From d7d7d98794ffec0a1e975ede4a05c847b0a8978a Mon Sep 17 00:00:00 2001 From: Kamil Chudy Date: Wed, 11 Mar 2026 12:51:46 +0100 Subject: [PATCH 1/4] Added compose configuration for testing welcome wizard --- docker-compose2.0/docker-compose.ha.yaml | 100 +++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 docker-compose2.0/docker-compose.ha.yaml diff --git a/docker-compose2.0/docker-compose.ha.yaml b/docker-compose2.0/docker-compose.ha.yaml new file mode 100644 index 0000000..8a2c9d5 --- /dev/null +++ b/docker-compose2.0/docker-compose.ha.yaml @@ -0,0 +1,100 @@ +services: + core: + image: ghcr.io/defguard/defguard:dev + environment: + DEFGUARD_COOKIE_INSECURE: "true" + DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key + DEFGUARD_AUTH_SECRET: defguard-auth-secret + DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret + DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret + DEFGUARD_DB_HOST: db + DEFGUARD_DB_PORT: 5432 + DEFGUARD_DB_USER: defguard + DEFGUARD_DB_PASSWORD: defguard + DEFGUARD_DB_NAME: defguard + DEFGUARD_ADOPT_EDGE: "edge1:50051" + DEFGUARD_ADOPT_GATEWAY: "gateway1:50066" + depends_on: + - db + - gateway-lb + - edge-lb + ports: + - "8000:8000" + + edge1: + image: ghcr.io/defguard/defguard-proxy:dev + volumes: + - ./.volumes/certs2.0-ha/edge1:/etc/defguard/certs + + edge2: + image: ghcr.io/defguard/defguard-proxy:dev + volumes: + - ./.volumes/certs2.0-ha/edge2:/etc/defguard/certs + + edge-lb: + image: nginx:1.25-alpine + depends_on: + - edge1 + - edge2 + ports: + - "8080:8080" + volumes: + - ./nginx/edge.conf:/etc/nginx/conf.d/default.conf:ro + + gateway1: + image: ghcr.io/defguard/gateway:dev + cap_add: + - NET_ADMIN + volumes: + - ./.volumes/certs2.0-ha/gateway1:/etc/defguard/certs + environment: + DEFGUARD_STATS_PERIOD: 10 + HEALTH_PORT: 55003 + + gateway2: + image: ghcr.io/defguard/gateway:dev + cap_add: + - NET_ADMIN + volumes: + - ./.volumes/certs2.0-ha/gateway2:/etc/defguard/certs + environment: + DEFGUARD_STATS_PERIOD: 10 + HEALTH_PORT: 55003 + + gateway-lb: + image: envoyproxy/envoy:v1.33-latest + command: ["envoy", "-c", "/etc/envoy/envoy.yaml", "-l", "debug"] + ports: + - "50051:50051/udp" + - "9901:9901" + volumes: + - ./envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro + depends_on: + - gateway1 + - gateway2 + + # NGINX can be used for LB but not HA since it does not support healthchecks + # gateway-lb-nginx: + # image: nginx:1.25-alpine + # command: + # - /bin/sh + # - -ec + # - until getent hosts gateway1 gateway2 >/dev/null 2>&1; do sleep 0.2; done; exec nginx -g 'daemon off;' + # ports: + # - "50051:50051/udp" + # volumes: + # - ./nginx/gateway-lb.conf:/etc/nginx/nginx.conf:ro + # depends_on: + # - gateway1 + # - gateway2 + + db: + image: postgres:18-alpine + environment: + POSTGRES_DB: defguard + POSTGRES_USER: defguard + POSTGRES_PASSWORD: defguard + volumes: + - ./.volumes/db2.0-ha:/var/lib/postgresql + ports: + - "5432:5432" From 4dfd200d0632ab77421582839f809ef9986f72b4 Mon Sep 17 00:00:00 2001 From: Kamil Chudy Date: Wed, 11 Mar 2026 12:52:58 +0100 Subject: [PATCH 2/4] --amend --- docker-compose2.0/docker-compose.yaml | 77 +++++---------------------- 1 file changed, 12 insertions(+), 65 deletions(-) diff --git a/docker-compose2.0/docker-compose.yaml b/docker-compose2.0/docker-compose.yaml index 546eb41..60a4165 100644 --- a/docker-compose2.0/docker-compose.yaml +++ b/docker-compose2.0/docker-compose.yaml @@ -1,6 +1,6 @@ services: core: - image: ghcr.io/defguard/defguard:2.0.0-alpha1 + image: ghcr.io/defguard/defguard:dev environment: DEFGUARD_COOKIE_INSECURE: "true" DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key @@ -12,87 +12,34 @@ services: DEFGUARD_DB_USER: defguard DEFGUARD_DB_PASSWORD: defguard DEFGUARD_DB_NAME: defguard - RUST_BACKTRACE: 1 + DEFGUARD_ADOPT_EDGE: "edge1:50051" + DEFGUARD_ADOPT_GATEWAY: "gateway1:50066" depends_on: - db + - gateway1 + - edge1 ports: - "8000:8000" edge1: - image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha1 + image: ghcr.io/defguard/defguard-proxy:dev volumes: - - ./.volumes/certs2.0-ha/edge1:/etc/defguard/certs - depends_on: - - core - - edge2: - image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha1 - volumes: - - ./.volumes/certs2.0-ha/edge2:/etc/defguard/certs - depends_on: - - core - - edge-lb: - image: nginx:1.25-alpine - depends_on: - - edge1 - - edge2 + - ./.volumes/certs2.0/edge1:/etc/defguard/certs ports: - "8080:8080" - volumes: - - ./nginx/edge.conf:/etc/nginx/conf.d/default.conf:ro gateway1: - image: ghcr.io/defguard/gateway:2.0.0-alpha1 - depends_on: - - core - cap_add: - - NET_ADMIN - volumes: - - ./.volumes/certs2.0-ha/gateway1:/etc/defguard/certs - environment: - DEFGUARD_STATS_PERIOD: 10 - HEALTH_PORT: 55003 - - gateway2: - image: ghcr.io/defguard/gateway:2.0.0-alpha1 - depends_on: - - core + image: ghcr.io/defguard/gateway:dev cap_add: - NET_ADMIN volumes: - - ./.volumes/certs2.0-ha/gateway2:/etc/defguard/certs + - ./.volumes/certs2.0/gateway1:/etc/defguard/certs + ports: + - "51820:51820/udp" environment: DEFGUARD_STATS_PERIOD: 10 HEALTH_PORT: 55003 - gateway-lb: - image: envoyproxy/envoy:v1.33-latest - command: ["envoy", "-c", "/etc/envoy/envoy.yaml", "-l", "debug"] - ports: - - "50051:50051/udp" - - "9901:9901" - volumes: - - ./envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro - depends_on: - - gateway1 - - gateway2 - - # NGINX can be used for LB but not HA since it does not support healthchecks - # gateway-lb-nginx: - # image: nginx:1.25-alpine - # command: - # - /bin/sh - # - -ec - # - until getent hosts gateway1 gateway2 >/dev/null 2>&1; do sleep 0.2; done; exec nginx -g 'daemon off;' - # ports: - # - "50051:50051/udp" - # volumes: - # - ./nginx/gateway-lb.conf:/etc/nginx/nginx.conf:ro - # depends_on: - # - gateway1 - # - gateway2 - db: image: postgres:18-alpine environment: @@ -100,6 +47,6 @@ services: POSTGRES_USER: defguard POSTGRES_PASSWORD: defguard volumes: - - ./.volumes/db2.0-ha:/var/lib/postgresql + - ./.volumes/db2.0:/var/lib/postgresql ports: - "5432:5432" From e4c39439f266b8bc05143fff681630410de34e63 Mon Sep 17 00:00:00 2001 From: Kamil Chudy Date: Wed, 11 Mar 2026 13:45:32 +0100 Subject: [PATCH 3/4] Update Envoy configuration to change UDP port from 50051 to 51820 --- docker-compose2.0/docker-compose.ha.yaml | 17 +---------------- docker-compose2.0/envoy/envoy.yaml | 6 +++--- 2 files changed, 4 insertions(+), 19 deletions(-) diff --git a/docker-compose2.0/docker-compose.ha.yaml b/docker-compose2.0/docker-compose.ha.yaml index 8a2c9d5..9474016 100644 --- a/docker-compose2.0/docker-compose.ha.yaml +++ b/docker-compose2.0/docker-compose.ha.yaml @@ -65,7 +65,7 @@ services: image: envoyproxy/envoy:v1.33-latest command: ["envoy", "-c", "/etc/envoy/envoy.yaml", "-l", "debug"] ports: - - "50051:50051/udp" + - "51820:51820/udp" - "9901:9901" volumes: - ./envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro @@ -73,21 +73,6 @@ services: - gateway1 - gateway2 - # NGINX can be used for LB but not HA since it does not support healthchecks - # gateway-lb-nginx: - # image: nginx:1.25-alpine - # command: - # - /bin/sh - # - -ec - # - until getent hosts gateway1 gateway2 >/dev/null 2>&1; do sleep 0.2; done; exec nginx -g 'daemon off;' - # ports: - # - "50051:50051/udp" - # volumes: - # - ./nginx/gateway-lb.conf:/etc/nginx/nginx.conf:ro - # depends_on: - # - gateway1 - # - gateway2 - db: image: postgres:18-alpine environment: diff --git a/docker-compose2.0/envoy/envoy.yaml b/docker-compose2.0/envoy/envoy.yaml index a9e42a7..9e6a3b8 100644 --- a/docker-compose2.0/envoy/envoy.yaml +++ b/docker-compose2.0/envoy/envoy.yaml @@ -10,7 +10,7 @@ static_resources: address: socket_address: address: 0.0.0.0 - port_value: 50051 + port_value: 51820 protocol: UDP # UDP listeners use udp_listener_config + listener_filters (not filter_chains) @@ -61,13 +61,13 @@ static_resources: address: socket_address: address: gateway1 - port_value: 50051 + port_value: 51820 health_check_config: port_value: 55003 - endpoint: address: socket_address: address: gateway2 - port_value: 50051 + port_value: 51820 health_check_config: port_value: 55003 From 3a64a84304f27aedac0027624fa4f2423b15c4cb Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Thu, 12 Mar 2026 11:07:54 +0100 Subject: [PATCH 4/4] update tags, remove exposed ports --- docker-compose2.0/docker-compose.ha.yaml | 12 +++++------- docker-compose2.0/docker-compose.yaml | 8 +++----- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/docker-compose2.0/docker-compose.ha.yaml b/docker-compose2.0/docker-compose.ha.yaml index 9474016..306d04c 100644 --- a/docker-compose2.0/docker-compose.ha.yaml +++ b/docker-compose2.0/docker-compose.ha.yaml @@ -1,6 +1,6 @@ services: core: - image: ghcr.io/defguard/defguard:dev + image: ghcr.io/defguard/defguard:2.0.0-alpha2 environment: DEFGUARD_COOKIE_INSECURE: "true" DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key @@ -22,12 +22,12 @@ services: - "8000:8000" edge1: - image: ghcr.io/defguard/defguard-proxy:dev + image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2 volumes: - ./.volumes/certs2.0-ha/edge1:/etc/defguard/certs edge2: - image: ghcr.io/defguard/defguard-proxy:dev + image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2 volumes: - ./.volumes/certs2.0-ha/edge2:/etc/defguard/certs @@ -42,7 +42,7 @@ services: - ./nginx/edge.conf:/etc/nginx/conf.d/default.conf:ro gateway1: - image: ghcr.io/defguard/gateway:dev + image: ghcr.io/defguard/gateway:2.0.0-alpha2 cap_add: - NET_ADMIN volumes: @@ -52,7 +52,7 @@ services: HEALTH_PORT: 55003 gateway2: - image: ghcr.io/defguard/gateway:dev + image: ghcr.io/defguard/gateway:2.0.0-alpha2 cap_add: - NET_ADMIN volumes: @@ -81,5 +81,3 @@ services: POSTGRES_PASSWORD: defguard volumes: - ./.volumes/db2.0-ha:/var/lib/postgresql - ports: - - "5432:5432" diff --git a/docker-compose2.0/docker-compose.yaml b/docker-compose2.0/docker-compose.yaml index 60a4165..3e62dda 100644 --- a/docker-compose2.0/docker-compose.yaml +++ b/docker-compose2.0/docker-compose.yaml @@ -1,6 +1,6 @@ services: core: - image: ghcr.io/defguard/defguard:dev + image: ghcr.io/defguard/defguard:2.0.0-alpha2 environment: DEFGUARD_COOKIE_INSECURE: "true" DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key @@ -22,14 +22,14 @@ services: - "8000:8000" edge1: - image: ghcr.io/defguard/defguard-proxy:dev + image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2 volumes: - ./.volumes/certs2.0/edge1:/etc/defguard/certs ports: - "8080:8080" gateway1: - image: ghcr.io/defguard/gateway:dev + image: ghcr.io/defguard/gateway:2.0.0-alpha2 cap_add: - NET_ADMIN volumes: @@ -48,5 +48,3 @@ services: POSTGRES_PASSWORD: defguard volumes: - ./.volumes/db2.0:/var/lib/postgresql - ports: - - "5432:5432"