This service is meant to serve as a proxy for a subset of functionalities of defguard core which require public access. It provides a public REST API and communicates with core over gRPC.
To learn more about the system see our documentation.
If you already have your defguard instance running you can set up a proxy by following our deployment guide.
See the documentation for more information.
Find us on Matrix: #defguard:teonite.com
Please review the Contributing guide for information on how to get started contributing to the project. You might also find our environment setup guide handy.
Clone repository:
[email protected]:DefGuard/client.gitInitialize proto submodule:
git submodule update --init --recursiveTo run API server:
cargo runTo run webapp dev server:
cd web/
pnpm install
pnpm run devWe provide following ways to verify the authenticity and integrity of official releases:
All official Docker images are signed using Cosign. To verify a Docker image:
-
Install cosign CLI
-
Verify the image signature (replace <IMAGE_TAG> with the tag you want to verify):
cosign verify --certificate-identity-regexp="https://github.com/DefGuard/proxy" \ --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ ghcr.io/defguard/defguard:<IMAGE_TAG>
All release assets (binaries, packages, etc.) include SHA256 checksums that are automatically generated and published with each GitHub release:
-
Download the release asset and copy its corresponding checksum from the releases page
-
Verify the checksum:
# Linux/macOS echo known_sha256_checksum_of_the_file path/to/file | sha256sum --check