Deploying your instance
Last updated
Last updated
defguard comes with four main components:
Core service - main web UI and database
Proxy service - used to safely expose a subset of public functionalities
VPN gateway server - retrieves configuration from core and configures VPN interfaces on the gateway server
Provisioning station - client application which can be started on any pc to auto generate PGP keys for YubiKey
There is one external component required: PostgreSQL database.
All defguard components are very low resource-consuming. All of them are written in Rust and are single binaries. As minimum setup as follows should be more then enough:
Resource | Minimum requirements |
---|---|
The easiest way to run your own defguard instance is to use Docker and our one-line install script.
Just run the command below in your shell and follow the prompts:
To learn more about the script and available options please see the documentation.
If you prefer to configure and deploy defguard manually see the examples below:
Client services
On initial startup a new admin
user will be created with a password which can be configured by the DEFGUARD_DEFAULT_ADMIN_PASSWORD
environment variable (by default it's pass123
). Use those credentials to log in and start exploring the system.
See our Configuration document to check all configurable things before you start. And learn about our Architecture here to see how it works.
All services within the Defguard architecture can be updated independently although it's recommended to always use newest version of services and update them all together to avoid situtations like Core expecting some not existing feature in Gateway. Check the GitHub repositories for each service to find their newest releases and release notes.
Docker - For Docker and Kubernetes based setup just change docker image version for service you want to update.
Packages(DEB, RPM, etc.) - Currently we don't have any package repository so if you want to update your service installed as package you have to download new version from service repository.
GitHub Repositories:
Core service is the only service which uses persistent data storage which is PostgreSQL database. Every SQL migration is applied automatically while bringing up core server and we try our best not to break anything in the process. It's recommended to do database, configuration and Settings(SMTP, Branding) backup before every update in case of some unexpected failure.
Example database backup:
For now the Gateway can be deployed on multiple servers/firewall/routers for failover and HA - even if the connection to the Core will be lost, gateways will operate with their local cache/data and the VPN will be working. Same works the other way around if gateway don't work or is not available other features from Core like OpenID will be working.
CPU
1 GHz
RAM
2 GB (mostly for PostgreSQL)
Disk
2 GB
Architecture
x86_64, ARM64