vector:
# image: timberio/vector:latest-alpine
# profiles:
# - observability
# container_name: vector
# volumes:
# - ./configs/vector.yaml:/etc/vector/vector.yaml:ro
# - ./configs/key.pem:/etc/vector/key.pem:ro
# - ./configs/cert.pem:/etc/vector/cert.pem:ro
# command: ["--config", "/etc/vector/vector.yaml"]
# ports:
# - "8686:8686"
# - "8001:8001"

vector:
image: timberio/vector:latest-alpine
profiles:
- observability
container_name: vector
volumes:
- ./configs/vector.yaml:/etc/vector/vector.yaml:ro
- ./configs/key.pem:/etc/vector/key.pem:ro
- ./configs/cert.pem:/etc/vector/cert.pem:ro
command: ["--config", "/etc/vector/vector.yaml"]
ports:
- "8686:8686"
- "8001:8001"

logstash:
image: docker.elastic.co/logstash/logstash:8.14.0
profiles:
- observability
ports:
- "8002:8002"
volumes:
- ./configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
# logstash:
# image: docker.elastic.co/logstash/logstash:8.14.0
# profiles:
# - observability
# ports:
# - "8002:8002"
# volumes:
# - ./configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro

openldap:
image: bitnamilegacy/openldap:2.6
Expand Down
Loading
Loading