defguard---Core

官方

概述

defguard is a true Zero-Trust WireGuard® VPN with 2FA/Multi-Factor Authentication, as each connection requires MFA (and not only when logging in into the client application like other solutions).
This is the core component of defguard, which may required for the other components to work (gateway, proxy)

要求

Requires a separate Postgres database container. Requires either a separate defguard - Gateway, defguard - Proxy container or openldap container.

运行时参数

网络用户界面: http://[IP]:[PORT:8000]/
网络: bridge
特权: false

模板配置

API PortPorttcp

Container Port: 8000

目标: 8000
默认值: 8000
价值: 8000

gRPC PortPorttcp

Container Port: 50055

目标: 50055
默认值: 50055
价值: 50055

Postgres - HostVariable

Postgres database host

目标: DEFGUARD_DB_HOST

Postgres - PortVariable

Postgres database port

目标: DEFGUARD_DB_PORT
默认值: 5432
价值: 5432

Postgres - UserVariable

Postgres database user

目标: DEFGUARD_DB_USER

Postgres - PasswordVariable

Postgres database password

目标: DEFGUARD_DB_PASSWORD

Postgres - DatabaseVariable

Postgres database name

目标: DEFGUARD_DB_NAME
默认值: defguard
价值: defguard

Secret KeyVariable

Used to encrypt private cookies. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.

目标: DEFGUARD_SECRET_KEY

Auth SecretVariable

Used to encrypt user tokens. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.

目标: DEFGUARD_AUTH_SECRET

Gateway SecretVariable

Used to encrypt gateway tokens. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.

目标: DEFGUARD_GATEWAY_SECRET

YubiBridge SecretVariable

Used to encrypt YubiBridge tokens. Run `openssl rand -base64 55 | tr -d '=+/' | tr -d '\n' | cut -c1-64` to generate a random key.

目标: DEFGUARD_YUBIBRIDGE_SECRET

URLVariable

Publicly-accessible URL of defguard instance.

目标: DEFGUARD_URL
默认值: http://localhost:8000
价值: http://localhost:8000

Default Admin PasswordVariable

Default password for the admin user.

目标: DEFGUARD_DEFAULT_ADMIN_PASSWORD
默认值: pass123
价值: pass123

Proxy - Proxy URLVariable

Proxy URL of defguard instance. Delete if not using defguard proxy.

目标: DEFGUARD_PROXY_URL
默认值: http://IP_ADDRESS:50051
价值: http://IP_ADDRESS:50051

Proxy - Cookie DomainVariable

Set the domain for auth cookies. By default, it's the domain from DEFGUARD_URL. Must be changed to base URL if you want to use forward auth. Delete if not using defguard proxy.

目标: DEFGUARD_COOKIE_DOMAIN
默认值: localhost
价值: localhost

LDAP - URLVariable

URL of LDAP server. Delete if not using LDAP.

目标: DEFGUARD_LDAP_URL
默认值: ldap://IP_ADDRESS:1389
价值: ldap://IP_ADDRESS:1389

LDAP - Bind UsernameVariable

Bind username for LDAP server. Delete if not using LDAP.

目标: DEFGUARD_LDAP_BIND_USERNAME
默认值: cn=user,ou=users,dc=example,dc=org
价值: cn=user,ou=users,dc=example,dc=org

LDAP - Bind PasswordVariable

Bind password for LDAP server. Delete if not using LDAP.

目标: DEFGUARD_LDAP_BIND_PASSWORD
默认值: user
价值: user

LDAP - User Search BaseVariable

User search base for LDAP server. Delete if not using LDAP.

目标: DEFGUARD_LDAP_USER_SEARCH_BASE
默认值: ou=users,dc=example,dc=org
价值: ou=users,dc=example,dc=org

LDAP - Group Search BaseVariable

Group search base for LDAP server. Delete if not using LDAP.

目标: DEFGUARD_LDAP_GROUP_SEARCH_BASE
默认值: ou=groups,dc=example,dc=org
价值: ou=groups,dc=example,dc=org

Cookie InsecureVariable

Allow access via HTTP

目标: DEFGUARD_COOKIE_INSECURE
默认值: false|true

Rust TracebackVariable

Enable Rust backtraces

目标: RUST_BACKTRACE
默认值: 1

Log LevelVariable

Log level

目标: DEFGUARD_LOG_LEVEL
默认值: info|debug

类别

Network > Proxy Network > VPN Network > Privacy Productivity Tools > Utilities Other

链接

模板支持难民署 Pro连接

详细信息

存储库

ghcr.io/defguard/defguard:latest

登记处

https://registry.hub.docker.com/r/ghcr.io/defguard/defguard

最后更新2026-06-01

初见2025-02-15

在Unraid 上运行 defguard---Core 。

defguard---Core 已被列入Unraid OS 的社区应用程序。探索Unraid ，构建灵活的家庭服务器、NAS 或家庭实验室。

探索Unraid OS