mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
REST API (#1155)
### TODO - [x] "/v0" - [x] Double-check migration order; re-timestamp if necessary - [x] Move `sites` fields to `configurations` so they can be updated from API - [x] #1240 -- it introduces possible race conditions for API requests - [x] #1249 - [ ] #1008 - [ ] Final review Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Andrew Dryga <andrew@dryga.com>
This commit is contained in:
Jamil
@@ -47,13 +47,24 @@ docker compose up -d
|
||||
If you hit any issues, please let us know by [filing an
|
||||
issue](https://github.com/firezone/firezone/issues/new/choose).
|
||||
|
||||
## Upgrading to 0.7.x
|
||||
|
||||
Firezone 0.7.0 introduces a new REST API that replaces many of the legacy environment
|
||||
variables.
|
||||
|
||||
Due to this, If you're running Firezone < 0.6, we recommend updating to the latest
|
||||
0.6.x release **before** upgrading to 0.7. This will ensure any environment variables
|
||||
are properly parsed and migrated into the DB as runtime `configurations`.
|
||||
|
||||
|
||||
## Upgrading to 0.6.12
|
||||
|
||||
### WIREGUARD_* env vars
|
||||
Firezone 0.6.12 moves the `WIREGUARD_ALLOWED_IPS`, `WIREGUARD_PERSISTENT_KEEPALIVE`,
|
||||
and `WIREGUARD_DNS` environment variables to the `sites` table to be configured in the
|
||||
UI at `/settings/site`. If the corresponding value at `/settings/site` was empty, the
|
||||
environment variable's value was used to populate the field.
|
||||
UI at `/settings/client_defaults`. If the corresponding value at
|
||||
`/settings/client_defaults` was empty, the environment variable's value was used to
|
||||
populate the field.
|
||||
|
||||
This is a baby step in our quest to move more runtime configuration from environment
|
||||
variables to the DB.
|
||||
|
||||
@@ -51,7 +51,7 @@ MIX_ENV=prod mix deps.get
|
||||
MIX_ENV=prod mix release
|
||||
```
|
||||
|
||||
After the release build finishes, you should have a shiny new Firezone instance at
|
||||
After the release build finishes, you should have a shiny new Firezone release artifact in
|
||||
`<CURRENT_DIR>/_build/dev/rel/firezone`. In the `bin` folder, the `firezone` binary
|
||||
can be used to start up Firezone. If you run it without any arguments you should see
|
||||
a list of available commands like this:
|
||||
@@ -73,7 +73,10 @@ The known commands are:
|
||||
pid Prints the operating system PID of the running system via a remote command
|
||||
version Prints the release name and version to be booted
|
||||
```
|
||||
Most deployment-related configuration is handled with environment variables. You'll probably want to at least set variables related to your reverse proxy and database. See the [ENV var reference](/reference/env-vars/) for an exhaustive list.
|
||||
|
||||
Most deployment-related configuration is handled with environment variables.
|
||||
You'll probably want to at least set variables related to your reverse proxy
|
||||
and database. See the [ENV var reference](/reference/env-vars/) for an exhaustive list.
|
||||
|
||||
Now all you need are the database and reverse proxy that you've previously set up.
|
||||
Once that's done, you can use `firezone start` to start Firezone and run
|
||||
|
||||
@@ -147,10 +147,6 @@ Shown below is a complete listing of the configuration options available in
|
||||
| `default['firezone']['wireguard']['log_rotation']['num_to_keep']` | Number of WireGuard log files to keep. | `10` |
|
||||
| `default['firezone']['wireguard']['interface_name']` | WireGuard interface name. **Changing this parameter may cause a temporary loss in VPN connectivity**. | `'wg-firezone'` |
|
||||
| `default['firezone']['wireguard']['port']` | WireGuard listen port. | `51820` |
|
||||
| `default['firezone']['wireguard']['mtu']` | WireGuard interface MTU for this server and for device configurations. | `1280` |
|
||||
| `default['firezone']['wireguard']['endpoint']` | WireGuard `Endpoint` to use for generating device configurations. If `nil`, defaults to the server's public IP address. | `nil` |
|
||||
| `default['firezone']['wireguard']['dns']` | WireGuard `DNS` to use for generated device configurations. | `'1.1.1.1, 1.0.0.1'` |
|
||||
| `default['firezone']['wireguard']['allowed_ips']` | WireGuard `AllowedIPs` to use for generated device configurations. | `'0.0.0.0/0, ::/0'` |
|
||||
| `default['firezone']['wireguard']['persistent_keepalive']` | Default PersistentKeepalive setting for generated device configurations. A value of 0 disables. | `0` |
|
||||
| `default['firezone']['wireguard']['ipv4']['enabled']` | Enable or disable IPv4 for WireGuard network. | `true` |
|
||||
| `default['firezone']['wireguard']['ipv4']['masquerade']` | Enable or disable masquerade for packets leaving the IPv4 tunnel. | `true` |
|
||||
|
||||
@@ -20,7 +20,7 @@ We recommend setting these in your Docker ENV file (`$HOME/.firezone/.env` by
|
||||
default). Required fields in **bold**.
|
||||
|
||||
| Name | Description | Format | Default |
|
||||
| --- | --- | --- | --- |
|
||||
| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- |
|
||||
| **`EXTERNAL_URL`** | The external URL the web UI will be accessible at. Must be a valid FQDN for ACME SSL issuance to function. | String | |
|
||||
| **`ADMIN_EMAIL`** | Primary administrator email. | String | |
|
||||
| **`DEFAULT_ADMIN_PASSWORD`** | Default password that will be used for creating or resetting the primary administrator account. | String | Randomly generated upon install with `docker run firezone/firezone bin/gen-env`. |
|
||||
@@ -52,14 +52,10 @@ default). Required fields in **bold**.
|
||||
| `OUTBOUND_EMAIL_CONFIGS` | Email provider-specific config. | JSON-encoded hash of provider config. E.g. `{"gmail": {"access_token": "..."}, "smtp": {"relay": "smtp.example.com"}}`. See the [swoosh docs](https://hexdocs.pm/swoosh/). | `{}` |
|
||||
| `PHOENIX_PORT` | Internal port to listen on for the Phoenix web server. | Integer | `13000` |
|
||||
| `PRIVATE_CLIENTS` | List of IPs / CIDRs to consider trusted for purposes of correctly parsing the `X-Forwarded-For` header. | JSON-encoded list of IPs / CIDRs. | `[]` |
|
||||
| `WIREGUARD_IPV4_ADDRESS` | Tunnel-side IPv4 address of Firezone. | String | `10.3.2.1` |
|
||||
| `WIREGUARD_IPV4_ENABLED` | Enable / disable tunnel-side IPv4 connectivity. | Boolean | `true` |
|
||||
| `WIREGUARD_IPV4_MASQUERADE` | Enable / disable IPv4 masquerade. | String | `true` |
|
||||
| `WIREGUARD_IPV4_NETWORK` | Tunnel-side IPv4 network to use. | String | `10.3.2.0/24` |
|
||||
| `WIREGUARD_IPV6_ADDRESS` | Tunnel-side IPv6 address of Firezone. | String | `fd00::3:2:1` |
|
||||
| `WIREGUARD_IPV6_ENABLED` | Enable / disable tunnel IPv6 addresses. | Boolean | `true` |
|
||||
| `WIREGUARD_IPV6_MASQUERADE` | Enable / disable IPv6 masquerade. | Boolean | `true` |
|
||||
| `WIREGUARD_IPV6_NETWORK` | Tunnel-side IPv6 network to use. | String | `fd00::3:2:0/120` |
|
||||
| `WIREGUARD_MTU` | MTU to use for the server-side WireGuard MTU interface. | String | `1280` |
|
||||
| `WIREGUARD_PORT` | Port to listen on for WireGuard connections. | Integer | `51820` |
|
||||
| `SECURE_COOKIES` | Enable or disable requiring secure cookies. Required for HTTPS. | Boolean | `true` |
|
||||
|
||||
Reference in New Issue
Block a user