sa6anw.se/docs/netmaker.md

---
title: Netmaker
---

<div class="ascii-wrapper">
<pre><code><div align="center">
 __    __    ________    ________    __       __     ______     __    __    ________    _______  
|\_\  |\_\  |\ ______\  |\ ______\  |\_\     /\_\   /\ ____\   |\_\  /\_\  |\ ______\  |\ _____\ 
| XX\ | XX  | XXXXXXXX   \XXXXXXXX  | XX\   /  XX  |\ XXXXXX\  | XX /  XX  | XXXXXXXX  | XXXXXXX\
| XXX\| XX  | XX__         | XX     | XXX\ /  XXX  | XX__| XX  | XX/  XX   | XX__      | XX__| XX
| XXXX\ XX  | XX _\        | XX     | XXXX\  XXXX  | XX __\XX  | XX  XX    | XX _\     | XX __\XX
| XX\XX XX  | XXXXX        | XX     | XX\XX XX XX  | XXXXXXXX  | XXXXX\    | XXXXX     | XXXXXXX\
| XX \XXXX  | XX_____      | XX     | XX \XXX| XX  | XX  | XX  | XX \XX\   | XX_____   | XX  | XX
| XX  \XXX  | XX ____\     | XX     | XX  \X | XX  | XX  | XX  | XX  \XX\  | XX ____\  | XX  | XX
 \XX   \XX   \XXXXXXXX      \XX      \XX      \XX   \XX   \XX   \XX   \XX   \XXXXXXXX   \XX   \XX
                                                                                                 
                                                                                  SA6ANW 20240104
</div></code></pre>
</div>

**Netmaker**<br>
Wireguard VPN & Software Defined Networking

Med Netmaker Kan jag styra kommunikationen precis som jag vill. Det påminner om Tailscale men man har möjlighet att hosta det själv. Jag kör version 0.17.0. 

För att köra netnetmaker
Skapa en `docker-compose.yaml` med följande innehåll

    version: "3.4"

    services:
    netmaker:
        container_name: netmaker
        image: gravitl/netmaker:v0.17.0
        cap_add: 
        - NET_ADMIN
        - NET_RAW
        - SYS_MODULE
        sysctls:
        - net.ipv4.ip_forward=1
        - net.ipv4.conf.all.src_valid_mark=1
        - net.ipv6.conf.all.disable_ipv6=0
        - net.ipv6.conf.all.forwarding=1
        restart: always
        volumes:
        - dnsconfig:/root/config/dnsconfig
        - sqldata:/root/data
        - mosquitto_data:/etc/netmaker
        environment:
        SERVER_NAME: "broker.netmaker.sa6anw.se"
        SERVER_HOST: "81.170.219.67"
        SERVER_API_CONN_STRING: "api.netmaker.sa6anw.se:443"
        COREDNS_ADDR: "81.170.219.67"
        DNS_MODE: "on"
        SERVER_HTTP_HOST: "api.netmaker.sa6anw.se"
        API_PORT: "8081"
        CLIENT_MODE: "on"
        MASTER_KEY: "Masterkey"
        CORS_ALLOWED_ORIGIN: "*"
        DISPLAY_KEYS: "on"
        DATABASE: "sqlite"
        NODE_ID: "netmaker-server-1"
        MQ_HOST: "mq"
        MQ_PORT: "443"
        MQ_SERVER_PORT: "1883"
        HOST_NETWORK: "off"
        VERBOSITY: "1"
        MANAGE_IPTABLES: "on"
        PORT_FORWARD_SERVICES: "dns"
        MQ_ADMIN_PASSWORD: "AdminPassword"
        ports:
        - "51821-51830:51821-51830/udp"
    netmaker-ui:
        container_name: netmaker-ui
        image: gravitl/netmaker-ui:v0.17.0
        depends_on:
        - netmaker
        links:
        - "netmaker:api"
        restart: always
        environment:
        BACKEND_URL: "https://api.netmaker.sa6anw.se"
      caddy:
        image: caddy:2.6.2
        container_name: caddy
        restart: unless-stopped
        volumes:
          - ./Caddyfile:/etc/caddy/Caddyfile
          - caddy_data:/data
          - caddy_conf:/config
        ports:
          - "80:80"
          - "443:443"
    coredns:
        container_name: coredns
        image: coredns/coredns
        command: -conf /root/dnsconfig/Corefile
        depends_on:
        - netmaker
        restart: always
        volumes:
        - dnsconfig:/root/dnsconfig
    mq:
        container_name: mq
        image: eclipse-mosquitto:2.0.15-openssl
        depends_on:
        - netmaker
        restart: unless-stopped
        command: ["/mosquitto/config/wait.sh"]
        environment:
        NETMAKER_SERVER_HOST: "https://api.netmaker.sa6anw.se"
        volumes:
        - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
        - ./wait.sh:/mosquitto/config/wait.sh
        - mosquitto_data:/mosquitto/data
        - mosquitto_logs:/mosquitto/log
    volumes:
    caddy_data: {}
    caddy_conf: {}
    sqldata: {}
    dnsconfig: {}
    mosquitto_data: {}
    mosquitto_logs: {}

- Byt till din egen domän
- Sätt lång MASTER_KEY och MQ_ADMIN_PASSWORD

Du behöver också filen `Caddyfile` i samma folder med följande innehåll

    {
            # LetsEncrypt account
            email sa6anw@gmail.com
    }

    # Dashboard
    https://dashboard.netmaker.sa6anw.se {
            # Apply basic security headers
            header {
                    # Enable cross origin access to *.netmaker.sa6anw.se
                    Access-Control-Allow-Origin *.netmaker.sa6anw.se
                    # Enable HTTP Strict Transport Security (HSTS)
                    Strict-Transport-Security "max-age=31536000;"
                    # Enable cross-site filter (XSS) and tell browser to block detected attacks
                    X-XSS-Protection "1; mode=block"
                    # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
                    X-Frame-Options "SAMEORIGIN"
                    # Prevent search engines from indexing
                    X-Robots-Tag "none"
                    # Remove the server name
                    -Server
            }

            reverse_proxy http://netmaker-ui
    }

    # API
    https://api.netmaker.sa6anw.se {
            reverse_proxy http://netmaker:8081
    }

    # MQ
    wss://broker.netmaker.sa6anw.se {
            reverse_proxy ws://mq:8883
    }
- Samma sak här, byt till din domän och mailadress.

Som näst sista filen du behöver är `wait.sh` 

    #!/bin/ash

    wait_for_netmaker() {
    echo "SERVER: ${NETMAKER_SERVER_HOST}"
    until curl --output /dev/null --silent --fail --head \
        --location "${NETMAKER_SERVER_HOST}/api/server/health"; do
        echo "Waiting for netmaker server to startup"
        sleep 1
    done
    }

    main(){
    # wait for netmaker to startup
    apk add curl
    wait_for_netmaker
    echo "Starting MQ..."
    # Run the main container command.
    /docker-entrypoint.sh
    /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf

    }

    main "${@}"

Till sist `mosquitto.conf`

    per_listener_settings false
    listener 8883
    protocol websockets
    allow_anonymous false

    listener 1883
    protocol websockets
    allow_anonymous false

    plugin /usr/lib/mosquitto_dynamic_security.so
    plugin_opt_config_file /mosquitto/data/dynamic-security.json


Sen är det bara att köra `docker-compose up -d`

**Modifiering**<br>
Jag har valt att bryta ut caddy så att jag kan köra fler tjänster med bara en publik IP.

Modifiera `docker-compose.yaml` på följande sätt

    version: "3.4"

    services:
    netmaker:
        container_name: netmaker
        image: gravitl/netmaker:v0.17.0
        cap_add: 
        - NET_ADMIN
        - NET_RAW
        - SYS_MODULE
        sysctls:
        - net.ipv4.ip_forward=1
        - net.ipv4.conf.all.src_valid_mark=1
        - net.ipv6.conf.all.disable_ipv6=0
        - net.ipv6.conf.all.forwarding=1
        restart: always
        volumes:
        - dnsconfig:/root/config/dnsconfig
        - sqldata:/root/data
        - mosquitto_data:/etc/netmaker
        environment:
        SERVER_NAME: "broker.netmaker.sa6anw.se"
        SERVER_HOST: "81.170.219.67"
        SERVER_API_CONN_STRING: "api.netmaker.sa6anw.se:443"
        COREDNS_ADDR: "81.170.219.67"
        DNS_MODE: "on"
        SERVER_HTTP_HOST: "api.netmaker.sa6anw.se"
        API_PORT: "8081"
        CLIENT_MODE: "on"
        MASTER_KEY: "MasterKey"
        CORS_ALLOWED_ORIGIN: "*"
        DISPLAY_KEYS: "on"
        DATABASE: "sqlite"
        NODE_ID: "netmaker-server-1"
        MQ_HOST: "mq"
        MQ_PORT: "443"
        MQ_SERVER_PORT: "1883"
        HOST_NETWORK: "off"
        VERBOSITY: "1"
        MANAGE_IPTABLES: "on"
        PORT_FORWARD_SERVICES: "dns"
        MQ_ADMIN_PASSWORD: "AdminPassword"
        ports:
        - "51821-51830:51821-51830/udp"
    +   - "8081:8081"
      netmaker-ui:
        container_name: netmaker-ui
        image: gravitl/netmaker-ui:v0.17.0
        depends_on:
        - netmaker
        links:
        - "netmaker:api"
        restart: always
        environment:
        BACKEND_URL: "https://api.netmaker.sa6anw.se"
    +   ports:
    +   - "8080:80"
    - caddy:
    -   image: caddy:2.6.2
    -   container_name: caddy
    -   restart: unless-stopped
    -   volumes:
    -     - ./Caddyfile:/etc/caddy/Caddyfile
    -     - caddy_data:/data
    -     - caddy_conf:/config
    -   ports:
    -     - "80:80"
    -     - "443:443"
      coredns:
        container_name: coredns
        image: coredns/coredns
        command: -conf /root/dnsconfig/Corefile
        depends_on:
        - netmaker
        restart: always
        volumes:
        - dnsconfig:/root/dnsconfig
      mq:
        container_name: mq
        image: eclipse-mosquitto:2.0.15-openssl
        depends_on:
        - netmaker
        restart: unless-stopped
        command: ["/mosquitto/config/wait.sh"]
        environment:
        NETMAKER_SERVER_HOST: "https://api.netmaker.sa6anw.se"
        volumes:
        - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
        - ./wait.sh:/mosquitto/config/wait.sh
        - mosquitto_data:/mosquitto/data
        - mosquitto_logs:/mosquitto/log
    +  ports:
    +   - "8883:8883"
    volumes:
    caddy_data: {}
    caddy_conf: {}
    sqldata: {}
    dnsconfig: {}

Filen `Caddyfile` kan du ta bort