diff --git a/docker-compose2.0/docker-compose.ha.yaml b/docker-compose2.0/docker-compose.ha.yaml new file mode 100644 index 0000000..306d04c --- /dev/null +++ b/docker-compose2.0/docker-compose.ha.yaml @@ -0,0 +1,83 @@ +services: + core: + image: ghcr.io/defguard/defguard:2.0.0-alpha2 + environment: + DEFGUARD_COOKIE_INSECURE: "true" + DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key + DEFGUARD_AUTH_SECRET: defguard-auth-secret + DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret + DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret + DEFGUARD_DB_HOST: db + DEFGUARD_DB_PORT: 5432 + DEFGUARD_DB_USER: defguard + DEFGUARD_DB_PASSWORD: defguard + DEFGUARD_DB_NAME: defguard + DEFGUARD_ADOPT_EDGE: "edge1:50051" + DEFGUARD_ADOPT_GATEWAY: "gateway1:50066" + depends_on: + - db + - gateway-lb + - edge-lb + ports: + - "8000:8000" + + edge1: + image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2 + volumes: + - ./.volumes/certs2.0-ha/edge1:/etc/defguard/certs + + edge2: + image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2 + volumes: + - ./.volumes/certs2.0-ha/edge2:/etc/defguard/certs + + edge-lb: + image: nginx:1.25-alpine + depends_on: + - edge1 + - edge2 + ports: + - "8080:8080" + volumes: + - ./nginx/edge.conf:/etc/nginx/conf.d/default.conf:ro + + gateway1: + image: ghcr.io/defguard/gateway:2.0.0-alpha2 + cap_add: + - NET_ADMIN + volumes: + - ./.volumes/certs2.0-ha/gateway1:/etc/defguard/certs + environment: + DEFGUARD_STATS_PERIOD: 10 + HEALTH_PORT: 55003 + + gateway2: + image: ghcr.io/defguard/gateway:2.0.0-alpha2 + cap_add: + - NET_ADMIN + volumes: + - ./.volumes/certs2.0-ha/gateway2:/etc/defguard/certs + environment: + DEFGUARD_STATS_PERIOD: 10 + HEALTH_PORT: 55003 + + gateway-lb: + image: envoyproxy/envoy:v1.33-latest + command: ["envoy", "-c", "/etc/envoy/envoy.yaml", "-l", "debug"] + ports: + - "51820:51820/udp" + - "9901:9901" + volumes: + - ./envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro + depends_on: + - gateway1 + - gateway2 + + db: + image: postgres:18-alpine + environment: + POSTGRES_DB: defguard + POSTGRES_USER: defguard + POSTGRES_PASSWORD: defguard + volumes: + - ./.volumes/db2.0-ha:/var/lib/postgresql diff --git a/docker-compose2.0/docker-compose.yaml b/docker-compose2.0/docker-compose.yaml index 546eb41..3e62dda 100644 --- a/docker-compose2.0/docker-compose.yaml +++ b/docker-compose2.0/docker-compose.yaml @@ -1,6 +1,6 @@ services: core: - image: ghcr.io/defguard/defguard:2.0.0-alpha1 + image: ghcr.io/defguard/defguard:2.0.0-alpha2 environment: DEFGUARD_COOKIE_INSECURE: "true" DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key @@ -12,87 +12,34 @@ services: DEFGUARD_DB_USER: defguard DEFGUARD_DB_PASSWORD: defguard DEFGUARD_DB_NAME: defguard - RUST_BACKTRACE: 1 + DEFGUARD_ADOPT_EDGE: "edge1:50051" + DEFGUARD_ADOPT_GATEWAY: "gateway1:50066" depends_on: - db + - gateway1 + - edge1 ports: - "8000:8000" edge1: - image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha1 + image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2 volumes: - - ./.volumes/certs2.0-ha/edge1:/etc/defguard/certs - depends_on: - - core - - edge2: - image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha1 - volumes: - - ./.volumes/certs2.0-ha/edge2:/etc/defguard/certs - depends_on: - - core - - edge-lb: - image: nginx:1.25-alpine - depends_on: - - edge1 - - edge2 + - ./.volumes/certs2.0/edge1:/etc/defguard/certs ports: - "8080:8080" - volumes: - - ./nginx/edge.conf:/etc/nginx/conf.d/default.conf:ro gateway1: - image: ghcr.io/defguard/gateway:2.0.0-alpha1 - depends_on: - - core + image: ghcr.io/defguard/gateway:2.0.0-alpha2 cap_add: - NET_ADMIN volumes: - - ./.volumes/certs2.0-ha/gateway1:/etc/defguard/certs - environment: - DEFGUARD_STATS_PERIOD: 10 - HEALTH_PORT: 55003 - - gateway2: - image: ghcr.io/defguard/gateway:2.0.0-alpha1 - depends_on: - - core - cap_add: - - NET_ADMIN - volumes: - - ./.volumes/certs2.0-ha/gateway2:/etc/defguard/certs + - ./.volumes/certs2.0/gateway1:/etc/defguard/certs + ports: + - "51820:51820/udp" environment: DEFGUARD_STATS_PERIOD: 10 HEALTH_PORT: 55003 - gateway-lb: - image: envoyproxy/envoy:v1.33-latest - command: ["envoy", "-c", "/etc/envoy/envoy.yaml", "-l", "debug"] - ports: - - "50051:50051/udp" - - "9901:9901" - volumes: - - ./envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro - depends_on: - - gateway1 - - gateway2 - - # NGINX can be used for LB but not HA since it does not support healthchecks - # gateway-lb-nginx: - # image: nginx:1.25-alpine - # command: - # - /bin/sh - # - -ec - # - until getent hosts gateway1 gateway2 >/dev/null 2>&1; do sleep 0.2; done; exec nginx -g 'daemon off;' - # ports: - # - "50051:50051/udp" - # volumes: - # - ./nginx/gateway-lb.conf:/etc/nginx/nginx.conf:ro - # depends_on: - # - gateway1 - # - gateway2 - db: image: postgres:18-alpine environment: @@ -100,6 +47,4 @@ services: POSTGRES_USER: defguard POSTGRES_PASSWORD: defguard volumes: - - ./.volumes/db2.0-ha:/var/lib/postgresql - ports: - - "5432:5432" + - ./.volumes/db2.0:/var/lib/postgresql diff --git a/docker-compose2.0/envoy/envoy.yaml b/docker-compose2.0/envoy/envoy.yaml index a9e42a7..9e6a3b8 100644 --- a/docker-compose2.0/envoy/envoy.yaml +++ b/docker-compose2.0/envoy/envoy.yaml @@ -10,7 +10,7 @@ static_resources: address: socket_address: address: 0.0.0.0 - port_value: 50051 + port_value: 51820 protocol: UDP # UDP listeners use udp_listener_config + listener_filters (not filter_chains) @@ -61,13 +61,13 @@ static_resources: address: socket_address: address: gateway1 - port_value: 50051 + port_value: 51820 health_check_config: port_value: 55003 - endpoint: address: socket_address: address: gateway2 - port_value: 50051 + port_value: 51820 health_check_config: port_value: 55003