defguard---Core
defguard---Core
OfficialDocker app from grtgbln's Repository
Overview
This is the core component of defguard, which may required for the other components to work (gateway, proxy)
Requirements
Requires a separate Postgres database container. Requires either a separate defguard - Gateway, defguard - Proxy container or openldap container.
Runtime arguments
- Web UI
http://[IP]:[PORT:8000]/- Network
bridge- Privileged
- false
Template configuration
Container Port: 8000
- Target
- 8000
- Default
- 8000
- Value
- 8000
Container Port: 50055
- Target
- 50055
- Default
- 50055
- Value
- 50055
Postgres database host
- Target
- DEFGUARD_DB_HOST
Postgres database port
- Target
- DEFGUARD_DB_PORT
- Default
- 5432
- Value
- 5432
Postgres database user
- Target
- DEFGUARD_DB_USER
Postgres database password
- Target
- DEFGUARD_DB_PASSWORD
Postgres database name
- Target
- DEFGUARD_DB_NAME
- Default
- defguard
- Value
- defguard
Used to encrypt private cookies. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.
- Target
- DEFGUARD_SECRET_KEY
Used to encrypt user tokens. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.
- Target
- DEFGUARD_AUTH_SECRET
Used to encrypt gateway tokens. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.
- Target
- DEFGUARD_GATEWAY_SECRET
Used to encrypt YubiBridge tokens. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.
- Target
- DEFGUARD_YUBIBRIDGE_SECRET
Publicly-accessible URL of defguard instance.
- Target
- DEFGUARD_URL
- Default
- http://localhost:8000
- Value
- http://localhost:8000
Default password for the admin user.
- Target
- DEFGUARD_DEFAULT_ADMIN_PASSWORD
- Default
- pass123
- Value
- pass123
Proxy URL of defguard instance. Delete if not using defguard proxy.
- Target
- DEFGUARD_PROXY_URL
- Default
- http://IP_ADDRESS:50051
- Value
- http://IP_ADDRESS:50051
Set the domain for auth cookies. By default, it's the domain from DEFGUARD_URL. Must be changed to base URL if you want to use forward auth. Delete if not using defguard proxy.
- Target
- DEFGUARD_COOKIE_DOMAIN
- Default
- localhost
- Value
- localhost
URL of LDAP server. Delete if not using LDAP.
- Target
- DEFGUARD_LDAP_URL
- Default
- ldap://IP_ADDRESS:1389
- Value
- ldap://IP_ADDRESS:1389
Bind username for LDAP server. Delete if not using LDAP.
- Target
- DEFGUARD_LDAP_BIND_USERNAME
- Default
- cn=user,ou=users,dc=example,dc=org
- Value
- cn=user,ou=users,dc=example,dc=org
Bind password for LDAP server. Delete if not using LDAP.
- Target
- DEFGUARD_LDAP_BIND_PASSWORD
- Default
- user
- Value
- user
User search base for LDAP server. Delete if not using LDAP.
- Target
- DEFGUARD_LDAP_USER_SEARCH_BASE
- Default
- ou=users,dc=example,dc=org
- Value
- ou=users,dc=example,dc=org
Group search base for LDAP server. Delete if not using LDAP.
- Target
- DEFGUARD_LDAP_GROUP_SEARCH_BASE
- Default
- ou=groups,dc=example,dc=org
- Value
- ou=groups,dc=example,dc=org
Allow access via HTTP
- Target
- DEFGUARD_COOKIE_INSECURE
- Default
- false|true
Enable Rust backtraces
- Target
- RUST_BACKTRACE
- Default
- 1
Log level
- Target
- DEFGUARD_LOG_LEVEL
- Default
- info|debug
Details
ghcr.io/defguard/defguard:latestRun defguard---Core on Unraid.
defguard---Core is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.