- fixed cert mounting

- fixed caddy restart in nm-certs.sh
- aligned all configs

compose/docker-compose-emqx.yml

@@ -50,8 +50,7 @@ services:
     restart: unless-stopped
     volumes:
       - /root/Caddyfile:/etc/caddy/Caddyfile
-      - /root/fullchain.pem:/root/fullchain.pem
-      - /root/privkey.pem:/root/privkey.pem
+      - /root/certs:/root/certs
       - caddy_data:/data
       - caddy_conf:/config
     ports:

compose/docker-compose.ee.yml

@@ -57,8 +57,7 @@ services:
     restart: unless-stopped
     volumes:
       - /root/Caddyfile:/etc/caddy/Caddyfile
-      - /root/fullchain.pem:/root/fullchain.pem
-      - /root/privkey.pem:/root/privkey.pem
+      - /root/certs:/root/certs
       - caddy_data:/data
       - caddy_conf:/config
     ports:
@@ -120,7 +119,9 @@ services:
     depends_on:
       - netmaker
     environment:
-      SERVER_BROKER_ENDPOINT: "ws://mq:1883"
+      MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
+      MQ_USERNAME: "REPLACE_MQ_USERNAME"
+      MQ_URL: "ws://mq:1883"
       BROKER_ENDPOINT: "wss://broker.NETMAKER_BASE_DOMAIN"
       PROMETHEUS: "on"
       VERBOSITY: "1"

compose/docker-compose.reference.yml

@@ -64,8 +64,7 @@ services:
     restart: unless-stopped
     volumes:
       - /root/Caddyfile:/etc/caddy/Caddyfile # Config file for Caddy
-      - /root/fullchain.pem:/root/fullchain.pem
-      - /root/privkey.pem:/root/privkey.pem
+      - /root/certs:/root/certs
       - caddy_data:/data
       - caddy_conf:/config
     ports:

compose/docker-compose.yml

@@ -56,8 +56,7 @@ services:
       - "host.docker.internal:host-gateway"
     volumes:
       - /root/Caddyfile:/etc/caddy/Caddyfile
-      - /root/fullchain.pem:/root/fullchain.pem
-      - /root/privkey.pem:/root/privkey.pem
+      - /root/certs:/root/certs
       - caddy_data:/data
       - caddy_conf:/config
     ports:

docker/Caddyfile

@@ -1,6 +1,6 @@
 # Dashboard
 https://dashboard.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	# Apply basic security headers
 	header {
 		# Enable cross origin access to *.NETMAKER_BASE_DOMAIN
@@ -22,30 +22,30 @@ https://dashboard.NETMAKER_BASE_DOMAIN {
 
 # API
 https://api.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy http://netmaker:8081
 }
 
 # STUN
 https://stun.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy netmaker:3478
 }
 
 # TURN
 https://turn.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy host.docker.internal:3479
 }
 
 # TURN API
 https://turnapi.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
     reverse_proxy http://host.docker.internal:8089
 }
 
 # MQ
 wss://broker.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy ws://mq:8883 # For EMQX websockets use `reverse_proxy ws://mq:8083`
 }

docker/Caddyfile-EE

@@ -1,6 +1,6 @@
 # Dashboard
 https://dashboard.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	# Apply basic security headers
 	header {
 		# Enable cross origin access to *.NETMAKER_BASE_DOMAIN
@@ -22,48 +22,48 @@ https://dashboard.NETMAKER_BASE_DOMAIN {
 
 # Netmaker Exporter
 https://netmaker-exporter.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy http://netmaker-exporter:8085
 }
 
 # Prometheus
 https://prometheus.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy http://prometheus:9090
 }
 
 # Grafana
 https://grafana.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy http://grafana:3000
 }
 
 # API
 https://api.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy http://netmaker:8081
 }
 
 # STUN
 https://stun.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy netmaker:3478
 }
 
 # TURN
 https://turn.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy host.docker.internal:3479
 }
 
 # TURN API
 https://turnapi.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy http://host.docker.internal:8089
 }
 
 # MQ
 wss://broker.NETMAKER_BASE_DOMAIN {
-	tls /root/fullchain.pem /root/privkey.pem
+	tls /root/certs/fullchain.pem /root/certs/privkey.pem
 	reverse_proxy ws://mq:8883
 }

scripts/nm-certs.sh

@@ -83,15 +83,16 @@ if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
 fi
 
 # copy for mounting
-cp -L "$CERT_DIR"/fullchain.pem /root/fullchain.pem
-cp -L "$CERT_DIR"/privkey.pem /root/privkey.pem
+mkdir -p certs
+cp -L "$CERT_DIR/fullchain.pem" /root/certs/fullchain.pem
+cp -L "$CERT_DIR/privkey.pem" /root/certs/privkey.pem
 
 echo "SSL certificates ready"
 
 # preserve the env state
 if [ "$RESTART_CADDY" = true ]; then
 	echo "Starting Caddy..."
-	docker-compose -f /root/docker-compose.yml start caddy
+	docker-compose -f /root/docker-compose.yml start caddy --force-recreate
 fi
 
 # install crontab

scripts/nm-quick.sh

@@ -640,6 +640,9 @@ install_netmaker() {
 		wget -qO /root/wait.sh "https://raw.githubusercontent.com/gravitl/netmaker/$BUILD_TAG/docker/wait.sh"
 	fi
 
+	# cleanup
+	docker stop netmaker-ui coredns mq turn caddy netmaker
+
 	chmod +x /root/wait.sh
 	mkdir -p /etc/netmaker
 
@@ -765,12 +768,12 @@ set -e
 # 6. get user input for variables
 set_install_vars
 
-# 7. get and set config files, startup docker-compose
-install_netmaker
-
 # Fetch / update certs using certbot
 "$SCRIPT_DIR"/nm-certs.sh
 
+# 7. get and set config files, startup docker-compose
+install_netmaker
+
 set +e
 
 # 8. make sure Caddy certs are working