managing twingate
additional resources

Deploy Connectors with Docker Compose

Use Docker Compose to deploy your Connectors.

The Twingate Connector can easily be deployed using Docker Compose. There are a few optional parameters you can change and prerequisites to meet that are covered in this guide.

Prerequisites

  • You will need to specify an Access Token and a Refresh Token for the Connector in your Docker Compose instructions. You can generate both tokens by following the instructions on how to deploy a Connector.
  • You will need your Twingate tenant name (the <name> in the URL to your instance of the Admin Console: https://<name>.twingate.com)

Docker Compose with mandatory parameters

You can use the following template and replace the <TENANT NAME>, <ACCESS TOKEN> and <REFRESH TOKEN> with your own:

services:
  twingate-connector:
    image: twingate/connector:latest
    environment:
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - TWINGATE_API_ENDPOINT=/connector.stock
      - TWINGATE_NETWORK=<TENANT NAME>
      - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
      - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>

Docker Compose with optional parameters

On top of the required parameters (see above), we recommend adding a few more parameters to your Docker Compose instructions. They are not mandatory but can help to provide a better experience:

  • <container_name>: you can set this to the name of the Connector as it appears in your Admin Console
  • <restart>: this will ensure the container will restart if it crashes
  • <TWINGATE_LOG_LEVEL>: this will configure the Connector to generate detailed logs which is useful for troubleshooting. You can change the parameter value at your discretion (see Twingate Connector logs for more information).
  • <net.ipv4.ping_group_range>: system setting for the base image that allows the proper handling of ICMP / ping in case you intend to use ping for connectivity testing to Twingate Resources
services:
  twingate_connector:
    container_name: <CONNECTOR NAME>
    restart: always
    image: "twingate/connector:latest"
    environment:
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - TWINGATE_API_ENDPOINT=/connector.stock
      - TWINGATE_NETWORK=<TENANT NAME>
      - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
      - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
      - TWINGATE_LOG_LEVEL=3
    sysctls:
      net.ipv4.ping_group_range: "0 2147483647"

Last updated 2 months ago