Adds a minimal supervision tree for making DB changes from the
`FzHttp.Release` module. This allows the `bin/create-or-reset-admin` and
`bin/create-api-token` commands to be with `docker compose exec` or
`docker compose run --rm` indiscriminately.
Starting the FzHttp.Repo directly is more involved it's not compiled
into the release as an OTP app.
### TODO
- [x] "/v0"
- [x] Double-check migration order; re-timestamp if necessary
- [x] Move `sites` fields to `configurations` so they can be updated
from API
- [x] #1240 -- it introduces possible race conditions for API requests
- [x] #1249
- [ ] #1008
- [ ] Final review
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
This PR also moves to `yarn` for docs package management for improved
speed, security, and developer experience. Docusaurus prefers yarn.
Refs firezone/marketing#126
* docs: add logs and update troubleshooting
Updates the troubleshooting doc for Docker based deployments and adds a general logs doc with more info on what Firezone logs.
Also added a mention of Audit logs in beta to source more convos.
* docs: further Docker clarifications
Clarifying some troubleshooting guides that refer to firezone-ctl.
Not everyone arrives at the env-vars or config file through the deploy/configure guide. Some load these pages directly via search. Adding a more prominent note that it's for Omnibus based deploy.
* docs: add troubleshooting docs on locked out state
Adding a section on reseting admin passwords for both docker and omnibus deployments. I realize we removed the omnibus firezone-ctl reference. I won't add it back since I have no idea where to put it.
* docs: update split tunnel doc
Was originally going to write more about other ways you can achieve split tunneling with wireguard, but will leave that for now
* fix whitespace
* update split tunnel doc
* docs: add DNS considerations to split tunnel doc
https://github.com/firezone/product/issues/527
* update split tunnel doc
* further clarify split tunnel doc
* add note about on-demand feature
* Docs - Improve titles and descriptions (#1187)
* docs: update titles, descriptions
Changes:
- set more descriptive titles (better for readers and SEO)
- add meta descriptions
- convert titles to sentence case for consistency
* docs: small fixes
* fix trailing whitespaces
* fix spelling
* Apply suggestions from code review
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>
* add descriptions to client instructions
Signed-off-by: Jason G <jason@firez.one>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
* chore: update logs doc
* chore: apply suggestions from code review
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>
* chore: line length and log description
* chore: rename debug logs
* chore: apply suggestions from code review
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>
* Docs - Add draft whitelist sso doc (#1185)
* doc: adding whitelist sso doc
redo of https://github.com/firezone/firezone/pull/995
* docs: add seo titles
* docs: improve titles
* grammar fixes
* fix trailing whitespace
apparently my vscode plugin does not find trailing whitespace in front matter
* put doc in draftmode
* add note on wireguard client apps
* Revert "add note on wireguard client apps"
This reverts commit 9013ce1c3b1bcb8b825f0fcbb1c5fe7e050cae82.
* Apply suggestions from code review
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>
Signed-off-by: Jason G <jason@firez.one>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
* chore: apply suggestions from code review
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>
* chore: Update docs/docs/user-guides/client-instructions.mdx
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>
* chore: update title capitalization and other small fixes
* Apply suggestions from code review
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
* Add instructions for enabling IPv6 within Docker
IPv6 routing is disabled by default on Docker. To have IPv6 work in Firezone
the same way IPv4 currently does (and IPv6 on Omnibus), four things are
generally required:
1. First, ensure your Docker host has IPv6 correctly set up with a quick
ping test:
```
> ping6 -c 4 google.com
PING google.com(sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e)) 56 data bytes
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=1 ttl=51 time=1.96 ms
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=2 ttl=51 time=1.94 ms
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=3 ttl=51 time=1.92 ms
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=4 ttl=51 time=1.90 ms
```
2. Add an IPv6 address, subnet, and `enable_ipv6: true` to the Docker
compose. **Note**: Various Googling around the interwebs will uncover
the myth that `enable_ipv6` is not supported on Docker Compose file
versions 3+ -- this seems to be incorrect. Leaving out `enable_ipv6: true`
prevented Docker from automatically assigning IPv6 addresses for
containers attaching to that network.
3. Add the following to `/etc/docker/daemon.json`:
```json
{
"ipv6": true,
"ip6tables": true,
"experimental": true,
"fixed-cidr-v6": "fd00:dead:beef::/80"
}
```
4. The above causes Docker to automatically add `ip6tables` rules to
set up IPv6 NAT/Masquerade for containers. However, this breaks DHCPv6
Router Advertisements, so you'll need to re-enable them for your
default interface with:
```
egress=`ip route show default 0.0.0.0/0 | grep -oP '(?<=dev ).*' | cut -f1 -d' ' | tr -d '\n'`
sudo echo "net.ipv6.conf.${egress}.accept_ra=2" >> /etc/sysctl.conf
```
* Fix bash cmd
* Apply suggestions from code review
Self-review
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
* Apply suggestions from code review
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
* fix: use caddy in host network_mode and make sure urls have a scheme
* fix: remove unnecesary exposed ports
* fix: remove support for hostnames begining with // since caddy doesn't support it
* Fix schemeless external URLs; error on invalid ones (#1090)
* Fix schemeless external URLs; error on invalid ones
* use different dockerfile for linux vs non-linux
* Use conditional EXTERNAL_URL defaults
* suppress empty warning
* postgres volume location
* Use inline Caddyfile
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
* 0.6.0
* Make OIDC and SAML user provisioning configurable per-provider (#1015)
* Got ugly migration to work
* Move auto_create_users to per-provider config
* Update deps to bust cache
* Update Process sleep
* Update docs with Auto create users
* working migration script (#1013)
* Add telem for Docker and SAML (#1020)
* Add telem for Docker and SAML
* Omit unneeded format
* Minor typo fixes
* cache node deps
* Remove unneeded script
* Remove unneeded script
* Remove redundant lint-docs step...
* Cache nodejs for static anal
* npm ci before use
* limit markdownlint to docs for now
* Move markdownlint config to root
* remove duplicate files for nftables
* github logo in navbar
* add company links to footer
* use auto-generated indexes
* make use of swizzling
* SEO
* lint error
* Update install script to setup and install firezone from cloudsmith repo
* silence source repo file not found when removing
* Update docs with cloudsmith repo instructions, add feedback message to uninstall
* Fix supported platforms link
* add upgrade note to post install pkg script & only grep config file for check if it exists
* Clean up install server doc links
* use apt-get instead of apt, add RHEL 7,8,9 & OLS 7,8,9
* Use more cross platform compatible terminal text styles
* simplify deployment instructions
* fix lint error
* add troubleshooting section
* additional server instrucrtions
* clarify supported distros in intro
* punctuation
* upgrade to 0.3.17
* clarifications from review
@jamilbk changed based on your comments. There was a section about upgrading that was supposed to be in another branch (OIDC). I removed that.
@lilibobear added a screenshot
* add note for ssh interruptions during install
* link to github issue for ssh interrupt
* review note fixes
* testing signed commit
* update gpg email
