mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-25 23:38:42 +01:00
97 lines
4.4 KiB
Markdown
97 lines
4.4 KiB
Markdown
### Self-hosting
|
|
Wiretrustee is an open-source platform that can be self-hosted on your servers.
|
|
|
|
It relies on components developed by Wiretrustee Authors [Management Service](https://github.com/wiretrustee/wiretrustee/tree/main/management), [Management UI Dashboard](https://github.com/wiretrustee/wiretrustee-dashboard), [Signal Service](https://github.com/wiretrustee/wiretrustee/tree/main/signal),
|
|
a 3rd party open-source STUN/TURN service [Coturn](https://github.com/coturn/coturn) and a 3rd party service [Auth0](https://auth0.com/).
|
|
|
|
All the components can be self-hosted except for the Auth0 service.
|
|
We chose Auth0 to "outsource" the user management part of the platform because we believe that implementing a proper user auth requires significant amount of time to make it right.
|
|
We focused on connectivity instead.
|
|
|
|
If you would like to learn more about the architecture please refer to the [Wiretrustee Architecture section](architecture.md).
|
|
|
|
### Step-by-step video guide on YouTube:
|
|
|
|
[![IMAGE ALT TEXT](https://img.youtube.com/vi/Ofpgx5WhT0k/0.jpg)](https://youtu.be/Ofpgx5WhT0k "Wiretrustee Self-Hosting Guide")
|
|
|
|
### Requirements
|
|
|
|
- Virtual machine offered by any cloud provider (e.g., AWS, DigitalOcean, Hetzner, Google Cloud, Azure ...).
|
|
- Any Linux OS.
|
|
- Docker Compose installed (see [Install Docker Compose](https://docs.docker.com/compose/install/)).
|
|
- Domain name pointing to the public IP address of your server.
|
|
- Open ports ```443, 33071, 33073, 10000, 3478``` (Dashboard, Management HTTP API, Management gRpc API, Signal gRpc, Coturn STUN/TURN respectively) on your server.
|
|
- Maybe a cup of coffee or tea :)
|
|
|
|
### Step-by-step guide
|
|
|
|
For this tutorial we will be using domain ```test.wiretrustee.com``` which points to our Ubuntu 20.04 machine hosted at Hetzner.
|
|
|
|
1. Create Auth0 account at [auth0.com](https://auth0.com/).
|
|
2. Login to your server, clone Wiretrustee repository:
|
|
|
|
```bash
|
|
git clone https://github.com/wiretrustee/wiretrustee.git wiretrustee/
|
|
```
|
|
|
|
and switch to the ```wiretrustee/infrastructure_files/``` folder that contains docker compose file:
|
|
|
|
```bash
|
|
cd wiretrustee/infrastructure_files/
|
|
```
|
|
3. Prepare configuration files.
|
|
|
|
To simplify the setup we have prepared a script to substitute required properties in the [docker-compose.yml.tmpl](../infrastructure_files/docker-compose.yml.tmpl) and [management.json.tmpl](../infrastructure_files/management.json.tmpl) files.
|
|
|
|
The [setup.env](../infrastructure_files/setup.env) file contains the following properties that have to be filled:
|
|
|
|
```bash
|
|
# e.g. app.mydomain.com
|
|
WIRETRUSTEE_DOMAIN=""
|
|
# e.g. dev-24vkclam.us.auth0.com
|
|
WIRETRUSTEE_AUTH0_DOMAIN=""
|
|
# e.g. 61u3JMXRO0oOevc7gCkZLCwePQvT4lL0
|
|
WIRETRUSTEE_AUTH0_CLIENT_ID=""
|
|
# e.g. https://app.mydomain.com/
|
|
WIRETRUSTEE_AUTH0_AUDIENCE=""
|
|
# e.g. hello@mydomain.com
|
|
WIRETRUSTEE_LETSENCRYPT_EMAIL=""
|
|
```
|
|
|
|
Please follow the steps to get the values.
|
|
|
|
4. Configure ```WIRETRUSTEE_AUTH0_DOMAIN``` ```WIRETRUSTEE_AUTH0_CLIENT_ID``` ```WIRETRUSTEE_AUTH0_AUDIENCE``` properties.
|
|
|
|
* To obtain these, please use [Auth0 React SDK Guide](https://auth0.com/docs/quickstart/spa/react/01-login#configure-auth0) up until "Install the Auth0 React SDK".
|
|
|
|
:grey_exclamation: Use ```https://YOUR DOMAIN``` as ````Allowed Callback URLs````, ```Allowed Logout URLs```, ```Allowed Web Origins``` and ```Allowed Origins (CORS)```
|
|
* set the variables in the ```setup.env```
|
|
5. Configure ```WIRETRUSTEE_AUTH0_AUDIENCE``` property.
|
|
|
|
* Check [Auth0 Golang API Guide](https://auth0.com/docs/quickstart/backend/golang) to obtain AuthAudience.
|
|
* set the property in the ```setup.env``` file.
|
|
6. Configure ```WIRETRUSTEE_LETSENCRYPT_EMAIL``` property.
|
|
|
|
This can be any email address. [Let's Encrypt](https://letsencrypt.org/) will create an account while generating a new certificate.
|
|
|
|
7. Make sure all the properties set in the ```setup.env``` file and run:
|
|
|
|
```bash
|
|
./configure.sh
|
|
```
|
|
|
|
This will export all the properties as environment variables and generate ```docker-compose.yml``` and ```management.json``` files substituting required variables.
|
|
|
|
8. Run docker compose:
|
|
|
|
```bash
|
|
docker-compose up -d
|
|
```
|
|
9. Optionally check the logs by running:
|
|
|
|
```bash
|
|
docker-compose logs signal
|
|
docker-compose logs management
|
|
docker-compose logs coturn
|
|
docker-compose logs dashboard
|