Merge pull request #1793 from gravitl/release_v0.17.0

Release v0.17.0

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -31,6 +31,7 @@ body:
       label: Version
       description: What version are you running?
       options:
+        - v0.17.0
         - v0.16.3
         - v0.16.2
         - v0.16.1

.github/dependabot.yml

@@ -16,3 +16,15 @@ updates:
     schedule:
       interval: "weekly"
     target-branch: "develop"
+  # Enable version updates for GitHubActions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "develop"
+  # Enable version updates for docker images 
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "develop"

.github/workflows/buildandrelease.yml

@@ -106,6 +106,7 @@ jobs:
 
       - name: build gui
         run: |
+          sudo apt-get update
           sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev
           go build -tags=gui -ldflags="-X 'main.version=${NETMAKER_VERSION}'" -o build/netclient-gui .
 

.github/workflows/publish-docker.yml

@@ -13,7 +13,7 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - 
+      -
         name: Set tag
         run: |
             if [[ -n "${{ github.event.inputs.tag }}" ]]; then
@@ -24,16 +24,16 @@ jobs:
               TAG="${{ github.ref_name }}"
             fi
             echo "TAG=${TAG}" >> $GITHUB_ENV
-      - 
+      -
         name: Checkout
         uses: actions/checkout@v3
-      - 
+      -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-      - 
+      -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      - 
+      -
         name: Login to DockerHub
         uses: docker/login-action@v2
         with:
@@ -52,27 +52,28 @@ jobs:
   docker-ee:
     runs-on: ubuntu-latest
     steps:
-      - 
+      -
         name: Set tag
         run: |
             if [[ -n "${{ github.event.inputs.tag }}" ]]; then
-              TAG=${{ github.event.inputs.tag }}
+               TAG=${{ github.event.inputs.tag }}
             elif [[ "${{ github.ref_name }}" == 'master' ]]; then
               TAG="latest"
             else
               TAG="${{ github.ref_name }}"
             fi
             echo "TAG=${TAG}" >> $GITHUB_ENV
-      - 
+      -
         name: Checkout
         uses: actions/checkout@v3
-      - 
+      -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-      - 
+      -
         name: Set up Docker Buildx
-        uses: docker/build-push-action@v3
-      - 
+        uses: docker/setup-buildx-action@v2
+      -
+
         name: Login to DockerHub
         uses: docker/login-action@v2
         with:
@@ -83,7 +84,10 @@ jobs:
         uses: docker/build-push-action@v3
         with:
           context: .
-          platforms: linux/amd64, linux/arm64, linux/arm/v7
+          platforms: linux/amd64, linux/arm64
           push: true
           tags: ${{ github.repository }}:${{ env.TAG }}-ee
-          build-args: version=${{ env.TAG }}, tags="-tags=ee"
+          build-args: |
+            version=${{ env.TAG }}
+            tags=ee
+

.github/workflows/publish-netclient-docker-userspace.yml

@@ -32,7 +32,7 @@ jobs:
         uses: docker/setup-qemu-action@v2
       - 
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
       - 
         name: Login to DockerHub
         uses: docker/login-action@v2

Dockerfile

@@ -7,9 +7,9 @@ COPY . .
 ENV GO111MODULE=auto
 
 RUN apk add git
-RUN GOOS=linux CGO_ENABLED=1 go build ${tags} -ldflags="-s -X 'main.version=${version}'" .
+RUN GOOS=linux CGO_ENABLED=1 go build -tags ${tags} -ldflags="-s -X 'main.version=${version}'" .
 # RUN go build -tags=ee . -o netmaker main.go
-FROM alpine:3.15.2
+FROM alpine:3.16.2
 
 # add a c lib
 RUN apk add gcompat iptables wireguard-tools

README.md

@@ -17,7 +17,7 @@
 
 <p align="center">
   <a href="https://github.com/gravitl/netmaker/releases">
-    <img src="https://img.shields.io/badge/Version-0.16.3-informational?style=flat-square" />
+    <img src="https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square" />
   </a>
   <a href="https://hub.docker.com/r/gravitl/netmaker/tags">
     <img src="https://img.shields.io/docker/pulls/gravitl/netmaker?label=downloads" />
@@ -52,10 +52,14 @@
 
 (For production-grade installations, visit the [Install Docs](https://netmaker.readthedocs.io/en/master/install.html).)  
 
-1. Get a cloud VM with Ubuntu 20.04 and a public IP.
-2. Open ports 443 and 51821-51830/udp on the VM firewall and in cloud security settings.
-3. Run the script: `wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | sudo bash`  
-3.a. (with custom domain + email): `wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | sudo bash -s -- -d mynetmaker.domain.com -e [email protected]`    
+1. Get a cloud VM with Ubuntu 22.04 and a public IP.
+2. Open ports 443, 80, and 51821-51830/udp on the VM firewall and in cloud security settings.
+3. (optional) Prepare DNS - Set a wildcard subdomain in your DNS for Netmaker, e.g. *.netmaker.example.com
+4. Run the script: 
+
+`sudo wget -qO /root/nm-quick-interactive.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/scripts/nm-quick-interactive.sh && sudo chmod +x /root/nm-quick-interactive.sh && sudo /root/nm-quick-interactive.sh`  
+
+This script gives you the option to deploy the Community or Enterprise version of Netmaker. If deploying Enterprise, you get a free account with a 50 node limit by default. It also gives you the option to use your own domain (recommended) or an auto-generated domain. 
 
 <p float="left" align="middle">
 <img src="https://raw.githubusercontent.com/gravitl/netmaker-docs/master/images/netmaker-github/readme.gif" />

compose/docker-compose.ee.yml

@@ -3,7 +3,7 @@ version: "3.4"
 services:
   netmaker:
     container_name: netmaker
-    image: gravitl/netmaker:v0.16.3-ee
+    image: gravitl/netmaker:v0.17.0-ee
     cap_add: 
       - NET_ADMIN
       - NET_RAW
@@ -45,17 +45,9 @@ services:
       MQ_ADMIN_PASSWORD: "REPLACE_MQ_ADMIN_PASSWORD"
     ports:
       - "51821-51830:51821-51830/udp"
-    expose:
-      - "8081"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.netmaker-api.entrypoints=websecure
-      - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-api.service=netmaker-api
-      - traefik.http.services.netmaker-api.loadbalancer.server.port=8081
   netmaker-ui:
     container_name: netmaker-ui
-    image: gravitl/netmaker-ui:v0.16.3
+    image: gravitl/netmaker-ui:v0.17.0
     depends_on:
       - netmaker
     links:
@@ -63,21 +55,17 @@ services:
     restart: always
     environment:
       BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"
-    expose:
-      - "80"
-    labels:
-      - traefik.enable=true
-      - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN
-      - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000
-      - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true
-      - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name
-      - traefik.http.routers.netmaker-ui.entrypoints=websecure
-      - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker
-      - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-ui.service=netmaker-ui
-      - traefik.http.services.netmaker-ui.loadbalancer.server.port=80
+  caddy:
+    image: caddy:2.6.2
+    container_name: caddy
+    restart: unless-stopped
+    volumes:
+      - /root/Caddyfile:/etc/caddy/Caddyfile
+      - caddy_data:/data
+      - caddy_conf:/config
+    ports:
+      - "80:80"
+      - "443:443"
   coredns:
     container_name: coredns
     image: coredns/coredns
@@ -87,29 +75,9 @@ services:
     restart: always
     volumes:
       - dnsconfig:/root/dnsconfig
-  traefik:
-    image: traefik:v2.6
-    container_name: traefik
-    command:
-      - "--certificatesresolvers.http.acme.email=YOUR_EMAIL"
-      - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"
-      - "--certificatesresolvers.http.acme.tlschallenge=true"
-      - "--entrypoints.websecure.address=:443"
-      - "--entrypoints.websecure.http.tls=true"
-      - "--entrypoints.websecure.http.tls.certResolver=http"
-      - "--log.level=INFO"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedByDefault=false"
-      - "--serverstransport.insecureskipverify=true"
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - traefik_certs:/letsencrypt
-    ports:
-      - "443:443"
   mq:
     container_name: mq
-    image: eclipse-mosquitto:2.0.11-openssl
+    image: eclipse-mosquitto:2.0.15-openssl
     depends_on:
       - netmaker
     restart: unless-stopped
@@ -121,50 +89,29 @@ services:
       - /root/wait.sh:/mosquitto/config/wait.sh
       - mosquitto_data:/mosquitto/data
       - mosquitto_logs:/mosquitto/log
-    expose:
-      - "8883"
-    labels:
-      - traefik.enable=true
-      - traefik.tcp.routers.mqtt.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
-      - traefik.tcp.routers.mqtt.tls.certresolver=http
-      - traefik.tcp.services.mqtt.loadbalancer.server.port=8883
-      - traefik.tcp.routers.mqtt.entrypoints=websecure
+    ports:
+      - "1883:1883"
+      - "8883:8883"
   prometheus:
     container_name: prometheus
     image: gravitl/netmaker-prometheus:latest
     environment:
       NETMAKER_METRICS_TARGET: "netmaker-exporter.NETMAKER_BASE_DOMAIN"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.prometheus.entrypoints=websecure
-      - traefik.http.routers.prometheus.rule=Host(`prometheus.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.services.prometheus.loadbalancer.server.port=9090
-      - traefik.http.routers.prometheus.service=prometheus
     restart: always
     volumes:
       - prometheus_data:/prometheus
     depends_on:
       - netmaker
-    ports:
-      - 9090:9090
   grafana:
     container_name: grafana
     image: gravitl/netmaker-grafana:latest
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.grafana.entrypoints=websecure
-      - traefik.http.routers.grafana.rule=Host(`grafana.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.services.grafana.loadbalancer.server.port=3000
-      - traefik.http.routers.grafana.service=grafana
     environment:
       PROMETHEUS_HOST: "prometheus.NETMAKER_BASE_DOMAIN"
       NETMAKER_METRICS_TARGET: "netmaker-exporter.NETMAKER_BASE_DOMAIN"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
     volumes:
       - grafana_data:/var/lib/grafana
-    ports:
-      - 3000:3000
     restart: always
     links:
       - prometheus
@@ -174,12 +121,6 @@ services:
   netmaker-exporter:
     container_name: netmaker-exporter
     image: gravitl/netmaker-exporter:latest
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.netmaker-exporter.entrypoints=websecure
-      - traefik.http.routers.netmaker-exporter.rule=Host(`netmaker-exporter.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.services.netmaker-exporter.loadbalancer.server.port=8085
-      - traefik.http.routers.netmaker-exporter.service=netmaker-exporter
     restart: always
     depends_on:
       - netmaker
@@ -192,10 +133,9 @@ services:
       API_PORT: "8085"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
       PROMETHEUS_HOST: https://prometheus.NETMAKER_BASE_DOMAIN
-    expose:
-      - "8085"
 volumes:
-  traefik_certs: {}
+  caddy_data: {}
+  caddy_conf: {}
   sqldata: {}
   dnsconfig: {}
   mosquitto_data: {}

compose/docker-compose.reference.yml

@@ -3,7 +3,7 @@ version: "3.4"
 services:
   netmaker: # The Primary Server for running Netmaker
     container_name: netmaker
-    image: gravitl/netmaker:v0.16.3
+    image: gravitl/netmaker:v0.17.0
     cap_add: 
       - NET_ADMIN
       - NET_RAW
@@ -52,17 +52,9 @@ services:
       OIDC_ISSUER: "" # https://oidc.yourprovider.com - URL of oidc provider
     ports:
       - "51821-51830:51821-51830/udp" # wireguard ports
-    expose:
-      - "8081" # api port
-    labels: # only for use with traefik proxy (default)
-      - traefik.enable=true
-      - traefik.http.routers.netmaker-api.entrypoints=websecure
-      - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-api.service=netmaker-api
-      - traefik.http.services.netmaker-api.loadbalancer.server.port=8081
   netmaker-ui:  # The Netmaker UI Component
     container_name: netmaker-ui
-    image: gravitl/netmaker-ui:v0.16.3
+    image: gravitl/netmaker-ui:v0.17.0
     depends_on:
       - netmaker
     links:
@@ -70,21 +62,17 @@ services:
     restart: always
     environment:
       BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN" # URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT
-    expose:
-      - "80"
-    labels:
-      - traefik.enable=true
-      - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN
-      - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000
-      - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true
-      - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name
-      - traefik.http.routers.netmaker-ui.entrypoints=websecure
-      - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker
-      - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-ui.service=netmaker-ui
-      - traefik.http.services.netmaker-ui.loadbalancer.server.port=80
+  caddy: # The reverse proxy that manages traffic for Netmaker
+    image: caddy:2.6.2
+    container_name: caddy
+    restart: unless-stopped
+    volumes:
+      - /root/Caddyfile:/etc/caddy/Caddyfile # Config file for Caddy
+      - caddy_data:/data
+      - caddy_conf:/config
+    ports:
+      - "80:80"
+      - "443:443"
   coredns: # The DNS Server. CoreDNS can be removed unless doing special advanced use cases
     container_name: coredns
     image: coredns/coredns
@@ -94,29 +82,9 @@ services:
     restart: always
     volumes:
       - dnsconfig:/root/dnsconfig
-  traefik: # the default proxy - can be replaced with caddy or nginx, but requires careful configuration
-    image: traefik:v2.6
-    container_name: traefik
-    command:
-      - "--certificatesresolvers.http.acme.email=YOUR_EMAIL"
-      - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"
-      - "--certificatesresolvers.http.acme.tlschallenge=true"
-      - "--entrypoints.websecure.address=:443"
-      - "--entrypoints.websecure.http.tls=true"
-      - "--entrypoints.websecure.http.tls.certResolver=http"
-      - "--log.level=INFO"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedByDefault=false"
-      - "--serverstransport.insecureskipverify=true"
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - traefik_certs:/letsencrypt
-    ports:
-      - "443:443"
   mq: # the MQTT broker for netmaker
     container_name: mq
-    image: eclipse-mosquitto:2.0.11-openssl
+    image: eclipse-mosquitto:2.0.15-openssl
     depends_on:
       - netmaker
     restart: unless-stopped
@@ -125,17 +93,12 @@ services:
       - mosquitto_data:/mosquitto/data
       - mosquitto_logs:/mosquitto/log
       - shared_certs:/mosquitto/certs
-    expose:
-      - "8883"
-    labels:
-      - traefik.enable=true
-      - traefik.tcp.routers.mqtts.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
-      - traefik.tcp.routers.mqtts.tls.passthrough=true
-      - traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883
-      - traefik.tcp.routers.mqtts.service=mqtts-svc
-      - traefik.tcp.routers.mqtts.entrypoints=websecure
+    ports:
+      - "1883:1883"
+      - "8883:8883"
 volumes:
-  traefik_certs: {} # ssl certificates - auto generated
+  caddy_data: {} # runtime data for caddy
+  caddy_conf: {} # configuration file for Caddy
   shared_certs: {} # netmaker certs generated for MQ comms - used by nodes/servers
   sqldata: {} # storage for embedded sqlite
   dnsconfig: {} # storage for coredns

compose/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.4"
 services:
   netmaker:
     container_name: netmaker
-    image: gravitl/netmaker:v0.16.3
+    image: gravitl/netmaker:v0.17.0
     cap_add: 
       - NET_ADMIN
       - NET_RAW
@@ -42,17 +42,9 @@ services:
       MQ_ADMIN_PASSWORD: "REPLACE_MQ_ADMIN_PASSWORD"
     ports:
       - "51821-51830:51821-51830/udp"
-    expose:
-      - "8081"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.netmaker-api.entrypoints=websecure
-      - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-api.service=netmaker-api
-      - traefik.http.services.netmaker-api.loadbalancer.server.port=8081
   netmaker-ui:
     container_name: netmaker-ui
-    image: gravitl/netmaker-ui:v0.16.3
+    image: gravitl/netmaker-ui:v0.17.0
     depends_on:
       - netmaker
     links:
@@ -60,21 +52,17 @@ services:
     restart: always
     environment:
       BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"
-    expose:
-      - "80"
-    labels:
-      - traefik.enable=true
-      - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN
-      - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000
-      - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true
-      - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none
-      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name
-      - traefik.http.routers.netmaker-ui.entrypoints=websecure
-      - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker
-      - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`)
-      - traefik.http.routers.netmaker-ui.service=netmaker-ui
-      - traefik.http.services.netmaker-ui.loadbalancer.server.port=80
+  caddy:
+    image: caddy:2.6.2
+    container_name: caddy
+    restart: unless-stopped
+    volumes:
+      - /root/Caddyfile:/etc/caddy/Caddyfile
+      - caddy_data:/data
+      - caddy_conf:/config
+    ports:
+      - "80:80"
+      - "443:443"
   coredns:
     container_name: coredns
     image: coredns/coredns
@@ -84,29 +72,9 @@ services:
     restart: always
     volumes:
       - dnsconfig:/root/dnsconfig
-  traefik:
-    image: traefik:v2.6
-    container_name: traefik
-    command:
-      - "--certificatesresolvers.http.acme.email=YOUR_EMAIL"
-      - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"
-      - "--certificatesresolvers.http.acme.tlschallenge=true"
-      - "--entrypoints.websecure.address=:443"
-      - "--entrypoints.websecure.http.tls=true"
-      - "--entrypoints.websecure.http.tls.certResolver=http"
-      - "--log.level=INFO"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedByDefault=false"
-      - "--serverstransport.insecureskipverify=true"
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - traefik_certs:/letsencrypt
-    ports:
-      - "443:443"
   mq:
     container_name: mq
-    image: eclipse-mosquitto:2.0.11-openssl
+    image: eclipse-mosquitto:2.0.15-openssl
     depends_on:
       - netmaker
     restart: unless-stopped
@@ -118,17 +86,13 @@ services:
       - /root/wait.sh:/mosquitto/config/wait.sh
       - mosquitto_data:/mosquitto/data
       - mosquitto_logs:/mosquitto/log
-    expose:
-      - "8883"
-    labels:
-      - traefik.enable=true
-      - traefik.tcp.routers.mqtt.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
-      - traefik.tcp.routers.mqtt.tls.certresolver=http
-      - traefik.tcp.services.mqtt.loadbalancer.server.port=8883
-      - traefik.tcp.routers.mqtt.entrypoints=websecure
+    ports:
+      - "1883:1883"
+      - "8883:8883"
 volumes:
-  traefik_certs: {}
+  caddy_data: {}
+  caddy_conf: {}
   sqldata: {}
   dnsconfig: {}
   mosquitto_data: {}
-  mosquitto_logs: {}
+  mosquitto_logs: {}

controllers/controller.go

@@ -27,8 +27,6 @@ var HttpHandlers = []interface{}{
 	extClientHandlers,
 	ipHandlers,
 	loggerHandlers,
-	userGroupsHandlers,
-	networkUsersHandlers,
 }
 
 // HandleRESTRequests - handles the rest requests

controllers/docs.go

@@ -10,7 +10,7 @@
 //
 //	Schemes: https
 //	BasePath: /
-//	Version: 0.16.3
+//	Version: 0.17.0
 //	Host: netmaker.io
 //
 //	Consumes:

controllers/network_test.go

@@ -309,7 +309,7 @@ func TestIpv6Network(t *testing.T) {
 	nodeErr := logic.CreateNode(&node1)
 	t.Run("Test node on network IPv6", func(t *testing.T) {
 		assert.Nil(t, nodeErr)
-		assert.Equal(t, "fde6:be04:fa5e:d076::", node1.Address6)
+		assert.Equal(t, "fde6:be04:fa5e:d076::1", node1.Address6)
 	})
 }
 

docker/Caddyfile

@@ -28,3 +28,8 @@ https://dashboard.NETMAKER_BASE_DOMAIN {
 https://api.NETMAKER_BASE_DOMAIN {
         reverse_proxy http://netmaker:8081
 }
+
+# MQ
+wss://broker.NETMAKER_BASE_DOMAIN {
+        reverse_proxy ws://mq:8883
+}

docker/Caddyfile-EE

@@ -0,0 +1,50 @@
+{
+        # LetsEncrypt account
+        email YOUR_EMAIL
+}
+
+# Dashboard
+https://dashboard.NETMAKER_BASE_DOMAIN {
+        # Apply basic security headers
+        header {
+                # Enable cross origin access to *.NETMAKER_BASE_DOMAIN
+                Access-Control-Allow-Origin *.NETMAKER_BASE_DOMAIN
+                # Enable HTTP Strict Transport Security (HSTS)
+                Strict-Transport-Security "max-age=31536000;"
+                # Enable cross-site filter (XSS) and tell browser to block detected attacks
+                X-XSS-Protection "1; mode=block"
+                # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
+                X-Frame-Options "SAMEORIGIN"
+                # Prevent search engines from indexing
+                X-Robots-Tag "none"
+                # Remove the server name
+                -Server
+        }
+
+        reverse_proxy http://netmaker-ui
+}
+
+# Netmaker Exporter
+https://netmaker-exporter.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://netmaker-exporter:8085
+}
+
+# Prometheus
+https://prometheus.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://prometheus:9090
+}
+
+# Grafana
+https://grafana.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://grafana:3000
+}
+
+# API
+https://api.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://netmaker:8081
+}
+
+# MQ
+wss://broker.NETMAKER_BASE_DOMAIN {
+        reverse_proxy ws://mq:8883
+}

docker/Dockerfile-go-builder

@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine3.16
+FROM golang:1.19-alpine3.16 
 ARG version 
 RUN apk add build-base
 WORKDIR /app

docker/Dockerfile-netclient-doks

@@ -3,7 +3,7 @@ FROM debian:buster as builder
 
 RUN apt update -y && apt install -y wget bash gcc musl-dev openssl golang git build-essential libmnl-dev iptables
 
-RUN wget -O go.tgz https://go.dev/dl/go1.18.linux-amd64.tar.gz
+RUN wget -O go.tgz https://go.dev/dl/go1.19.linux-amd64.tar.gz
 
 RUN tar -C /usr/local -xzf go.tgz
 

docker/Dockerfile-netclient-doks-uspace

@@ -3,7 +3,7 @@ FROM debian:buster as builder
 
 RUN apt update -y && apt install -y wget bash gcc musl-dev openssl golang git build-essential libmnl-dev iptables
 
-RUN wget -O go.tgz https://go.dev/dl/go1.18.linux-amd64.tar.gz
+RUN wget -O go.tgz https://go.dev/dl/go1.19.linux-amd64.tar.gz
 
 RUN tar -C /usr/local -xzf go.tgz
 

docker/Dockerfile-netclient-multiarch

@@ -9,7 +9,7 @@ ENV GO111MODULE=auto
 
 RUN GOOS=linux CGO_ENABLED=0 /usr/local/go/bin/go build -ldflags="-X 'main.version=${version}'" -o netclient-app netclient/main.go
 
-FROM alpine:3.15.2
+FROM alpine:3.16.2
 
 WORKDIR /root/
 

docker/Dockerfile-netclient-multiarch-userspace

@@ -24,7 +24,7 @@ RUN git clone https://git.zx2c4.com/wireguard-tools && \
     make && \
     make install
 
-FROM alpine:3.13.6
+FROM alpine:3.16.2
 
 WORKDIR /root/
 

docker/mosquitto.conf

@@ -1,8 +1,10 @@
 per_listener_settings false
 listener 8883
+protocol websockets
 allow_anonymous false
 
 listener 1883
+protocol websockets
 allow_anonymous false
 
 plugin /usr/lib/mosquitto_dynamic_security.so

controllers/networkusers.go → ee/ee_controllers/networkusers.go

@@ -1,4 +1,4 @@
-package controller
+package ee_controllers
 
 import (
 	"encoding/json"
@@ -14,7 +14,7 @@ import (
 	"github.com/gravitl/netmaker/models/promodels"
 )
 
-func networkUsersHandlers(r *mux.Router) {
+func NetworkUsersHandlers(r *mux.Router) {
 	r.HandleFunc("/api/networkusers", logic.SecurityCheck(true, http.HandlerFunc(getAllNetworkUsers))).Methods("GET")
 	r.HandleFunc("/api/networkusers/{network}", logic.SecurityCheck(true, http.HandlerFunc(getNetworkUsers))).Methods("GET")
 	r.HandleFunc("/api/networkusers/{network}/{networkuser}", logic.SecurityCheck(true, http.HandlerFunc(getNetworkUser))).Methods("GET")

controllers/usergroups.go → ee/ee_controllers/usergroups.go

@@ -1,4 +1,4 @@
-package controller
+package ee_controllers
 
 import (
 	"encoding/json"
@@ -13,7 +13,7 @@ import (
 	"github.com/gravitl/netmaker/models/promodels"
 )
 
-func userGroupsHandlers(r *mux.Router) {
+func UserGroupsHandlers(r *mux.Router) {
 	r.HandleFunc("/api/usergroups", logic.SecurityCheck(true, http.HandlerFunc(getUserGroups))).Methods("GET")
 	r.HandleFunc("/api/usergroups/{usergroup}", logic.SecurityCheck(true, http.HandlerFunc(createUserGroup))).Methods("POST")
 	r.HandleFunc("/api/usergroups/{usergroup}", logic.SecurityCheck(true, http.HandlerFunc(deleteUserGroup))).Methods("DELETE")

ee/initialize.go

@@ -17,7 +17,12 @@ import (
 func InitEE() {
 	setIsEnterprise()
 	models.SetLogo(retrieveEELogo())
-	controller.HttpHandlers = append(controller.HttpHandlers, ee_controllers.MetricHandlers)
+	controller.HttpHandlers = append(
+		controller.HttpHandlers,
+		ee_controllers.MetricHandlers,
+		ee_controllers.NetworkUsersHandlers,
+		ee_controllers.UserGroupsHandlers,
+	)
 	logic.EnterpriseCheckFuncs = append(logic.EnterpriseCheckFuncs, func() {
 		// == License Handling ==
 		ValidateLicense()

ee/license.go

@@ -8,7 +8,7 @@ import (
 	"crypto/rand"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"math"
 	"net/http"
 
@@ -200,7 +200,7 @@ func validateLicenseKey(encryptedData []byte, publicKey *[32]byte) ([]byte, erro
 			return nil, fmt.Errorf("could not validate license")
 		} // if you received a 200 cache the response locally
 
-		body, err = ioutil.ReadAll(validateResponse.Body)
+		body, err = io.ReadAll(validateResponse.Body)
 		if err != nil {
 			return nil, err
 		}

go.mod

@@ -1,6 +1,6 @@
 module github.com/gravitl/netmaker
 
-go 1.18
+go 1.19
 
 require (
 	github.com/eclipse/paho.mqtt.golang v1.4.2
@@ -15,7 +15,7 @@ require (
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/stretchr/testify v1.8.1
 	github.com/txn2/txeh v1.3.0
-	github.com/urfave/cli/v2 v2.23.4
+	github.com/urfave/cli/v2 v2.23.5
 	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
 	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
@@ -30,7 +30,7 @@ require (
 
 require (
 	filippo.io/edwards25519 v1.0.0
-	fyne.io/fyne/v2 v2.2.3
+	fyne.io/fyne/v2 v2.2.4
 	github.com/c-robinson/iplib v1.0.3
 	github.com/cloverstd/tcping v0.1.1
 	github.com/go-ping/ping v1.1.0

go.sum

@@ -61,8 +61,8 @@ cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
 filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
-fyne.io/fyne/v2 v2.2.3 h1:Umi3vVVW8XnWWPJmMkhIWQOMU/jxB1OqpWVUmjhODD0=
-fyne.io/fyne/v2 v2.2.3/go.mod h1:MBoGuHzLLSXdQOWFAwWhIhYTEMp33zqtGCReSWhaQTA=
+fyne.io/fyne/v2 v2.2.4 h1:izyiDUjJYAB7B/MST7M9GDs+mQ0CwDgRZTiVJZQoEe4=
+fyne.io/fyne/v2 v2.2.4/go.mod h1:MBoGuHzLLSXdQOWFAwWhIhYTEMp33zqtGCReSWhaQTA=
 fyne.io/systray v1.10.1-0.20220621085403-9a2652634e93 h1:V2IC9t0Zj9Ur6qDbfhUuzVmIvXKFyxZXRJyigUvovs4=
 fyne.io/systray v1.10.1-0.20220621085403-9a2652634e93/go.mod h1:oM2AQqGJ1AMo4nNqZFYU8xYygSBZkW2hmdJ7n4yjedE=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
@@ -461,8 +461,8 @@ github.com/txn2/txeh v1.3.0/go.mod h1:O7M6gUTPeMF+vsa4c4Ipx3JDkOYrruB1Wry8QRsMcw
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.4.0/go.mod h1:NX9W0zmTvedE5oDoOMs2RTC8RvdK98NTYZE5LbaEYPg=
-github.com/urfave/cli/v2 v2.23.4 h1:gcaHwki8kGX6lfp2zz7irxu7eZkcIl1Xapt6XW0Ynqc=
-github.com/urfave/cli/v2 v2.23.4/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI=
+github.com/urfave/cli/v2 v2.23.5 h1:xbrU7tAYviSpqeR3X4nEFWUdB/uDZ6DE+HxmRU7Xtyw=
+github.com/urfave/cli/v2 v2.23.5/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=

k8s/client/netclient-daemonset.yaml

@@ -16,7 +16,7 @@ spec:
       hostNetwork: true
       containers:
       - name: netclient
-        image: gravitl/netclient:v0.16.3
+        image: gravitl/netclient:v0.17.0
         env:
         - name: TOKEN
           value: "TOKEN_VALUE"

k8s/client/netclient.yaml

@@ -28,7 +28,7 @@ spec:
       #           - "<node label value>"
       containers:
       - name: netclient
-        image: gravitl/netclient:v0.16.3
+        image: gravitl/netclient:v0.17.0
         env:
         - name: TOKEN
           value: "TOKEN_VALUE"

k8s/server/netmaker-server.yaml

@@ -83,7 +83,7 @@ spec:
           value: "Kubernetes"
         - name: VERBOSITY
           value: "3"
-        image: gravitl/netmaker:v0.16.3
+        image: gravitl/netmaker:v0.17.0
         imagePullPolicy: Always
         name: netmaker
         ports:

k8s/server/netmaker-ui.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
       - name: netmaker-ui
-        image: gravitl/netmaker-ui:v0.16.3
+        image: gravitl/netmaker-ui:v0.17.0
         ports:
         - containerPort: 443
         env:

logic/networks.go

@@ -267,14 +267,16 @@ func UniqueAddress6(networkName string, reverse bool) (string, error) {
 		return "666", err
 	}
 	net6 := iplib.Net6FromStr(network.AddressRange6)
-	newAddrs := net6.FirstAddress()
 
+	newAddrs, err := net6.NextIP(net6.FirstAddress())
 	if reverse {
-		newAddrs = net6.LastAddress()
+		newAddrs, err = net6.PreviousIP(net6.LastAddress())
+	}
+	if err != nil {
+		return "", err
 	}
 
 	for {
-
 		if IsIPUnique(networkName, newAddrs.String(), database.NODES_TABLE_NAME, true) &&
 			IsIPUnique(networkName, newAddrs.String(), database.EXT_CLIENT_TABLE_NAME, true) {
 			return newAddrs.String(), nil

logic/zombie.go

@@ -63,7 +63,7 @@ func ManageZombies(ctx context.Context) {
 				logger.Log(3, "no zombies found")
 			}
 		case <-time.After(time.Second * ZOMBIE_TIMEOUT):
-			logger.Log(0, "checking for zombie nodes")
+			logger.Log(3, "checking for zombie nodes")
 			if len(zombies) > 0 {
 				for i := len(zombies) - 1; i >= 0; i-- {
 					node, err := GetNodeByID(zombies[i])

main.go

@@ -67,7 +67,7 @@ func initialize() { // Client Mode Prereq Check
 	}
 
 	if err = database.InitializeDatabase(); err != nil {
-		logger.FatalLog("Error connecting to database")
+		logger.FatalLog("Error connecting to database: ", err.Error())
 	}
 	logger.Log(0, "database successfully connected")
 	if err = logic.AddServerIDIfNotPresent(); err != nil {

netclient/bin-maker.sh

@@ -19,11 +19,15 @@ function build
     if [ "$_goarch" == "arm" ] && [ "$_goarm" == "" ]; then
 	    build $_goarch $_goose 5 && build $_goarch $_goose 6 && build $_goarch $_goose 7
     else
-        echo $_out
-        if [ "$_goarch" == "mips" ]; then
-            # If the binary created through `GOMIPS=softfloat GOARCH=mipsle` is not compatible with your hardware, try changing these variables and creating a binary file compatible with your hardware.
-            GOARM=$_goarm GOMIPS=softfloat GOARCH=mipsle GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out
+        
+        if [[ $_goarch == mips* ]]; then
+            #At present GOMIPS64 based binaries are not generated through this script, more details about GOMIPS environment variables in https://go.dev/doc/asm#mips .
+            echo $_out-softfloat
+            GOARM=$_goarm GOMIPS=softfloat GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out-softfloat
+            echo $_out
+            GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out
         else
+            echo $_out
             GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out
         fi
     fi
@@ -36,4 +40,3 @@ for arch in ${__freebsd[*]}; do build "$arch" "freebsd"; done
 for arch in ${__darwin[*]}; do build "$arch" "darwin"; done
 
 for arch in ${__windows[*]}; do build "$arch" "windows"; done
-

netclient/functions/daemon.go

@@ -212,7 +212,7 @@ func setupMQTTSingleton(cfg *config.ClientConfig) error {
 	if err != nil {
 		return fmt.Errorf("could not read secrets file %w", err)
 	}
-	opts.AddBroker("mqtts://" + server + ":" + port)
+	opts.AddBroker("wss://" + server + ":" + port)
 	opts.SetUsername(cfg.Node.ID)
 	opts.SetPassword(string(pass))
 	mqclient = mqtt.NewClient(opts)
@@ -239,7 +239,7 @@ func setupMQTT(cfg *config.ClientConfig) error {
 	if err != nil {
 		return fmt.Errorf("could not read secrets file %w", err)
 	}
-	opts.AddBroker(fmt.Sprintf("mqtts://%s:%s", server, port))
+	opts.AddBroker(fmt.Sprintf("wss://%s:%s", server, port))
 	opts.SetUsername(cfg.Node.ID)
 	opts.SetPassword(string(pass))
 	opts.SetClientID(ncutils.MakeRandomString(23))

netclient/netclient.exe.manifest.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
     <assemblyIdentity
-            version="0.16.3.0"
+            version="0.17.0.0"
             processorArchitecture="*"
             name="netclient.exe"
             type="win32"

netclient/versioninfo.json

@@ -2,14 +2,14 @@
     "FixedFileInfo": {
         "FileVersion": {
             "Major": 0,
-            "Minor": 16,
-            "Patch": 3,
+            "Minor": 17,
+            "Patch": 0,
             "Build": 0
         },
         "ProductVersion": {
             "Major": 0,
-            "Minor": 16,
-            "Patch": 3,
+            "Minor": 17,
+            "Patch": 0,
             "Build": 0
         },
         "FileFlagsMask": "3f",
@@ -29,7 +29,7 @@
         "OriginalFilename": "",
         "PrivateBuild": "",
         "ProductName": "Netclient",
-        "ProductVersion": "v0.16.3.0",
+        "ProductVersion": "v0.17.0.0",
         "SpecialBuild": ""
     },
     "VarFileInfo": {

scripts/netclient-install.sh

@@ -151,8 +151,15 @@ case $(uname | tr A-Z a-z) in
 			mipsle)
                 dist=netclient-mipsle
 			;;
-			mips*)
-                dist=netclient-$CPU_ARCH
+			mips)
+			    #If binary in the below condition is not compatible with your hardware, retry with other netclient-mips* binaries.
+				if [[ `printf '\0\1' | hexdump -e '/2 "%04x"'` -eq 0100 ]]; then
+					#Little Endian, tested and confirmed in GL-MT1300 OS "OpenWrt 19.07.8"
+					dist=netclient-mipsle-softfloat
+				else
+					#Big Endian, tested and confirmed in DSL-2750U OS "OpenWrt 22.03.2"
+					dist=netclient-mips-softfloat
+				fi
 			;;
 			*)
 				fatal "$CPU_ARCH : cpu architecture not supported"

scripts/nm-quick-interactive.sh

@@ -17,6 +17,11 @@ cat << "EOF"
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 EOF
 
+if [ $(id -u) -ne 0 ]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
 if [ -z "$1" ]; then
 	echo "-----------------------------------------------------"
 	echo "Would you like to install Netmaker Community Edition (CE), or Netmaker Enterprise Edition (EE)?"
@@ -61,17 +66,12 @@ confirm() {(
       read -p 'Does everything look right? [y/n]: ' yn
       case $yn in
           [Yy]* ) override="true"; break;;
-          [Nn]* ) echo "exiting..."; exit;;
+          [Nn]* ) echo "exiting..."; exit 1;;
           * ) echo "Please answer yes or no.";;
       esac
   done
 )}
 
-if [ $(id -u) -ne 0 ]; then
-   echo "This script must be run as root"
-   exit 1
-fi
-
 echo "checking dependencies..."
 
 OS=$(uname)
@@ -124,6 +124,9 @@ if [ -z "${install_cmd}" ]; then
 fi
 
 set -- $dependencies
+
+${update_cmd}
+
 while [ -n "$1" ]; do
 	if [ "${OS}" = "FreeBSD" ]; then
 		is_installed=$(pkg check -d $1 | grep "Checking" | grep "done")
@@ -186,7 +189,6 @@ COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
 SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
 MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
 MQ_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
-EMAIL="$(echo $RANDOM | md5sum  | head -c 16)@email.com"
 DOMAIN_TYPE=""
 
 echo "-----------------------------------------------------"
@@ -254,10 +256,16 @@ if [ "$INSTALL_TYPE" = "ee" ]; then
 
 fi
 
-unset EMAIL
-while [ -z ${EMAIL} ]; do
-     read -p "Email Address (for LetsEncrypt): " EMAIL
-done
+unset GET_EMAIL
+unset RAND_EMAIL
+RAND_EMAIL="$(echo $RANDOM | md5sum  | head -c 16)@email.com"
+read -p "Email Address for Domain Registration (click 'enter' to use $RAND_EMAIL): " GET_EMAIL
+if [ -z "$GET_EMAIL" ]; then
+  echo "using rand email"
+  EMAIL="$RAND_EMAIL"
+else
+  EMAIL="$GET_EMAIL"
+fi
 
 wait_seconds 2
 
@@ -287,20 +295,23 @@ wait_seconds 3
 echo "Pulling config files..."
 
 COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml" 
+CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile"
 if [ "$INSTALL_TYPE" = "ee" ]; then
 	COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml" 
+	CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile-EE"
 fi
 
-wget -O docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/develop/docker/wait.sh && chmod +x wait.sh
+wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -O /root/Caddyfile $CADDY_URL && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh && chmod +x /root/wait.sh
 
 mkdir -p /etc/netmaker
 
-echo "Setting docker-compose..."
+echo "Setting docker-compose and Caddyfile..."
 
-sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
 sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
+sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile
+sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
 sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
-sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml
+sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
 sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml 
 if [ "$INSTALL_TYPE" = "ee" ]; then
 	sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml 
@@ -314,13 +325,13 @@ sleep 2
 
 test_connection() {
 
-echo "Testing Traefik setup (please be patient, this may take 1-2 minutes)"
+echo "Testing Caddy setup (please be patient, this may take 1-2 minutes)"
 for i in 1 2 3 4 5 6
 do
 curlresponse=$(curl -vIs https://api.${NETMAKER_BASE_DOMAIN} 2>&1)
 
 if [[ "$i" == 6 ]]; then
-  echo "    Traefik is having an issue setting up certificates, please investigate (docker logs traefik)"
+  echo "    Caddy is having an issue setting up certificates, please investigate (docker logs caddy)"
   echo "    Exiting..."
   exit 1
 elif [[ "$curlresponse" == *"failed to verify the legitimacy of the server"* ]]; then
@@ -357,12 +368,22 @@ wait_seconds 3
 
 echo "Configuring netmaker server as ingress gateway"
 
-
-while [ -z "$SERVER_ID" ]; do
-	echo "waiting for server node to become available"
-	wait_seconds 2
+for i in 1 2 3 4 5 6
+do
+	echo "    waiting for server node to become available"
+	wait_seconds 5
 	curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker)
 	SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
+	if [[ "$i" == 6 && -z "$SERVER_ID" ]]; then
+		echo "    Netmaker is having issues configuring itself, please investigate (docker logs netmaker)"
+		echo "    Exiting..."
+		exit 1
+	elif [ -z "$SERVER_ID" ]; then
+		echo "    server node not yet configured, retrying..."
+	else
+		echo "    server node is now availble, continuing"
+		break
+	fi
 done
 
 curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker/$SERVER_ID/createingress

scripts/nm-quick.sh

@@ -128,6 +128,7 @@ sleep 5
 echo "setting mosquitto.conf..."
 
 wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf
+wget -q -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile
 wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh
 chmod +x /root/wait.sh
 echo "setting docker-compose..."
@@ -136,10 +137,11 @@ mkdir -p /etc/netmaker
 
 wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml
 sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
+sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile
 sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
 sed -i "s/COREDNS_IP/$COREDNS_IP/g" /root/docker-compose.yml
 sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
-sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml
+sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
 sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_ADMIN_PASSWORD/g" /root/docker-compose.yml
 echo "starting containers..."
 

servercfg/serverconf.go

@@ -235,7 +235,12 @@ func GetMessageQueueEndpoint() (string, bool) {
 	} else if config.Config.Server.MQHOST != "" {
 		host = config.Config.Server.MQHOST
 	}
-	secure := strings.Contains(host, "mqtts") || strings.Contains(host, "ssl")
+	secure := strings.Contains(host, "wss") || strings.Contains(host, "ssl")
+	if secure {
+		host = "wss://" + host
+	} else {
+		host = "ws://" + host
+	}
 	return host + ":" + GetMQServerPort(), secure
 }
 

swagger.yaml

@@ -746,7 +746,7 @@ info:
 
         API calls must be authenticated via a header of the format -H “Authorization: Bearer <YOUR_SECRET_KEY>” There are two methods to obtain YOUR_SECRET_KEY: 1. Using the masterkey. By default, this value is “secret key,” but you should change this on your instance and keep it secure. This value can be set via env var at startup or in a config file (config/environments/< env >.yaml). See the [Netmaker](https://docs.netmaker.org/index.html) documentation for more details. 2. Using a JWT received for a node. This can be retrieved by calling the /api/nodes/<network>/authenticate endpoint, as documented below.
     title: Netmaker
-    version: 0.16.3
+    version: 0.17.0
 paths:
     /api/dns:
         get: