defguard icon indicating copy to clipboard operation
defguard copied to clipboard
verified publisher icon DefGuard

Design: A setup wizzard for initial Defguard configuration

Open teon opened this issue 1 month ago • 0 comments

  • After the initial Defguard (core) deployment
  • OR migration if we detect previous version:

we need the following steps:

  • [ ] Welcome Screen
    • [ ] Marketing
    • [ ] Before you go ahead please read this docs...
  • [ ] Database configuration
    • [ ] Use database I have found in config
    • [ ] No config/Define new database config
      • [ ] URL: socket/IP:PORT
      • [ ] User
      • [ ] Password
      • [ ] Database name
      • [ ] NEXT->
      • [ ] Check if working.... if working propagate DB..
  • [ ] Create admin user: user, password, repeat password
  • [ ] Initial config
    • [ ] Defguard URL/Domain
  • [ ] Certificate Authority / Securing component communication
    • [ ] Create a certificate authority & automatically configure gw/proxy with own certificates
    • [ ] Use my own certificate authority - disclamer, depending on methods used to deploy GW/Proxy it can be challenging to propagate your own certificates and we encourage to use DG CA as all will be automated
  • [ ] Own certificate authority
    • [ ] Add CA certificate
    • [ ] If DEFGUARD_GRPC_CA is set - use this as default cert inform I have found previous CA configured in defguard you can use it and we will expect that GW&proxy uses the same CA.
  • [ ] Proxy/Enrollment Deployment
    • [ ] Inform how to deploy proxy
    • [ ] Links to documentation on various methods
    • [ ] Simple deployment: OVF + info on cloud init
    • [ ] If deployed go next and configure DG with proxy:
      • [ ] IP
      • [ ] PORT
    • [ ] Proxy deployment
      • [ ] Checking if is working
      • [ ] If DG CA: Creating certificates for proxy
      • [ ] If DG CA: Reestablishing secure communication
      • [ ] Checking proxy version
      • [ ] OK!
    • [ ] Proxy config
      • [ ] Public domain / URL
      • [ ] Defguard automatically validate if accessible: OK / ERROR
  • [ ] Add first VPN Location and configure GW?
    • [ ] NO: inform about REVERSE PROXY, or
    • [ ] Yes: Standard VPN location wizzard
    • [ ] Inform how to deploy GW
    • [ ] Links to documentation on various methods
    • [ ] Simple deployment: OVF + info on cloud init
    • [ ] If deployed go next and configure DG with GW:
      • [ ] IP
      • [ ] PORT
    • [ ] GW deployment
      • [ ] Checking if is working
      • [ ] If DG CA: Creating certificates for GW
      • [ ] If DG CA: Reestablishing secure communication
      • [ ] Checking GW version
      • [ ] OK!
      • [ ] Inform about REVERSE PROXY
  • [ ] Exit Screen: Inform go to settings to setup:
    • [ ] External SSO
    • [ ] AD/LDAP
    • [ ] Inne settings

teon avatar Nov 12 '25 16:11 teon