netbird/infrastructure_files/docker-compose.yml.tmpl.traefik

version: "3"
services:
  #UI dashboard
  dashboard:
    image: netbirdio/dashboard:$NETBIRD_DASHBOARD_TAG
    restart: unless-stopped
    #ports:
    #  - 80:80
    #  - 443:443
    environment:
      # Endpoints
      - NETBIRD_MGMT_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT
      - NETBIRD_MGMT_GRPC_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT
      # OIDC
      - AUTH_AUDIENCE=$NETBIRD_DASH_AUTH_AUDIENCE
      - AUTH_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID
      - AUTH_CLIENT_SECRET=$NETBIRD_AUTH_CLIENT_SECRET
      - AUTH_AUTHORITY=$NETBIRD_AUTH_AUTHORITY
      - USE_AUTH0=$NETBIRD_USE_AUTH0
      - AUTH_SUPPORTED_SCOPES=$NETBIRD_AUTH_SUPPORTED_SCOPES
      - AUTH_REDIRECT_URI=$NETBIRD_AUTH_REDIRECT_URI
      - AUTH_SILENT_REDIRECT_URI=$NETBIRD_AUTH_SILENT_REDIRECT_URI
      - NETBIRD_TOKEN_SOURCE=$NETBIRD_TOKEN_SOURCE
      # SSL
      - NGINX_SSL_PORT=443
      # Letsencrypt
      - LETSENCRYPT_DOMAIN=$NETBIRD_LETSENCRYPT_DOMAIN
      - LETSENCRYPT_EMAIL=$NETBIRD_LETSENCRYPT_EMAIL
    volumes:
      - $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt/
    labels:
    - traefik.enable=true
    - traefik.http.routers.netbird-dashboard.rule=Host(`$NETBIRD_DOMAIN`)
    - traefik.http.services.netbird-dashboard.loadbalancer.server.port=80

  # Signal
  signal:
    image: netbirdio/signal:$NETBIRD_SIGNAL_TAG
    restart: unless-stopped
    volumes:
      - $SIGNAL_VOLUMENAME:/var/lib/netbird
    #ports:
    #  - 10000:80
  #      # port and command for Let's Encrypt validation
  #      - 443:443
  #    command: ["--letsencrypt-domain", "$NETBIRD_LETSENCRYPT_DOMAIN", "--log-file", "console"]
    labels:
    - traefik.enable=true
    - traefik.http.routers.netbird-signal.rule=Host(`$NETBIRD_DOMAIN`) && PathPrefix(`/signalexchange.SignalExchange/`)
    - traefik.http.services.netbird-signal.loadbalancer.server.port=80
    - traefik.http.services.netbird-signal.loadbalancer.server.scheme=h2c

  # Management
  management:
    image: netbirdio/management:$NETBIRD_MANAGEMENT_TAG
    restart: unless-stopped
    depends_on:
      - dashboard
    volumes:
      - $MGMT_VOLUMENAME:/var/lib/netbird
      - $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt:ro
      - ./management.json:/etc/netbird/management.json
    #ports:
    #  - $NETBIRD_MGMT_API_PORT:443 #API port
  #    # command for Let's Encrypt validation without dashboard container
  #    command: ["--letsencrypt-domain", "$NETBIRD_LETSENCRYPT_DOMAIN", "--log-file", "console"]
    command: [
      "--port", "443",
      "--log-file", "console",
      "--disable-anonymous-metrics=$NETBIRD_DISABLE_ANONYMOUS_METRICS",
      "--single-account-mode-domain=$NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN",
      "--dns-domain=$NETBIRD_MGMT_DNS_DOMAIN"
      ]
    labels:
    - traefik.enable=true
    - traefik.http.routers.netbird-api.rule=Host(`$NETBIRD_DOMAIN`) && PathPrefix(`/api`)
    - traefik.http.routers.netbird-api.service=netbird-api
    - traefik.http.services.netbird-api.loadbalancer.server.port=443

    - traefik.http.routers.netbird-management.rule=Host(`$NETBIRD_DOMAIN`) && PathPrefix(`/management.ManagementService/`)
    - traefik.http.routers.netbird-management.service=netbird-management
    - traefik.http.services.netbird-management.loadbalancer.server.port=443
    - traefik.http.services.netbird-management.loadbalancer.server.scheme=h2c
    environment:
      - NETBIRD_STORE_ENGINE_POSTGRES_DSN=$NETBIRD_STORE_ENGINE_POSTGRES_DSN
      - NETBIRD_STORE_ENGINE_MYSQL_DSN=$NETBIRD_STORE_ENGINE_MYSQL_DSN
      
  # Coturn
  coturn:
    image: coturn/coturn:$COTURN_TAG
    restart: unless-stopped
    domainname: $TURN_DOMAIN
    volumes:
      - ./turnserver.conf:/etc/turnserver.conf:ro
    #      - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
    #      - ./cert.pem:/etc/coturn/certs/cert.pem:ro
    network_mode: host
    command:
      - -c /etc/turnserver.conf

volumes:
  $MGMT_VOLUMENAME:
  $SIGNAL_VOLUMENAME:
  $LETSENCRYPT_VOLUMENAME:
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`version: "3"`
			`services:`
			`#UI dashboard`
			`dashboard:`
Change the dashboard image pull from wiretrustee to netbirdio (#1804) 2024-04-05 13:51:28 +02:00			`image: netbirdio/dashboard:$NETBIRD_DASHBOARD_TAG`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`restart: unless-stopped`
			`#ports:`
			`# - 80:80`
			`# - 443:443`
			`environment:`
			`# Endpoints`
			`- NETBIRD_MGMT_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT`
			`- NETBIRD_MGMT_GRPC_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT`
			`# OIDC`
Add jumpcloud IdP (#1124) added intergration with JumpCloud User API. Use the steps in setup.md for configuration. Additional changes: - Enhance compatibility for providers that lack audience support in the Authorization Code Flow and the Authorization - - Code Flow with Proof Key for Code Exchange (PKCE) using NETBIRD_DASH_AUTH_USE_AUDIENCE=falseenv - Verify tokens by utilizing the client ID when audience support is absent in providers 2023-10-03 19:33:42 +02:00			`- AUTH_AUDIENCE=$NETBIRD_DASH_AUTH_AUDIENCE`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`- AUTH_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID`
Support authentication with client_secret (#936) * add dashboard client_secret env * add NETBIRD_AUTH_CLIENT_SECRET env test 2023-06-07 16:00:04 +02:00			`- AUTH_CLIENT_SECRET=$NETBIRD_AUTH_CLIENT_SECRET`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`- AUTH_AUTHORITY=$NETBIRD_AUTH_AUTHORITY`
			`- USE_AUTH0=$NETBIRD_USE_AUTH0`
			`- AUTH_SUPPORTED_SCOPES=$NETBIRD_AUTH_SUPPORTED_SCOPES`
			`- AUTH_REDIRECT_URI=$NETBIRD_AUTH_REDIRECT_URI`
			`- AUTH_SILENT_REDIRECT_URI=$NETBIRD_AUTH_SILENT_REDIRECT_URI`
fix: missing NETBIRD_TOKEN_SOURCE (#1174) Added the NETBIRD_TOKEN_SOURCE for the traefik template. missing this will break google IDP 2023-09-27 15:06:17 +02:00			`- NETBIRD_TOKEN_SOURCE=$NETBIRD_TOKEN_SOURCE`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`# SSL`
			`- NGINX_SSL_PORT=443`
			`# Letsencrypt`
			`- LETSENCRYPT_DOMAIN=$NETBIRD_LETSENCRYPT_DOMAIN`
			`- LETSENCRYPT_EMAIL=$NETBIRD_LETSENCRYPT_EMAIL`
			`volumes:`
			`- $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt/`
			`labels:`
			`- traefik.enable=true`
			- traefik.http.routers.netbird-dashboard.rule=Host(`$NETBIRD_DOMAIN`)
			`- traefik.http.services.netbird-dashboard.loadbalancer.server.port=80`

			`# Signal`
			`signal:`
feat: organizing infrastructure_files folder and adds new envs (#1235) This PR aims to organize a little the files within `infrastructure_files` folder and adds some new ENV vars to the process. 1. It creates the `artifacts` folder within the `infrastructure_files` folder, the idea behind it is to split templates from artifacts created after running `./configure.sh`. It makes it easier to cp/rsync only `artifacts` content to the final server/destination. 2. Creates `NETBIRD_TURN_DOMAIN` and `TURN_DOMAIN` ENV vars. The idea behind it is to make it possible to split the management/signal server from TURN server. If `NETBIRD_TURN_DOMAIN` is not set, then, `TURN_DOMAIN` will be set as `NETBIRD_DOMAIN`. 3. Creates `*_TAG` ENVs for each component. The idea behind it is to give the users the choice to use `latest` tag as default or tie it to specific versions of each component in the stack. 2023-12-17 17:43:06 +01:00			`image: netbirdio/signal:$NETBIRD_SIGNAL_TAG`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`restart: unless-stopped`
			`volumes:`
			`- $SIGNAL_VOLUMENAME:/var/lib/netbird`
			`#ports:`
			`# - 10000:80`
			`# # port and command for Let's Encrypt validation`
			`# - 443:443`
			`# command: ["--letsencrypt-domain", "$NETBIRD_LETSENCRYPT_DOMAIN", "--log-file", "console"]`
			`labels:`
			`- traefik.enable=true`
			- traefik.http.routers.netbird-signal.rule=Host(`$NETBIRD_DOMAIN`) && PathPrefix(`/signalexchange.SignalExchange/`)
			`- traefik.http.services.netbird-signal.loadbalancer.server.port=80`
			`- traefik.http.services.netbird-signal.loadbalancer.server.scheme=h2c`

			`# Management`
			`management:`
feat: organizing infrastructure_files folder and adds new envs (#1235) This PR aims to organize a little the files within `infrastructure_files` folder and adds some new ENV vars to the process. 1. It creates the `artifacts` folder within the `infrastructure_files` folder, the idea behind it is to split templates from artifacts created after running `./configure.sh`. It makes it easier to cp/rsync only `artifacts` content to the final server/destination. 2. Creates `NETBIRD_TURN_DOMAIN` and `TURN_DOMAIN` ENV vars. The idea behind it is to make it possible to split the management/signal server from TURN server. If `NETBIRD_TURN_DOMAIN` is not set, then, `TURN_DOMAIN` will be set as `NETBIRD_DOMAIN`. 3. Creates `*_TAG` ENVs for each component. The idea behind it is to give the users the choice to use `latest` tag as default or tie it to specific versions of each component in the stack. 2023-12-17 17:43:06 +01:00			`image: netbirdio/management:$NETBIRD_MANAGEMENT_TAG`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`restart: unless-stopped`
			`depends_on:`
			`- dashboard`
			`volumes:`
			`- $MGMT_VOLUMENAME:/var/lib/netbird`
			`- $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt:ro`
			`- ./management.json:/etc/netbird/management.json`
			`#ports:`
			`# - $NETBIRD_MGMT_API_PORT:443 #API port`
			`# # command for Let's Encrypt validation without dashboard container`
			`# command: ["--letsencrypt-domain", "$NETBIRD_LETSENCRYPT_DOMAIN", "--log-file", "console"]`
			`command: [`
			`"--port", "443",`
			`"--log-file", "console",`
			`"--disable-anonymous-metrics=$NETBIRD_DISABLE_ANONYMOUS_METRICS",`
			`"--single-account-mode-domain=$NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN",`
			`"--dns-domain=$NETBIRD_MGMT_DNS_DOMAIN"`
			`]`
			`labels:`
			`- traefik.enable=true`
			- traefik.http.routers.netbird-api.rule=Host(`$NETBIRD_DOMAIN`) && PathPrefix(`/api`)
			`- traefik.http.routers.netbird-api.service=netbird-api`
			`- traefik.http.services.netbird-api.loadbalancer.server.port=443`

			- traefik.http.routers.netbird-management.rule=Host(`$NETBIRD_DOMAIN`) && PathPrefix(`/management.ManagementService/`)
			`- traefik.http.routers.netbird-management.service=netbird-management`
			`- traefik.http.services.netbird-management.loadbalancer.server.port=443`
			`- traefik.http.services.netbird-management.loadbalancer.server.scheme=h2c`
[misc] Add support for NETBIRD_STORE_ENGINE_POSTGRES_DSN environment variable in setup.env (#2462) * Added Postgres DSN env variable * Added postgres check to script 2024-08-23 16:38:57 +02:00			`environment:`
			`- NETBIRD_STORE_ENGINE_POSTGRES_DSN=$NETBIRD_STORE_ENGINE_POSTGRES_DSN`
MySQL Support (#2837) * Update store.go * Update sql_store.go * Update store.go * Update golang-test-linux.yml * Update store.go * Update go.mod * Update go.mod * Update go.sum * Update store.go * Update sql_store.go * TestContainer * Update go.sum * Update store.go * TestUtil Duplicate * dsn fix * go mod tidy * NETBIRD_STORE_ENGINE_MYSQL_DSN * Skip Test * Update test-infrastructure-files.yml * Update test-infrastructure-files.yml * MYSQL_ROOT_PASSWORD added * Update test-infrastructure-files.yml * Update store.go * Debug + Mysql JSON Query * swicth/case convert * Update store.go * Update store.go * Debug * MySQL Test Version Change * Root Test * Ignore other sql tests. * MySQL Connection Fix * enable other tests * The word "key" is a reserved word in MySQL. * Remove Debugs * Update sql_store.go * Added default null value for datetime. * Added default null value for datetime. * MySQL Hooks * MySQL Config File * remove default values * test timeout change * MySQL max lifetime change * WithConfigFile * disable other tests * Update mysql.cnf * Update golang-test-linux.yml * Delete sql_hooks.go * enable other tests * test timeout change * update packets * Fix the Inactivity Expiration problem * Update sql_store.go * Update mysql.cnf * Update sql_store.go * Update sql_store.go * timeout change * MySQL Connection LifeTime Change * TestContainers have been optimized. * Update store_ios.go * Update sql_store.go * timeout fix * fix migration (setup keys) * Update event.go * Add disable option for event activities. * Revert "Update event.go" * Update event.go * Fix Gorm Mysql Bug * update go-jose module * containerd module update * containerd downgrade * Revert commits * Revert "Revert commits" This reverts commit 62b3eac799825e0d3624904401fe67587ad8e780. * Revert "containerd downgrade" This reverts commit 4e46108915ea3b70f8a0234d4860c308a843c5a0. * Revert "containerd module update" This reverts commit e8cfa87d1688e0feeebf0c1ea0127578eba30bd3. * Revert "update go-jose module" This reverts commit 1fabdc760601e389589750daa6b2089148dd29fb. 2024-12-23 11:06:13 +01:00			`- NETBIRD_STORE_ENGINE_MYSQL_DSN=$NETBIRD_STORE_ENGINE_MYSQL_DSN`
[misc] Add support for NETBIRD_STORE_ENGINE_POSTGRES_DSN environment variable in setup.env (#2462) * Added Postgres DSN env variable * Added postgres check to script 2024-08-23 16:38:57 +02:00
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`# Coturn`
			`coturn:`
feat: organizing infrastructure_files folder and adds new envs (#1235) This PR aims to organize a little the files within `infrastructure_files` folder and adds some new ENV vars to the process. 1. It creates the `artifacts` folder within the `infrastructure_files` folder, the idea behind it is to split templates from artifacts created after running `./configure.sh`. It makes it easier to cp/rsync only `artifacts` content to the final server/destination. 2. Creates `NETBIRD_TURN_DOMAIN` and `TURN_DOMAIN` ENV vars. The idea behind it is to make it possible to split the management/signal server from TURN server. If `NETBIRD_TURN_DOMAIN` is not set, then, `TURN_DOMAIN` will be set as `NETBIRD_DOMAIN`. 3. Creates `*_TAG` ENVs for each component. The idea behind it is to give the users the choice to use `latest` tag as default or tie it to specific versions of each component in the stack. 2023-12-17 17:43:06 +01:00			`image: coturn/coturn:$COTURN_TAG`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`restart: unless-stopped`
feat: organizing infrastructure_files folder and adds new envs (#1235) This PR aims to organize a little the files within `infrastructure_files` folder and adds some new ENV vars to the process. 1. It creates the `artifacts` folder within the `infrastructure_files` folder, the idea behind it is to split templates from artifacts created after running `./configure.sh`. It makes it easier to cp/rsync only `artifacts` content to the final server/destination. 2. Creates `NETBIRD_TURN_DOMAIN` and `TURN_DOMAIN` ENV vars. The idea behind it is to make it possible to split the management/signal server from TURN server. If `NETBIRD_TURN_DOMAIN` is not set, then, `TURN_DOMAIN` will be set as `NETBIRD_DOMAIN`. 3. Creates `*_TAG` ENVs for each component. The idea behind it is to give the users the choice to use `latest` tag as default or tie it to specific versions of each component in the stack. 2023-12-17 17:43:06 +01:00			`domainname: $TURN_DOMAIN`
Add disable letsencrypt (#747) Add NETBIRD_DISABLE_LETSENCRYPT support to explicit disable let's encrypt Organize the setup.env.example variables into sections Add traefik example 2023-04-04 00:21:40 +02:00			`volumes:`
			`- ./turnserver.conf:/etc/turnserver.conf:ro`
			`# - ./privkey.pem:/etc/coturn/private/privkey.pem:ro`
			`# - ./cert.pem:/etc/coturn/certs/cert.pem:ro`
			`network_mode: host`
			`command:`
			`- -c /etc/turnserver.conf`

			`volumes:`
			`$MGMT_VOLUMENAME:`
			`$SIGNAL_VOLUMENAME:`
			`$LETSENCRYPT_VOLUMENAME:`