managing twingate

Quick Start

Automated Deployment

Connectors

Resources

Remote Networks

Best Practices

JIT Access Requests

Usage-based Auto-lock

Ephemeral Access

Resource Tags

Aliases

Kubernetes

Route Traffic from Kubernetes

Manage Kubernetes using kubectl

Private Resources in Kubernetes

Publicly Exposed Resources in Kubernetes

Privileged Access for Kubernetes

Team

Users

Admins

How to Offboard Users

Social Logins

Groups

Identity Providers

Entra ID Configuration

Google Workspace Configuration

JumpCloud Configuration

Keycloak Configuration

Okta Configuration

OneLogin Configuration

SCIM Provisioning API

Security Policies

Location requirements via geoblocking

Security Policies: Migration Guide

Policy Guides

Authentication

Device-only Resource Policies

Trusted Devices

Two-Factor Authentication

Devices

Client Application

Endpoint Requirements

Using Twingate

Managed Devices

Windows Client Migration to .NET 8

macOS & iOS

macOS standalone Client

Windows Managed Devices

Device Administration

1Password XAM Configuration

CrowdStrike Configuration

Device Security Posture Checks

Device Security Guide

Intune Configuration

Jamf Configuration

Kandji Configuration

Linux device ID migration

Manually Verified Devices

SentinelOne Configuration

Services

Headless Clients

Linux Headless Mode

Windows Headless Mode

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Admin Console Export

Audit Logs Schema

Network Traffic

Detailed Network Event Schemas

Network Events Admin Console Export

User Activity

Device Report

Syncing Data to AWS S3

Internet Security

Browser Security

NextDNS Integration

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Customer Network

MSP Billing

Cancel Your Subscription

Notifications

Troubleshooting

Device Failures

DNS Failures

Connector Failures

Firewall Failures

Split Tunnel Failures

additional resources

Help Center ↗

Need help?

Troubleshooting

Changelog

FAQ

Twingate Trust Center

Twingate & Customer Data

DORA Compliance

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

How to Deploy a Connector with Docker Compose

Use Docker Compose to deploy your Connectors.

The Twingate Connector can easily be deployed using Docker Compose. There are a few optional parameters you can change and prerequisites to meet that are covered in this guide.

Peer-to-peer connections help you to provide a better experience for your users and to stay within the Fair Use Policy for bandwidth consumption. Learn how to support peer-to-peer connections.

Prerequisites

You will need to specify an Access Token and a Refresh Token for the Connector in your Docker Compose instructions. You can generate both tokens by following the instructions on how to deploy a Connector.
You will need your Twingate tenant name (the <name> in the URL to your instance of the Admin Console: https://<name>.twingate.com)

Docker Compose with mandatory parameters

You can use the following template and replace the <TENANT NAME>, <ACCESS TOKEN> and <REFRESH TOKEN> with your own:

services:
  twingate-connector:
    image: twingate/connector:latest
    environment:
      - TWINGATE_NETWORK=<TENANT NAME>
      - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
      - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>

Docker Compose with optional parameters

On top of the required parameters (see above), we recommend adding a few more parameters to your Docker Compose instructions. They are not mandatory but can help to provide a better experience:

<container_name>: you can set this to the name of the Connector as it appears in your Admin Console
<restart>: this will ensure the container will restart if it crashes
<TWINGATE_LOG_LEVEL>: this will configure the Connector to generate detailed logs which is useful for troubleshooting. You can change the parameter value at your discretion (see Twingate Connector logs for more information).
<TWINGATE_LOG_ANALYTICS>: this will allow Connector Analytics logs (Network Events) to appear in the container logs
<net.ipv4.ping_group_range>: system setting for the base image that allows the proper handling of ICMP / ping in case you intend to use ping for connectivity testing to Twingate Resources
<network_mode>: is implicitly set to bridge but can be set to host instead (host mode allows the container to connect to its host machine’s network stack and can be used to enable local peer-to-peer connections)

services:
  twingate_connector:
    container_name: <CONNECTOR NAME>
    restart: always
    image: "twingate/connector:latest"
    environment:
      - TWINGATE_NETWORK=<TENANT NAME>
      - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
      - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
      - TWINGATE_LOG_ANALYTICS=v2
      - TWINGATE_LOG_LEVEL=3
    network_mode: host
    sysctls:
      net.ipv4.ping_group_range: "0 2147483647"

Docker Compose with log forwarding via syslog

You can also add a few more parameters to your Docker Compose instructions if you want to automatically forward the container logs to something like syslog:

services:
  twingate_connector:
    container_name: <CONNECTOR NAME>
    restart: always
    image: "twingate/connector:latest"
    environment:
      - TWINGATE_NETWORK=<TENANT NAME>
      - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
      - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
      - TWINGATE_LOG_ANALYTICS=v2
      - TWINGATE_LOG_LEVEL=3
    logging:
      driver: syslog
      options:
        syslog-address: "udp://<syslog server IP>:514"
        syslog-format: "rfc5424"
        syslog-facility: daemon
        tag: "<CONNECTOR NAME>"

Last updated 7 months ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

Introduction to DNS

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

How to troubleshoot peer-to-peer connections

Encryption in Twingate

API

Getting Started with the API

Exploring the APIs

Introduction to tg CLI (JavaScript)

Introduction to the Python CLI

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Connector Best Practices

Aptible

How to Deploy a Connector on AWS

How to Deploy a Connector on Azure

How to Deploy a Connector on Linux

How to Deploy a Connector on GCP

K8s Helm Chart

Managed Connectors

Updating Connectors

How to Upgrade Connectors Running in AWS/Azure/Docker Containers

K8s Helm Chart Upgrades

Systemd Service Upgrades

Advanced Connector Management

Connector Details

Connector Health Checks

Connector Metadata

Real-time Connection Logs

Deployment Automation

Supporting Unqualified Domain Names