# NetMaker Self-Hosted

Installing Netmaker with an existing Caddy reverse proxy is a common setup for users who already have a centralized proxy managing their services. The key is to perform a manual installation of Netmaker using Docker Compose, but without the Caddy service that is included in the standard setup scripts.

Here is a step-by-step guide to install Netmaker on your Proxmox LXC at `192.168.1.39` and configure it to work with your existing Caddy instance at `192.168.1.15`.

#### Step 1: Prepare the Netmaker LXC Container

First, you need to prepare the new LXC container where Netmaker will be installed.

1. **Access your Netmaker LXC:** SSH into your Proxmox LXC container at `192.168.1.39`.
2. **Install Docker and Docker Compose:** Netmaker runs in Docker containers. If you don't have them installed, run the following commands:

```bash
# Install Docker
apt-get update
apt-get install -y docker.io

# Install Docker Compose
apt-get install -y docker-compose
```

#### Step 2: Set Up Netmaker Installation Files

Instead of using the `nm-quick.sh` script, you will manually create the `docker-compose.yml` and environment files. This allows you to remove the Caddy service.

1. **Create a directory for Netmaker:**

```bash
mkdir /netmaker
cd /netmaker
```

2. **Create the `docker-compose.yml` file:** Create a file named `docker-compose.yml` and paste the following configuration. This is a modified version of the standard Netmaker `docker-compose` file, with the `caddy` service removed.

```yaml
version: "3.4"
services:
  netmaker:
    container_name: netmaker
    image: gravitl/netmaker:latest
    env_file: ./netmaker.env
    restart: always
    volumes:
      - dnsconfig:/root/config/dnsconfig
      - sqldata:/root/data
    ports:
      - "8081:8081" # Expose API port
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_MODULE

  netmaker-ui:
    container_name: netmaker-ui
    image: gravitl/netmaker-ui:latest
    env_file: ./netmaker.env
    environment:
      # This should point to your Caddy reverse proxy address for the API
      BACKEND_URL: "https://api-net.yourdomain.com"
    restart: always
    ports:
      - "8082:80" # Expose UI port

  coredns:
    container_name: coredns
    image: coredns/coredns
    command: -conf /root/dnsconfig/Corefile
    env_file: ./netmaker.env
    restart: always
    volumes:
      - dnsconfig:/root/dnsconfig

  mq:
    container_name: mq
    image: eclipse-mosquitto:2.0.15-openssl
    env_file: ./netmaker.env
    restart: unless-stopped
    command: [ "/mosquitto/config/wait.sh" ]
    volumes:
      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
      - ./wait.sh:/mosquitto/config/wait.sh
      - mosquitto_logs:/mosquitto/log
      - mosquitto_data:/mosquitto/data
    ports:
      - "8883:8883" # Expose MQTT websocket port

volumes:
  sqldata: {}
  dnsconfig: {}
  mosquitto_logs: {}
  mosquitto_data: {}

```

3. **Create supporting configuration files:** You'll need `mosquitto.conf` and `wait.sh` in the same directory. 
    - **`mosquitto.conf`:**

```bash
wget https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf
```

- `<strong>wait.sh</strong>` :

```bash
wget https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh
chmod +x wait.sh
```

#### Step 3: Configure the Netmaker Environment

Create a `netmaker.env` file to configure your Netmaker server. This is where you'll define your domain, IP address, and other critical settings.

1. **Create the `netmaker.env` file:**

```bash
touch netmaker.env
```

2. **Edit the file** and add the following, replacing the placeholder values with your own:

```env
# == Base Configuration ==
# Your API domain for Netmaker (e.g., api-net.yourdomain.com)
NM_DOMAIN=api-net.yourdomain.com

# Your public IP address
SERVER_HOST=api-net.yourdomain.com

# A strong, secret key for the API
MASTER_KEY=your_very_secret_master_key

# Your email for SSL certificates (handled by your main Caddy, but good practice)
NM_EMAIL=your.email@example.com

# == Database ==
DATABASE=sqlite

# == Broker Configuration ==
# Credentials for the MQTT broker
MQ_USERNAME=netmaker
MQ_PASSWORD=your_secure_mq_password

# == Netmaker API Port ==
API_PORT=8081

# == Telemetry (Optional) ==
TELEMETRY=off
```

**Important:** In the `docker-compose.yml` file, remember to replace `https://api.yourdomain.com` in the `netmaker-ui` service environment with the actual API URL you will configure in Caddy.

#### Step 4: Launch Netmaker

Now you can start the Netmaker services.

1. **Start Docker Compose:** From your `/root/netmaker` directory, run:

```bash
docker-compose up -d
```

2. **Verify services are running:**

```bash
docker ps
```

You should see `netmaker`, `netmaker-ui`, `mq`, and `coredns` containers running.

#### Step 5: Configure Your Existing Caddy Proxy

On your Caddy server at `192.168.1.15`, you need to add reverse proxy rules to direct traffic to the new Netmaker services on `192.168.1.39`.

Edit your `Caddyfile` and add the following blocks. Replace `netmaker.yourdomain.com` with the domain you set in your `.env` file.

```caddy
# Netmaker Dashboard UI
dashboard-net.yourdomain.com {
    reverse_proxy 192.168.1.39:8082
}

# Netmaker API
api-net.yourdomain.com {
    reverse_proxy 192.168.1.39:8081
}

# Netmaker MQTT Broker (for websockets)
broker-net.yourdomain.com {
    reverse_proxy / 192.168.1.39:8883 {
        header_up Host {http.reverse_proxy.upstream.hostport}
        header_up X-Forwarded-Host {host}
    }
}
```

After saving the `Caddyfile`, reload Caddy to apply the changes:

```bash
sudo systemctl reload caddy
```

#### Step 6: Finalize Port Forwarding and DNS

1. **DNS Records:** Ensure you have the following `A` records pointing your domain to your Caddy server's public IP address: 
    - `dashboard.netmaker.yourdomain.com`
    - `api.netmaker.yourdomain.com`
    - `broker.netmaker.yourdomain.com`
2. **Router/Firewall Port Forwarding:** You must forward the necessary UDP ports for WireGuard traffic to your **Netmaker LXC** at `192.168.1.39`. The default port is `51821`.[^2](https://docs.netmaker.io/docs/server-installation/quick-install)
    - Forward UDP port `51821` to `192.168.1.39`.

Your Netmaker installation should now be accessible through your existing Caddy reverse proxy. You can access the dashboard at [`https://dashboard-net.yourdomain.com`](https://dashboard-net.yourdomain.com).

<span style="display: none;">[^10](https://github.com/gravitl/netmaker/issues/2796)[^12](https://www.reddit.com/r/selfhosted/comments/nrcv23/netmaker_v05_support_for_most_devices_windows_mac/)[^14](https://caddyserver.com/docs/quick-starts/reverse-proxy)[^16](https://caddy.community/t/id-like-to-reverse-proxy-to-another-reverse-proxy/17302)[^18](https://www.youtube.com/watch?v=NWMYPU2FCjI)[^20](https://tuananh.net/2020/04/01/how-to-setup-reverse-proxy-for-homelab-with-caddy-server/)[^22](https://github.com/likeablob/docker-netmaker)[^24](https://community.mailcow.email/d/681-caddy-server-reverse-proxy-how-to?page=2)[^26](https://threads.netmaker.io/t/8170888/having-an-issue-with-caddy-coming-up-during-install-root-loc)[^28](https://www.reddit.com/r/netmaker/comments/yy8vls/netmaker_install_not_working/)[^4](https://caddy.community/t/caddy-netmaker-dockerized-access-ip-in-host-level/20820)[^6](https://docs.netmaker.io/docs/about/architecture)[^8](https://www.netmaker.io/resources/how-to-use-netmaker-v0-10-a-wireguard-r-virtual-networking-platform-deep-dive)</span><span style="color: rgb(224, 62, 45);">**Ins0mniA**</span>