adding EE

compose/docker-compose.ee.yml

@@ -3,7 +3,7 @@ version: "3.4"
 services:
   netmaker:
     container_name: netmaker
-    image: gravitl/netmaker:v0.16.3-ee
+    image: gravitl/netmaker:testing-ee
     cap_add: 
       - NET_ADMIN
       - NET_RAW
@@ -45,14 +45,6 @@ services:
       MQ_ADMIN_PASSWORD: "REPLACE_MQ_ADMIN_PASSWORD"
     ports:
       - "51821-51830:51821-51830/udp"
-    expose:
-      - "8081"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.netmaker-api.entrypoints=websecure
-      - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-api.service=netmaker-api
-      - traefik.http.services.netmaker-api.loadbalancer.server.port=8081
   netmaker-ui:
     container_name: netmaker-ui
     image: gravitl/netmaker-ui:v0.16.3
@@ -63,21 +55,17 @@ services:
     restart: always
     environment:
       BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"
-    expose:
-      - "80"
-    labels:
-      - traefik.enable=true
-      - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN
-      - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000
-      - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true
-      - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name
-      - traefik.http.routers.netmaker-ui.entrypoints=websecure
-      - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker
-      - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-ui.service=netmaker-ui
-      - traefik.http.services.netmaker-ui.loadbalancer.server.port=80
+  caddy:
+    image: caddy:2.6.2
+    container_name: caddy
+    restart: unless-stopped
+    volumes:
+      - /root/Caddyfile:/etc/caddy/Caddyfile
+      - caddy_data:/data
+      - caddy_conf:/config
+    ports:
+      - "80:80"
+      - "443:443"
   coredns:
     container_name: coredns
     image: coredns/coredns
@@ -87,26 +75,6 @@ services:
     restart: always
     volumes:
       - dnsconfig:/root/dnsconfig
-  traefik:
-    image: traefik:v2.9
-    container_name: traefik
-    command:
-      - "--certificatesresolvers.http.acme.email=YOUR_EMAIL"
-      - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"
-      - "--certificatesresolvers.http.acme.tlschallenge=true"
-      - "--entrypoints.websecure.address=:443"
-      - "--entrypoints.websecure.http.tls=true"
-      - "--entrypoints.websecure.http.tls.certResolver=http"
-      - "--log.level=INFO"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedByDefault=false"
-      - "--serverstransport.insecureskipverify=true"
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - traefik_certs:/letsencrypt
-    ports:
-      - "443:443"
   mq:
     container_name: mq
     image: eclipse-mosquitto:2.0.15-openssl
@@ -121,50 +89,29 @@ services:
       - /root/wait.sh:/mosquitto/config/wait.sh
       - mosquitto_data:/mosquitto/data
       - mosquitto_logs:/mosquitto/log
-    expose:
-      - "8883"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.mqtt_websocket.rule=Host(`broker.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.mqtt_websocket.entrypoints=websecure
-      - traefik.http.routers.mqtt_websocket.tls.certresolver=http
-      - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883
+    ports:
+      - "1883:1883"
+      - "8883:8883"
   prometheus:
     container_name: prometheus
     image: gravitl/netmaker-prometheus:latest
     environment:
       NETMAKER_METRICS_TARGET: "netmaker-exporter.NETMAKER_BASE_DOMAIN"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.prometheus.entrypoints=websecure
-      - traefik.http.routers.prometheus.rule=Host(`prometheus.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.services.prometheus.loadbalancer.server.port=9090
-      - traefik.http.routers.prometheus.service=prometheus
     restart: always
     volumes:
       - prometheus_data:/prometheus
     depends_on:
       - netmaker
-    ports:
-      - 9090:9090
   grafana:
     container_name: grafana
     image: gravitl/netmaker-grafana:latest
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.grafana.entrypoints=websecure
-      - traefik.http.routers.grafana.rule=Host(`grafana.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.services.grafana.loadbalancer.server.port=3000
-      - traefik.http.routers.grafana.service=grafana
     environment:
       PROMETHEUS_HOST: "prometheus.NETMAKER_BASE_DOMAIN"
       NETMAKER_METRICS_TARGET: "netmaker-exporter.NETMAKER_BASE_DOMAIN"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
     volumes:
       - grafana_data:/var/lib/grafana
-    ports:
-      - 3000:3000
     restart: always
     links:
       - prometheus
@@ -174,12 +121,6 @@ services:
   netmaker-exporter:
     container_name: netmaker-exporter
     image: gravitl/netmaker-exporter:latest
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.netmaker-exporter.entrypoints=websecure
-      - traefik.http.routers.netmaker-exporter.rule=Host(`netmaker-exporter.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.services.netmaker-exporter.loadbalancer.server.port=8085
-      - traefik.http.routers.netmaker-exporter.service=netmaker-exporter
     restart: always
     depends_on:
       - netmaker
@@ -192,10 +133,9 @@ services:
       API_PORT: "8085"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
       PROMETHEUS_HOST: https://prometheus.NETMAKER_BASE_DOMAIN
-    expose:
-      - "8085"
 volumes:
-  traefik_certs: {}
+  caddy_data: {}
+  caddy_conf: {}
   sqldata: {}
   dnsconfig: {}
   mosquitto_data: {}

docker/Caddyfile-EE

@@ -0,0 +1,50 @@
+{
+        # LetsEncrypt account
+        email YOUR_EMAIL
+}
+
+# Dashboard
+https://dashboard.NETMAKER_BASE_DOMAIN {
+        # Apply basic security headers
+        header {
+                # Enable cross origin access to *.NETMAKER_BASE_DOMAIN
+                Access-Control-Allow-Origin *.NETMAKER_BASE_DOMAIN
+                # Enable HTTP Strict Transport Security (HSTS)
+                Strict-Transport-Security "max-age=31536000;"
+                # Enable cross-site filter (XSS) and tell browser to block detected attacks
+                X-XSS-Protection "1; mode=block"
+                # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
+                X-Frame-Options "SAMEORIGIN"
+                # Prevent search engines from indexing
+                X-Robots-Tag "none"
+                # Remove the server name
+                -Server
+        }
+
+        reverse_proxy http://netmaker-ui
+}
+
+# Netmaker Exporter
+https://netmaker-exporter.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://netmaker-exporter:8085
+}
+
+# Prometheus
+https://prometheus.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://prometheus:9090
+}
+
+# Grafana
+https://grafana.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://grafana:3000
+}
+
+# API
+https://api.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://netmaker:8081
+}
+
+# MQ
+wss://broker.NETMAKER_BASE_DOMAIN {
+        reverse_proxy ws://mq:8883
+}

scripts/nm-quick-interactive.sh

@@ -260,8 +260,11 @@ unset GET_EMAIL
 unset RAND_EMAIL
 RAND_EMAIL="$(echo $RANDOM | md5sum  | head -c 16)@email.com"
 read -p "Email Address for Domain Registration (click 'enter' to use $RAND_EMAIL): " GET_EMAIL
-if [ -n "$GET_EMAIL" ]; then
-  EMAIL=$RAND_EMAIL
+if [ -z "$GET_EMAIL" ]; then
+  echo "using rand email"
+  EMAIL="$RAND_EMAIL"
+else
+  EMAIL="$GET_EMAIL"
 fi
 
 wait_seconds 2
@@ -292,11 +295,13 @@ wait_seconds 3
 echo "Pulling config files..."
 
 COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.yml" 
+CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile"
 if [ "$INSTALL_TYPE" = "ee" ]; then
 	COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.ee.yml" 
+	CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile-EE"
 fi
 
-wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf && wget -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh && chmod +x /root/wait.sh
+wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf && wget -O /root/Caddyfile $CADDY_URL && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh && chmod +x /root/wait.sh
 
 mkdir -p /etc/netmaker