How to Deploy a Connector with Docker Compose
Use Docker Compose to deploy your Connectors.
The Twingate Connector can easily be deployed using Docker Compose. There are a few optional parameters you can change and prerequisites to meet that are covered in this guide.
Prerequisites
- You will need to specify an Access Token and a Refresh Token for the Connector in your Docker Compose instructions. You can generate both tokens by following the instructions on how to deploy a Connector.
- You will need your Twingate tenant name (the
<name>
in the URL to your instance of the Admin Console:https://<name>.twingate.com
)
Docker Compose with mandatory parameters
You can use the following template and replace the <TENANT NAME>
, <ACCESS TOKEN>
and <REFRESH TOKEN>
with your own:
services: twingate-connector: image: twingate/connector:latest environment: - TWINGATE_NETWORK=<TENANT NAME> - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN> - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
Docker Compose with optional parameters
On top of the required parameters (see above), we recommend adding a few more parameters to your Docker Compose instructions. They are not mandatory but can help to provide a better experience:
<container_name>
: you can set this to the name of the Connector as it appears in your Admin Console<restart>
: this will ensure the container will restart if it crashes<TWINGATE_LOG_LEVEL>
: this will configure the Connector to generate detailed logs which is useful for troubleshooting. You can change the parameter value at your discretion (see Twingate Connector logs for more information).<TWINGATE_LOG_ANALYTICS>
: this will allow Connector Analytics logs (Network Events) to appear in the container logs<net.ipv4.ping_group_range>
: system setting for the base image that allows the proper handling of ICMP /ping
in case you intend to useping
for connectivity testing to Twingate Resources
services: twingate_connector: container_name: <CONNECTOR NAME> restart: always image: "twingate/connector:latest" environment: - TWINGATE_NETWORK=<TENANT NAME> - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN> - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN> - TWINGATE_LOG_ANALYTICS=v2 - TWINGATE_LOG_LEVEL=3 sysctls: net.ipv4.ping_group_range: "0 2147483647"
Docker Compose with log forwarding via syslog
You can also add a few more parameters to your Docker Compose instructions if you want to automatically forward the container logs to something like syslog:
services: twingate_connector: container_name: <CONNECTOR NAME> restart: always image: "twingate/connector:latest" environment: - TWINGATE_NETWORK=<TENANT NAME> - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN> - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN> - TWINGATE_LOG_ANALYTICS=v2 - TWINGATE_LOG_LEVEL=3 logging: driver: syslog options: syslog-address: "udp://<syslog server IP>:514" syslog-format: "rfc5424" syslog-facility: daemon tag: "<CONNECTOR NAME>"
Last updated 7 months ago