search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.53k stars 552 forks source link

Nginx Proxy Manager instead of traefik #1765

Closed badokun closed 1 year ago

badokun commented 1 year ago

I'd like to use Nginx Proxy Manager instead of traefik so I can setup a reverse proxy for my home lab.

The documentation on https://docs.netmaker.org/ appears to be outdated, and the HOST_NETWORK comments refers to a docker-compose file that no longer exists.

I've modified my docker-compose, but unable to reach the other nodes from within the nginx-proxy-manager container. How can I bridge the network from the netmaker container?

From the netmaker container I see:

bash-5.1# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:14:00:02
          inet addr:172.20.0.2  Bcast:172.20.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe14:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1994 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1425 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:370466 (361.7 KiB)  TX bytes:745415 (727.9 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1668 (1.6 KiB)  TX bytes:1668 (1.6 KiB)

nm-office-vpn Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.87.181.254  P-t-P:10.87.181.254  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1280  Metric:1
          RX packets:39 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2212 (2.1 KiB)  TX bytes:1036 (1.0 KiB)

and from nginx-proxy-manager 

[root@docker-4edb7feb19c1:/app]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.20.0.3  netmask 255.255.0.0  broadcast 172.20.255.255
        ether 02:42:ac:14:00:03  txqueuelen 0  (Ethernet)
        RX packets 1793  bytes 10908400 (10.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2125  bytes 781487 (763.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 658  bytes 157679 (153.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 658  bytes 157679 (153.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

So it's not able to reach any addresses in the 10.87.181.xxx range

Here's my docker-compose file:

version: "3.4"

services:
  netmaker:
    container_name: netmaker
    image: gravitl/netmaker:v0.16.3
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
    restart: always
    volumes:
      - dnsconfig:/root/config/dnsconfig
      - sqldata:/root/data
      - mosquitto_data:/etc/netmaker
    environment:
      SERVER_NAME: "broker.mydomain.com"
      SERVER_HOST: "xxx.xxx.xxx.xxx"
      SERVER_API_CONN_STRING: "api.mydomain.com:443"
      COREDNS_ADDR: "xxx.xxx.xxx.xxx"
      DNS_MODE: "on"
      SERVER_HTTP_HOST: "api.mydomain.com"
      API_PORT: "8081"
      CLIENT_MODE: "on"
      MASTER_KEY: "xxxxxxx"
      CORS_ALLOWED_ORIGIN: "*"
      DISPLAY_KEYS: "on"
      DATABASE: "sqlite"
      NODE_ID: "netmaker-server-1"
      MQ_HOST: "mq"
      MQ_PORT: "443"
      MQ_SERVER_PORT: "1883"
      HOST_NETWORK: "off"
      VERBOSITY: "1"
      MANAGE_IPTABLES: "on"
      PORT_FORWARD_SERVICES: "dns"
      MQ_ADMIN_PASSWORD: "xxxxxxx"
    ports:
      - "51821-51830:51821-51830/udp"
    expose:
      - "8081"
  netmaker-ui:
    container_name: netmaker-ui
    image: gravitl/netmaker-ui:v0.16.3
    depends_on:
      - netmaker
    links:
      - "netmaker:api"
    restart: always
    environment:
      BACKEND_URL: "https://api.mydomain.com"
    expose:
      - "80"
  coredns:
    container_name: coredns
    image: coredns/coredns
    command: -conf /root/dnsconfig/Corefile
    depends_on:
      - netmaker
    restart: always
    volumes:
      - dnsconfig:/root/dnsconfig
  mq:
    container_name: mq
    image: eclipse-mosquitto:2.0.11-openssl
    depends_on:
      - netmaker
    restart: unless-stopped
    command: ["/mosquitto/config/wait.sh"]
    environment:
      NETMAKER_SERVER_HOST: "https://api.mydomain.com"
    volumes:
      - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
      - /root/wait.sh:/mosquitto/config/wait.sh
      - mosquitto_data:/mosquitto/data
      - mosquitto_logs:/mosquitto/log
    expose:
      - "8883"
  app:
    container_name: nginx-proxy-manager
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
volumes:
  traefik_certs: {}
  sqldata: {}
  dnsconfig: {}
  mosquitto_data: {}
  mosquitto_logs: {}
mattkasun commented 1 year ago

use the docker network 172.20.0.0/16

badokun commented 1 year ago

Thanks, that worked

maveice commented 1 year ago

@bqdokun: I am just about deploying nginx proxy manager (npm) and trying to get it work, however I installed it on a different machine. Would you please share what exactly you have configured in npm to get netmaker working properly in this npm environment? Many thanks in advance!

LukasPoque commented 1 year ago

Any updates on this issue? @maveice

maveice commented 1 year ago

Unfortunately not - as I didn't receive any help, I already gave up ... - if you already got any further, please let me know. @LukasPoque

LukasPoque commented 1 year ago

I think I found a solution. In my case, there is a server that runs NPM and another server in the same network that runs Netmaker in a docker container. In NPM setup 3 proxy hosts api.VPN_DOMAIN -> forward to NETMAKER_SERVER_IP:8081, broker.VPN_DOMAIN -> NETMAKER_SERVER_IP:8883 (add websocket support), and dashboard.VPN_DOMAIN -> NETMAKER_SERVER_IP:80. Then use the default docker-compose.yml from the repo (+ use the mosquitto.conf and wait.sh from here: https://github.com/gravitl/netmaker/tree/master/docker). In the docker-compose file, delete the caddy section, and replace all placeholder vars with your NETMAKER_SERVER_IP and your VPN_DOMAIN. Last but not least, add some ports to the different containers, so NPM can connect to them. Therefore edit the docker-compose file again and add:

netmaker:
  ports:
    - "8081:8081"
netmaker-ui:
  ports:
    - "80:80"
mq:
  ports:
    - "8883:1883"

Hope that helps you :) @maveice

CoconutStarshipForever commented 1 year ago

Hello everyone!

I Know that this ticket is closed, But I'm having a hard time figuring out how to make mosquito working behind NPM with the compose file.

Unfortunately, the advanced section of the doc doesn't help.

What I try to setup is NPM + Netmaker on the same droplet but I can't figure out how make MQ accessible outside of the docker network.

Here is my compose file. It's quite modified, but everything run ''well'' locally but the MQ is just unreachable. Netmaker Logs show

error publishing node update to peer LONG_ID cannot publish ... mqclient not connected (1)

The compose file:


version: "3.4"

services:
  netmaker:
    container_name: netmaker
    image: gravitl/netmaker:v0.18.5
    restart: always
    volumes:
      - /home/DROPLET/netmaker/dns/dnsconfig:/root/config/dnsconfig
      - /home/DROPLET/netmaker/sql/sql_data:/root/data
      - /home/DROPLET/netmaker/mosquitto/mosquitto_data:/etc/netmaker
    environment:
      BROKER_ENDPOINT: "wss://broker.netmaker.domain.co"
      SERVER_NAME: "netmaker.domain.co"
      STUN_LIST: "stun.netmaker.domain.co:3478,stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302"
      SERVER_HOST: "*.*.*.*"
      SERVER_API_CONN_STRING: "api.netmaker.domain.co:443"
      COREDNS_ADDR: "*.*.*.*"
      DNS_MODE: "on"
      SERVER_HTTP_HOST: "api.netmaker.domain.co"
      API_PORT: "8081"
      MASTER_KEY: "MASTERKEY"
      CORS_ALLOWED_ORIGIN: "*"
      DISPLAY_KEYS: "on"
      DATABASE: "sqlite"
      NODE_ID: "netmaker-server-1"
      SERVER_BROKER_ENDPOINT: "ws://mq:1883"
      VERBOSITY: "1"
      MQ_PASSWORD: "MQ_PASSWORD"
      MQ_USERNAME: "MQ_USER"
      STUN_PORT: "3478"
      DEFAULT_PROXY_MODE: "off"
    ports:
      - "3478:3478/udp"
  netmaker-ui:
    container_name: netmaker-ui
    image: gravitl/netmaker-ui:v0.18.5
    depends_on:
      - netmaker
    links:
      - "netmaker:api"
    restart: always
    environment:
      BACKEND_URL: "https://api.netmaker.domain.co"
  coredns:
    container_name: coredns
    image: coredns/coredns
    command: -conf /root/dnsconfig/Corefile
    depends_on:
      - netmaker
    restart: always
    volumes:
      - /home/DROPLET/netmaker/dns/dnsconfig:/root/dnsconfig
  mq:
    container_name: mq
    image: eclipse-mosquitto:2.0.15-openssl
    depends_on:
      - netmaker
    restart: unless-stopped
    command: ["/mosquitto/config/wait.sh"]
    ports:
      - "8883:1883"
    environment:
      MQ_PASSWORD: "MQ_PASSWORD"
      MQ_USERNAME: "MQ_USER"
    volumes:
      - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
      - /root/wait.sh:/mosquitto/config/wait.sh
      - /home/DROPLET/netmaker/mosquitto/mosquitto_logs:/mosquitto/log

From the NPM side of things, I've got all the right proxies sets (all with SSL):

If we manage to found the proper way to configure NPM with Netmaker, we could update the doc afterward (the advanced setup for NPM in the doc look like the pre-0.13 era).