Add segmented compose (#132)

* compose

* consistency

* UTC

Author: t-aleksander

docker-compose-segmented/core/.env

@@ -0,0 +1,35 @@
+## General Core configuration ##
+DEFGUARD_AUTH_SECRET=<64_CHAR_RANDOM_SECRET>
+DEFGUARD_YUBIBRIDGE_SECRET=<64_CHAR_RANDOM_SECRET>
+DEFGUARD_GATEWAY_SECRET=<64_CHAR_RANDOM_SECRET>
+DEFGUARD_SECRET_KEY=<64_CHAR_RANDOM_SECRET>
+DEFGUARD_URL=<YOUR_DEFGUARD_CORE_URL>
+# DEFGUARD_WEBAUTHN_RP_ID=<YOUR_DEFGUARD_WEBAUTHN_RP_ID>
+# More details about RSA key here:
+# https://docs.defguard.net/deployment-strategies/openid-rsa-key
+# DEFGUARD_OPENID_KEY=rsakey.pem
+# Accepted values: debug, info, warn, error
+DEFGUARD_LOG_LEVEL=info
+
+## Proxy/Enrollment configuration ##
+DEFGUARD_ENROLLMENT_URL=<YOUR_DEFGUARD_ENROLLMENT_URL> # The URL of your Proxy - will be displayed during enrollment, email messages or desktop client configuration
+DEFGUARD_PROXY_URL=<YOUR_DEFGUARD_PROXY_GRPC_URL>
+# DEFGUARD_COOKIE_INSECURE=true  # If you are accessing the dashboard via HTTP instead of HTTPS, set this to true.
+
+## GRPC Certificate configuration ##
+# More info about securing gRPC communication here: https://docs.defguard.net/deployment-strategies/grpc-ssl-communication#custom-ssl-ca-and-certificates
+# DEFGUARD_GRPC_CERT=/certs/core.pem
+# DEFGUARD_GRPC_KEY=/certs/core.key
+# DEFGUARD_PROXY_GRPC_CA=/certs/ca.pem
+
+## Database configuration ##
+# For the database container
+POSTGRES_DB=defguard
+POSTGRES_USER=defguard
+POSTGRES_PASSWORD=<YOUR_DB_PASSWORD>
+# For the Core container
+DEFGUARD_DB_HOST=db
+DEFGUARD_DB_PORT=5432
+DEFGUARD_DB_PASSWORD=<YOUR_DB_PASSWORD>
+DEFGUARD_DB_USER=defguard
+DEFGUARD_DB_NAME=defguard

docker-compose-segmented/core/compose.yml

@@ -0,0 +1,51 @@
+services:
+  core:
+    image: ghcr.io/defguard/defguard:latest
+    restart: unless-stopped
+    container_name: "defguard"
+    env_file: .env
+    ports:
+      # gRPC port for the Gateway to connect to
+      # open on all interfaces/IPs - should be secured with custom CA (see .env)
+      - "50055:50055"
+    depends_on:
+      db:
+        condition: service_healthy
+    # volumes:
+    # More info here:
+    # https://docs.defguard.net/deployment-strategies/openid-rsa-key
+    # - ./rsakey.pem:/keys/rsakey.pem
+    # More info about securing gRPC communication here:
+    # https://docs.defguard.net/deployment-strategies/grpc-ssl-communication#custom-ssl-ca-and-certificates
+    # - ./core.pem:/certs/core.pem
+    # - ./core.key:/certs/core.key
+    # - ./ca.pem:/certs/ca.pem
+
+  db:
+    image: postgres:17-alpine
+    restart: unless-stopped
+    container_name: "defguard-db"
+    env_file: .env
+    volumes:
+      - ./volumes/db:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U defguard"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  npm:
+    image: "jc21/nginx-proxy-manager:latest"
+    restart: unless-stopped
+
+    ports:
+      - "80:80" # HTTP Port
+      - "443:443" # HTTPS Port
+      - "81:81" # Admin Web Port
+
+    environment:
+      TZ: "UTC"
+
+    volumes:
+      - ./volumes/npm/data:/data
+      - ./volumes/npm/letsencrypt:/etc/letsencrypt

docker-compose-segmented/gateway/compose.yml

@@ -0,0 +1,17 @@
+services:
+  gateway:
+    image: ghcr.io/defguard/gateway:latest
+    restart: unless-stopped
+    container_name: "defguard-gateway"
+    network_mode: "host"
+    environment:
+      - DEFGUARD_GRPC_URL=<CORE_GRPC_URL>
+      - DEFGUARD_TOKEN=<GATEWAY_TOKEN>
+      - DEFGUARD_LOG_LEVEL=info
+      # More info about securing gRPC communication here:
+      # https://docs.defguard.net/deployment-strategies/grpc-ssl-communication#custom-ssl-ca-and-certificates
+      # - DEFGUARD_GRPC_CA=/ca.pem
+    # volumes:
+    #   - ./ca.pem:/ca.pem
+    cap_add:
+      - NET_ADMIN

docker-compose-segmented/proxy/compose.yml

@@ -0,0 +1,31 @@
+services:
+  proxy:
+    image: ghcr.io/defguard/defguard-proxy:latest
+    restart: unless-stopped
+    container_name: "defguard-proxy"
+    ports:
+      - "50051:50051"
+    environment:
+      - DEFGUARD_PROXY_URL=<PROXY_GRPC_URL>
+      - DEFGUARD_LOG_LEVEL=info
+      # More info about securing gRPC communication here:
+      # https://docs.defguard.net/deployment-strategies/grpc-ssl-communication#custom-ssl-ca-and-certificates
+      #- DEFGUARD_PROXY_GRPC_CERT=/certs/proxy.pem
+      #- DEFGUARD_PROXY_GRPC_KEY=/certs/proxy.key
+    # volumes:
+    #   - ./proxy.pem:/certs/proxy.pem
+    #   - ./proxy.key:/certs/proxy.key
+  npm:
+    image: "jc21/nginx-proxy-manager:latest"
+    restart: unless-stopped
+    ports:
+      - "80:80" # HTTP Port
+      - "443:443" # HTTPS Port
+      - "81:81" # Admin Web Port
+
+    environment:
+      TZ: "UTC"
+
+    volumes:
+      - ./volumes/npm/data:/data
+      - ./volumes/npm/letsencrypt:/etc/letsencrypt