How to Deploy a Connector with Docker Compose

Use Docker Compose to deploy your Connectors.

The Twingate Connector can easily be deployed using Docker Compose. There are a few optional parameters you can change and prerequisites to meet that are covered in this guide.

Prerequisites

  • You will need to specify an Access Token and a Refresh Token for the Connector in your Docker Compose instructions. You can generate both tokens by following the instructions on how to deploy a Connector.
  • You will need your Twingate tenant name (the <name> in the URL to your instance of the Admin Console: https://<name>.twingate.com)

Docker Compose with mandatory parameters

You can use the following template and replace the <TENANT NAME>, <ACCESS TOKEN> and <REFRESH TOKEN> with your own:

services:
twingate-connector:
image: twingate/connector:latest
environment:
- TWINGATE_NETWORK=<TENANT NAME>
- TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
- TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>

Docker Compose with optional parameters

On top of the required parameters (see above), we recommend adding a few more parameters to your Docker Compose instructions. They are not mandatory but can help to provide a better experience:

  • <container_name>: you can set this to the name of the Connector as it appears in your Admin Console
  • <restart>: this will ensure the container will restart if it crashes
  • <TWINGATE_LOG_LEVEL>: this will configure the Connector to generate detailed logs which is useful for troubleshooting. You can change the parameter value at your discretion (see Twingate Connector logs for more information).
  • <TWINGATE_LOG_ANALYTICS>: this will allow Connector Analytics logs (Network Events) to appear in the container logs
  • <net.ipv4.ping_group_range>: system setting for the base image that allows the proper handling of ICMP / ping in case you intend to use ping for connectivity testing to Twingate Resources
services:
twingate_connector:
container_name: <CONNECTOR NAME>
restart: always
image: "twingate/connector:latest"
environment:
- TWINGATE_NETWORK=<TENANT NAME>
- TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
- TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
- TWINGATE_LOG_ANALYTICS=v2
- TWINGATE_LOG_LEVEL=3
sysctls:
net.ipv4.ping_group_range: "0 2147483647"

Docker Compose with log forwarding via syslog

You can also add a few more parameters to your Docker Compose instructions if you want to automatically forward the container logs to something like syslog:

services:
twingate_connector:
container_name: <CONNECTOR NAME>
restart: always
image: "twingate/connector:latest"
environment:
- TWINGATE_NETWORK=<TENANT NAME>
- TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
- TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
- TWINGATE_LOG_ANALYTICS=v2
- TWINGATE_LOG_LEVEL=3
logging:
driver: syslog
options:
syslog-address: "udp://<syslog server IP>:514"
syslog-format: "rfc5424"
syslog-facility: daemon
tag: "<CONNECTOR NAME>"

Last updated 7 months ago