defguard
  • Introduction
  • User documentation (help)
    • Configuring VPN
      • Defguard Desktop Client
        • Update instance
      • Other WireGuard® Clients
        • Configuring a device for new VPN Location manually
    • Password change / Reset
    • Enrollment & Onboarding
      • With internal Defguard SSO
      • With external SSO (Google/Microsoft/Custom)
    • Setting up 2FA/MFA
    • Desktop Client
    • CLI Client
  • Admin & features
    • Deploying your instance
      • One-line install script
      • Standalone package based installation
      • Docker images and tags
      • Docker Compose
      • Kubernetes
      • Upgrading
      • Gateway
        • Running gateway on MikroTik routers
      • Securing gRPC communication
      • OpenID RSA key
      • Configuration
      • Pre-production and development releases
      • High Availability and Failover
      • Health check
    • Features & configuration
      • Zero-Trust VPN with 2FA/MFA
        • Create/manage VPN Location
        • Network overview
        • Executing custom gateway commands
        • Multi-Factor Authentication (MFA/2FA)
          • MFA Architecture
        • Remote desktop client configuration
        • DNS and domains
      • Remote user enrollment
        • User onboarding after enrollment
      • SSO (OpenID Connect)
        • Portainer
        • Grafana setup
        • Proxmox
        • Matrix / Synapse
        • Django
        • MinIO
        • Vault
      • SMTP for email notifications
      • YubiKey Provisioning
      • Webhooks
      • Forward auth
      • SSH Authentication
      • Network devices
      • Gateway notifications
      • New version notifications
  • Troubleshooting Guide
    • Sending support information
    • Client Windows installer exit codes
    • Client "All traffic" connection issues
    • WebAuthn security keys
  • Enterprise Features
    • License
    • Enteprise features
      • Automatic (real time) desktop client configuration & sync
      • External OpenID providers
        • Google
        • Microsoft
        • Zitadel
        • Keycloak
        • JumpCloud
        • Okta
        • Custom
      • External OIDC secure enrollment
      • VPN & Client behavior customization
      • REST API
      • Access Control List
        • ACL Aliases
      • LDAP and Active Directory integration
        • Configuration
        • Settings table
        • Two-way LDAP and Active Directory synchronization
  • Tutorials
    • Step by step setting up a VPN server
      • Adding additional VPN locations
  • In depth
    • Roadmap
    • Architecture
      • How do VPN statistics work
      • Security concepts
  • For Developers
    • Contributing
    • Environment setup
    • Translations (core/web)
      • Switching language
      • Adding translations
  • Translations (client)
    • Adding translations
  • Contact us
    • Community & Support
Powered by GitBook
On this page
  • With docker-compose
  • Switching images
  • Running local code
  • Cargo
  • Minimum required settings
  • Frontend

Was this helpful?

Edit on GitHub
  1. For Developers

Environment setup

PreviousContributingNextTranslations (core/web)

Last updated 3 months ago

Was this helpful?

Clone recursively (including Git submodules like protos and UI):

git clone --recursive git@github.com:DefGuard/defguard.git

With docker-compose

Using you can setup a simple stack with:

  • Defguard Core

  • database

  • Defguard Gateway

  • example device connected to the gateway

This way you'll have some live stats data to work with.

To do so follow these steps:

  1. Migrate database and insert test network and device:

docker compose run core init-dev-env

  1. Run the application:

docker compose up

Switching images

To use different versions of Defguard images, edit docker-compose.yaml file, replacing image: sections. Consult versions to browse for available image tags.

For example, to use current development version, change this section in docker-compose.yaml:

core:
  image: ghcr.io/defguard/defguard:dev

Running local code

To run local code you will need to build core image from local changes:

docker compose build core

Then just run the compose normally.

docker compose up

Cargo

To run Defguard Core without Docker, you'll need:

  • environment variables set

The procedure to start Defguard Core:

docker-compose up -d db
sudo npm i -g pnpm

  1. Build front-end

pushd web
pnpm install
pnpm build
popd

  1. Start Defguard Core in development mode

Once that's done, you can run backend with:

cargo run

  1. Use a web browser to connect to Defguard. For example, when using the default configuration the web site should be accessible under this address:

http://localhost:8000/

Minimum required settings

  • DEFGUARD_COOKIE_INSECURE=true - running HTTP server locally does not need secured cookies

  • DEFGUARD_SECRET_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - 64-character long security key

  • DEFGUARD_LOG_LEVEL=debug - increase logging level

Frontend

The domain used to access the frontend instance has to match with the cookie domain address (which can be set using DEFGUARD_COOKIE_DOMAIN).

For example, if the cookie domain is set to the default value of localhost, you should access frontend using localhost domain.

database

compiler (protoc)

Launch PostgreSQL database, for example using :

Install

or use another method described in .

You'll find environment variables in .env file. Source them however you like (we recommend ).

Consult manual for a list of all available configuration settings.

Defguard Core repository
Docker Compose
PostgreSQL
Defguard Package
PostgreSQL
Protobuf
NodeJS
Docker
pnpm
pnpm installation
direnv
Configuration