Right now, this is only tentative guide. Errata may exist. Please report errors on the gitter channel.
The OpenWISP docker images are created with customization in mind. You can simply change the environment variables to change the containers and trailer them to your needs.
docker-compose
: You can simply change the values in.env
file.kubernetes
: You need to createConfigMap
to change the environment variables. An example is present indeploy/examples/kubernetes/
directory.
Following are the options that can be changed. The list is divided in following sections:
- Essential: You need to change these values to get the containers working for your system.
- Security: You should change these values for security reasons.
- Enable Modules: Enable / Disable optional openwisp modules.
- Additional: You might want to look into these options before using images in production.
- OpenWISP: OpenWISP Module Configuration.
- Database: Database settings.
- InfluxDB: InfluxDB settings. (Used in OpenWISP-monitoring)
- Django: Additional django settings.
- Email: Email & postfix configurations.
- Cron: Settings of the periodic tasks.
- uWSGI: uWSGI configurations.
- Nginx: Nginx configurations.
- VPN: Default VPN and VPN template related configurations.
- X509: Default certificate & certicate Authority configuration options.
- Host: Want to change the host of a particular service? Like pointing all the containers to a different database service.
- Developer: DON'T change these values unless you know what you are doing.
- Export: Changing options for NFS container.
Additionally, you can search for the following:
OPENWISP_
: All the custom openwisp module's settings.DB_
: All the database settings.INFLUXDB_
: All the InfluxDB related settings specific settings.DJANGO_
: All the django settings.EMAIL__
: All the email settings. (Also seePOSTFIX_
)POSTFIX_
: All the postfix settings. (Also seeEMAIL_
)NGINX_
: All the nginx settings.DASHBOARD_
: All the OpenWISP dashboard specific settings.API_
: All the OpenWISP api specific settings.RADIUS_
: All the OpenWISP radius specific settings.TOPOLOGY_
: All the OpenWISP network topology specific settings.X509_
: All the configurations related to x509 CA and certificates.VPN_
: Default VPN and VPN template related configurations.CRON_
: Periodic tasks configurationsEXPORT_
: NFS Server related configurations
- Explaination: Domain on which you want to access OpenWISP dashboard.
- Valid Values: Domain
- Default: dashboard.example.com
- Explaination: Domain on which you want to access OpenWISP controller & topology API.
- Valid Values: Domain
- Default: api.example.com
- Explaination: Valid domain / IP address to reach the OpenVPN server.
- Valid Values: Domain | IP address
- Default: openvpn.example.com
- Explaination: It is the email address to use for various automated correspondence from the site manager(s).
- Valid Values: Email address
- Default: [email protected]
- Explaination: The name of the database to use.
- Valid Values: STRING
- Default: admin
- Explaination: The password to use when connecting to the database.
- Valid Values: STRING
- Default: admin
- Explaination: A random unique string that must be kept secret for security reasons. You can generate it with the command:
python build.py get-secret-key
at the root of the repository to get a key or make a random key yourself. - Valid Values: STRING
- Default: default_secret_key
- Explaination: Used validate a request's HTTP Host header. The default value
*
means all domains. It can be.mydomain.com
. For security allow only trusted domains, when left blank, it defaults to your dashboard's root domain. - Valid Values: List(Valid domain) | List(IP adress) | * | --BLANK--
- Default:
- Example: .openwisp.org,.example.org,www.example.com
- Explaination: Default IP address or subnet of your freeradius instance.
- Valid Values: List(IP adress) | Subnet
- Default: 172.18.0.0/16
- Example: 127.0.0.1,192.0.2.20,172.18.0.0/16
- Explaination: Use the openwisp-network-topology module.
- Valid Values: True | False
- Default: True
- Explaination: Use the openwisp-radius module.
- Valid Values: True | False
- Default: True
- Explaination: Use the openwisp-firmware-upgrader module.
- Valid Values: True | False
- Default: True
- Explaination: Use the openwisp-monitoring module.
- Valid Values: True | False
- Default: True
- Explaination: Sets the timezone for the OpenWISP containers.
- Valid Values: Find list of timezone database here.
- Default: UTC
- Explaination: Required by certbot. Email used for registration and recovery contact. Use comma to register multiple emails.
- Valid Values: Email address(s)
- Default: [email protected]
- Explaination: Flag to enable or disable HTTPs. If it is set to
Yes
, letsencrypt certificates are automatically fetched with the help of certbot and a cronjob to ensure they stay updated is added. If it is set toSelfSigned
, self-signed certificates are used and cronjob for the certificates is set. If set toNo
, site is accessiable via HTTP, if set ifEXTERNAL
, it tells HTTPs is used but managed by external tool like loadbalancer / provider. Setting this option asNo
is not recommended and might break some features, only do it when you know what you are doing. - Valid Values: External | Yes | SelfSigned | No
- Default: Yes
Any OpenWISP Configuration of type string
. int
, bool
or json
is supported and can be used as per the documentation in the module. If you want support for a setting that has a more complex datatype, please discuss in the support channel.
- Explaination: JSON of OpenWRT Images as documented in openwisp-firmware-image repository.
- Valid Values: JSON
- Default: None
- Example: [{"name": "Name1","label": "Label1","boards": ["TestA", "TestB"]}, {"name": "Name2","label": "Label2","boards": ["TestC", "TestD"]}]
- Explaination: The name of the database to use.
- Valid Values: STRING
- Default: openwisp_db
- Explaination: Django database engine compatible with GeoDjango, read more here.
- Valid Values: Valid name from list here.
- Default: django.contrib.gis.db.backends.postgis
- Explaination: Host to be used when connecting to the database.
localhost
or empty string are not allowed. - Valid Values: STRING | IP adress
- Default: postgres
- Explaination: The port to use when connecting to the database. Only valid port allowed.
- Valid Values: INTEGER
- Default: 5432
- Explaination: Postgresql SSLMode option.
- Valid Values: STRING
- Default: disable
- Explaination: Path inside container to valid client certificate.
- Valid Values: STRING
- Default: None
- Explaination: Path inside container to valid client private key.
- Valid Values: STRING
- Default: None
- Explaination: Path inside container to database server certificate.
- Valid Values: STRING
- Default: None
- Explaination: Additional database options to connect to the database. These options must be supported by your
DB_ENGINE
. - Valid Values: JSON
- Default: {}
- Explaination: Username of InfluxDB user.
- Valid Values: STRING
- Default: admin
- Explaination: Password for InfluxDB user.
- Valid Values: STRING
- Default: admin
- Explaination: Name of InfluxDB database.
- Valid Values: STRING
- Default: openwisp
- Explaination: Host to be used when connecting to the influxDB.
localhost
or empty string are not allowed. - Valid Values: STRING | IP adress
- Default: influxdb
- Explaination: Port on which InfluxDB is listening.
- Valid Values: INT
- Default: 8086
- Explaination: Validity of your x509 cert in days.
- Valid Values: INT
- Default: 1825
- Explaination: Validity of your x509 CA in days.
- Valid Values: INT
- Default: 3650
- Explaination: Hosts for which CORS is whitelisted. See here.
- Valid Values: List(Valid domain)
- Default: http://localhost
- Example: https://www.openwisp.org,openwisp.example.org
- Explaination: Language for your OpenWISP application.
- Valid Values: List of available options can be found here
- Default: en-gb
- Explaination: Sentry DSN. See here.
- Valid Values: Your DSN value provided by sentry.
- Example: https://[email protected]/example
- Default: --BLANK--
- Explaination: x-axis co-ordinate of the leaflet default center property. See here.
- Valid Values: FLOAT
- Example: 26.357896
- Default: 0
- Explaination: y-axis co-ordinate of the leaflet default center property. See here.
- Valid Values: FLOAT
- Example: 127.783809
- Default: 0
- Explaination: Default zoom for leaflet. See here.
- Valid Values: INT (1-16)
- Default: 1
- Explaination: Host on which daphne should listen for websocket connections.
- Valid Values: Domain | IP Address
- Default: 0.0.0.0
- Explaination: Whether the default celery task routes should be used by celery. Turn this off if you're defining custom task routing rules.
- Valid Values: True | False
- Default: True
- Explanation: Additional flags passed to the command that starts the celery worker for the "default" queue. It can be used to configure different attributes of the celery worker (e.g. autoscaling, concurrency, etc.). Refer to the celery worker documentation for more information on configurable properties.
- Valid Values: STRING
- Default:
--concurrency=1
- Explaination: Whether the dedicated worker for the celery "network" queue is enabled. Must be turned on unless there's another server running a worker for this queue.
- Valid Values: True | False
- Default: True
- Explanation: Additional flags passed to the command that starts the celery worker for the "network" queue. It can be used to configure different attributes of the celery worker (e.g. autoscaling, concurrency, etc.). Refer to the celery worker documentation for more information on configurable properties.
- Valid Values: STRING
- Default:
--concurrency=1
- Explaination: Whether the dedicated worker for the celery "firmware_upgrader" queue is enabled. Must be turned on unless there's another server running a worker for this queue.
- Valid Values: True | False
- Default: True
- Explanation: Additional flags passed to the command that starts the celery worker for the "firmware_upgrader" queue. It can be used to configure different attributes of the celery worker (e.g. autoscaling, concurrency, etc.). Refer to the celery worker documentation for more information on configurable properties.
- Valid Values: STRING
- Default:
--concurrency=1
- Explanation: Whether the dedicated worker for the celery "monitoring" and "monitoring_checks" queue is enabled. Must be turned on unless there's another server running a worker for this queue.
- Valid Values: True | False
- Default: True
- Explanation: Additional flags passed to the command that starts the celery worker for the "monitoring" queue. It can be used to configure different attributes of the celery worker (e.g. autoscaling, concurrency, etc.). Refer to the celery worker documentation for more information on configurable properties.
- Valid Values: STRING
- Default:
--concurrency=1
- Explanation: Additional flags passed to the command that starts the celery worker for the "monitoring_checks" queue. It can be used to configure different attributes of the celery worker (e.g. autoscaling, concurrency, etc.). Refer to the celery worker documentation for more information on configurable properties.
- Valid Values: STRING
- Default:
--concurrency=1
- Explaination: Email will be sent using this backend.
- Valid Values: See list
- Default: djcelery_email.backends.CeleryEmailBackend
- Explaination: Port to use for the SMTP server defined in
EMAIL_HOST
. - Valid Values: INTEGER
- Default: 25
- Explaination: Username to use for the SMTP server defined in EMAIL_HOST. If empty, Django won’t attempt authentication.
- Valid Values: STRING
- Default: --BLANK--
- Example: [email protected]
- Explaination: Username to use for the SMTP server defined in EMAIL_HOST. If empty, Django won’t attempt authentication.
- Valid Values: STRING
- Default: --BLANK--
- Explaination: Whether to use a TLS (secure) connection when talking to the SMTP server. This is used for explicit TLS connections, generally on port 587.
- Valid Values: True | False
- Default: False
- Explaination: Due to in-built spam protection in Postfix you will need to specify sender domains.
- Valid Values: Domain
- Default: example.org
- Explaination: You may configure a specific hostname that the SMTP server will use to identify itself.
- Valid Values: STRING
- Default: example.org
- Explaination: Destinations of the postfix service.
- Valid Values: Domain
- Default: $myhostname
- Explaination: By default, this limit is set to 0 (zero), which means unlimited. Why would you want to set this? Well, this is especially useful in relation with RELAYHOST setting.
- Valid Values:
- Default: 0
- Example: 26214400
- Explaination: Postfix is exposed only in mynetworks to prevent any issues with this postfix being inadvertently exposed on the internet.
- Valid Values: IP Addresses
- Default: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
- Explaination: Define relay host TLS connection level.
- Valid Values: See list.
- Default: may
- Explaination: Host that relays your mails.
- Valid Values: IP address | Domain
- Default: null
- Example: [smtp.gmail.com]:587
- Explaination: Username for the relay server.
- Valid Values: STRING
- Default: null
- Example: [email protected]
- Explaination: Login password for the relay server.
- Valid Values: STRING
- Default: null
- Example: example
- Explaination: (Value in days) Deletes RADIUS accounting sessions older than given number of days.
- Valid Values: INT
- Default: 365
- Explaination: (Value in days) Deletes RADIUS post-auth logs older than given number of days.
- Valid Values: INT
- Default: 365
- Explaination: (Value in days) Closes stale RADIUS sessions that have remained open for the number of specified days.
- Valid Values: INT
- Default: 365
- Explaination: (Value in months) Deactivates expired user accounts which were created temporarily and have an expiration date set.
- Valid Values: INT
- Default: 12
- Explanation: Number of uWSGI process to spawn.
- Valid Values: INT
- Default: 2
- Explanation: Number of threads each uWSGI process will have.
- Valid Values: INT
- Default: 2
- Explanation: Value of the listen queue of uWSGI
- Valid Values: INT
- Default: 100
- Explaination: Options: or http2. Used by nginx to enable http2. See here
- Valid Values: --BLANK-- | http2
- Default: http2
- Explaination: Client body size. See here
- Valid Values: INT
- Default: 30
- Explaination: Nginx listen on IPv6 for SSL connection. You can either enter a valid nginx statement or leave this value empty.
- Valid Values: --BLANK-- | listen [::]:443 ssl http2;
- Default: --BLANK--
- Explaination: Nginx listen on IPv6 connection. You can either enter a valid nginx statement or leave this value empty.
- Valid Values: --BLANK-- | listen [::]:80;
- Default: --BLANK--
- Explaination: IP address allowed to access OpenWISP services.
- Valid Values: all | IP address
- Example:
12.213.43.54/16
- Default: all
- Explaination: Define domain hash bucket size. See here. Value should be only in powers of 2.
- Valid Values: INT
- Default: 32
- Explaination: Additional nginx configurations. You can add any valid server block element here. As an example
index
option is configured. You may add options to this string or leave this variable blank. This variable is only applicable whenSSL_CERT_MODE
isYes
orSelfSigned
. - Example:
index index.html index.htm;
- Default: --BLANK--
- Explaination: Additional nginx configurations. You can add any valid server block element here. As an example
index
option is configured. You may add options to this string or leave this variable blank. This variable is only applicable whenSSL_CERT_MODE
isFalse
. - Example:
index index.html index.htm;
- Default: --BLANK--
- Explaination: Turn on/off Nginx GZIP.
- Valid Values:
on
|off
- Default:
off
- Explaination: Sets a gzip compression level of a response. Acceptable values are in the range from 1 to 9.
- Valid Values: INT
- Default: 6
- Explaination: Enables or disables gzipping of responses for proxied requests depending on the request and response.
- Valid Values:
off
|expired
|no-cache
|no-store
|private
|no_last_modified
|no_etag
|auth
|any
- Default:
any
- Explaination: Sets the minimum length of a response that will be gzipped. The length is determined only from the “Content-Length” response header field.
- Valid Values: INT
- Default: 1000
- Explaination: Enables gzipping of responses for the specified MIME types in addition to “text/html”. The special value “*” matches any MIME type. Responses with the “text/html” type are always compressed.
- Valid Values: MIME type
- Example:
text/plain image/svg+xml application/json application/javascript text/xml text/css application/xml application/x-font-ttf font/opentype
- Default: *
- Explaination: Allow these IP addresses to access the website over http when
SSL_CERT_MODE
is set toYes
. - Valid Values: all | IP address
- Example:
12.213.43.54/16
- Default: all
- Explaination: Allow http access with https access. Valid only when
SSL_CERT_MODE
is set toYes
orSelfSigned
. - Valid Values: True | False
- Default: True
- Explaination: If you have a custom configuration file mounted, set this to
True
. - Valid Values: True | False
- Default: False
- Explaination: The nginx header to get the value of the real IP address of Access points. Example if a reverse proxy is used in your cluster (Example if you are using an Ingress), then the real IP of the AP is most likely the
$http_x_forwarded_for
. If$http_x_forwarded_for
returns a list, you can use$real_ip
for getting first element of the list. - Valid Values:
$remote_addr
|$http_x_forwarded_for
|$realip_remote_addr
|$real_ip
- Default:
$real_ip
- Explaination: Name of the VPN Server that will be visible on the OpenWISP dashboard.
- Valid Values: STRING
- Default: default
- Explaination: Name of the VPN client template that will be visible on the OpenWISP dashboard.
- Valid Values: STRING
- Default: default-management-vpn
- Explaination: Name of the default certificate authority visible on the OpenWISP dashboard.
- Valid Values: STRING
- Default: default
- Explaination: Name of the default certificate visible on the OpenWISP dashboard.
- Valid Values: STRING
- Default: default
- Explaination: ISO code of the country of issuance of the certificate.
- Valid Values: Country code, see list here
- Default: IN
- Explaination: Name of the state / province of issuance of the certificate.
- Valid Values: STRING
- Default: Delhi
- Explaination: Name of the city of issuance of the certificate.
- Valid Values: STRING
- Default: New Delhi
- Explaination: Name of the organization issuing the certificate.
- Valid Values: STRING
- Default: OpenWISP
- Explaination: Name of the unit of the organization issuing the certificate.
- Valid Values: STRING
- Default: OpenWISP
- Explaination: Organzation email adddress that'll be available to view in the certificate.
- Valid Values: STRING
- Default: [email protected]
- Explaination: Common name for the CA and certificate.
- Valid Values: STRING
- Default: OpenWISP
- Explaination: Host to be used when connecting to the STMP.
localhost
or empty string are not allowed. - Valid Values: STRING | IP adress
- Example: smtp.gmail.com
- Default: postfix
- Explaination: Host to establish redis connection.
- Valid Values: Domain | IP address
- Default: redis
- Explaination: Host to establish OpenWISP dashboard connection.
- Valid Values: Domain | IP address
- Default: dashboard
- Explaination: Host to establish OpenWISP api connection.
- Valid Values: Domain | IP address
- Default: api
- Explaination: Enable Django Debugging. See here.
- Valid Values: True | False
- Default: False
- Explaination: Change the port on which nginx tries to get the OpenWISP dashboard container. DON'T Change unless you know what you are doing.
- Valid Values: INTEGER
- Default: 8000
- Explaination: Change the port on which nginx tries to get the OpenWISP api container. DON'T Change unless you know what you are doing.
- Valid Values: INTEGER
- Default: 8001
- Explaination: Internal dashboard domain to reach dashboard from other containers.
- Valid Values: STRING
- Default: dashboard.internal
- Explaination: Internal api domain to reach api from other containers.
- Valid Values: STRING
- Default: api.internal
- Explaination: Set debug_peer_list for given list of networks.
- Valid Values: STRING
- Default: null
- Example: 127.0.0.0/8
- Explaination: Directory to be exported by the NFS server. Don't change this unless you know what you are doing.
- Valid Values: STRING
- Default: /exports
- Explaination: NFS export options for the directory in
EXPORT_DIR
variable. - Valid Values: STRING
- Default: 10.0.0.0/8(rw,fsid=0,insecure,no_root_squash,no_subtree_check,sync)