Some feedback about the installation process before I get used to how things are and forget: I would really appreciate if there's a guide for a more "manual" docker compose install process. The quick start script is great, but it wouldn't fit everyone. For me specifically, I would like to put the files under

/mnt/vdb1

instead of

/root

, use other reverse proxy instead of traefik, and expose netmaker api and netmaker-ui with cloudflare tunnel. The best thing of self-hosting with docker and docker compose for me is everything is contained, there's no magic config file littered around. The quick start script is hardcoded to use

/root

, which I guess is fine for "Trial, PoC, Testing, and Experimenting". So I went from "Quick Install" straight to "Advanced Install Resources", and used files in https://github.com/gravitl/netmaker/blob/master/compose as reference.

Volumes: I just replaced volume names with a path to my mounted disk, and everything just works. But there's no documentation about what volumes are used for, why some volumes are shared between containers. As a example, https://hub.docker.com/_/eclipse-mosquitto listed the three directories it expects to be mounted. Domains and Ports: The quick start script and advanced install documentation seems to assumes everything is running with the same base domain, and all pointing to the same IP. I want to expose netmaker api and ui via cloudflare tunnel, but expose mqtts directly, also the base domain for mqtts will be different, so I can't just do a simple search-replace. It's pretty hard to grasp which config is for which part of the system purely by name. For example, if I understand correctly,

SERVER_NAME

is used as the public mqtt domain used by clients, and

MQ_HOST

is the internal mqtt domain used by netmaker,

MQ_SERVER_PORT

is the public mqtt port and

MQ_PORT

is the internal mqtt port. The "Variable Description" is helpful but incomplete, for example,

MQ_SERVER_PORT

and

MQ_PORT

are listed in "Compose File - Annotated" not listed in "Variable Description".

MQ_ADMIN_PASSWORD

is listed in https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.yml but not on the advanced install doc page. There's a lot of references to GRPC (example: https://github.com/gravitl/netmaker/blob/4d062b88ba2c56afbd3371e14e9ab36f75c57dfe/scripts/nm-quick-interactive.sh#L33 , also in advanced install page) but seems not used, I'm guessing it was used in the past?

MQTT: Why does mqtt needs to use 2 listeners? Comparing https://github.com/gravitl/netmaker/blob/master/docker/mosquitto.conf and https://docs.netmaker.org/server-installation.html#mq my guess is that it was needed because netmaker didn't use credentials before, so it needs to use a separate listener for anonymous access, but now it's not needed anymore? Also that shared volumes being used for passing

dynamic-security.json

is not documented. I still haven't got everything fully working yet, still haven't configured TLS for mqtt, but I'm getting there. I tried netmaker a few months ago, I don't remember why I didn't like it, I did faintly remember feeling "why is it so complicated". I kept seeing netmaker on /r/selfhosted, I'm reworking my selfhosted services now and needs a vpn solution, so I did more reading and realized it's exactly what I need. I was about to write a script for generating wireguard configs. But the setup process really is... how to describe.. painful? I guess 🥲