Quick Install

Fast and Easy Setup for Secure Network Management

Welcome to the Netmaker Quick Install Guide

This guide will help you set up your Netmaker server quickly using a virtual machine, physical server, or cloud. It covers prerequisites, installation, and firewall configuration. By the end, you'll have an operational Netmaker server using WireGuard.

Prerequisites

Operating System & Server Requirements

All components of Netmaker can run on a single server (VM or bare metal). Specifications:

Ubuntu 24.04.
Public static IP address (required for communication between nodes).
Domain name (preferred) (e.g., http://netmaker.example.com/) with DNS management access.
System resources:
- Minimum: 1 GB RAM, 1 CPU, 2 GB storage.
- Recommended (production): 2 GB RAM, 2 CPU, 10 GB storage.
Recommendation: Use Netmaker in a dedicated network for optimal performance.

Recommended Cloud Providers

https://www.digitalocean.com/ (preferred)
https://www.linode.com/
https://www.keepsec.ca/
https://aws.amazon.com/, https://azure.microsoft.com/, https://cloud.google.com/

Note: Avoid using Oracle Cloud due to known issues with network configuration.

Netmaker Firewall Rules

Ensure firewall settings are configured on the VM and cloud security groups (e.g., AWS, GCP) or on your router/firewall appliance:

80, 443 (TCP): For Caddy (serving the UI, REST API, and MQTT broker)
51821 (UDP), 443 (UDP): For WireGuard traffic (default Netclient port)

Firewall commands:

UFW rules

# Allow HTTPS traffic for secure web connections (Caddy, Dashboard, REST API)
sudo ufw allow 443/tcp

# Allow HTTP traffic for Caddy, which uses port 80 to generate SSL/TLS certificates automatically
sudo ufw allow 80/tcp

# Allow WireGuard VPN traffic on UDP port 51821 for secure peer communication
sudo ufw allow 51821/udp
sudo ufw allow 443/udp

Make sure the server isn’t blocking traffic forwarding. To guarantee forwarding of traffic:

Accept forwarding policy (iptables)

iptables --policy FORWARD ACCEPT

Netclient Firewall Rules

The server deploys a Netclient. On Linux, open these ports:

UDP and TCP ports 443 (Outbound and Inbound)

For advanced debugging, view firewall logs (example using UFW):

UFW logging and filtering

# set the firewall to log only the blocked traffic
ufw logging low

# clear out the current logs
cat /dev/null | sudo tee /var/log/ufw.log

# reload ufw
ufw reload

# filter the logs
cat /var/log/ufw.log | grep -e <netmaker server IP> -e <other nodes' IPs>

Domain

Your server hosts several services (netmaker server, UI, etc.) — each needs a dedicated, public subdomain. Recommendations:

Use a publicly owned domain (e.g., http://example.com/, http://mysite.biz/)
Designate a subdomain (e.g., *.netmaker.example.com) for Netmaker’s services (e.g., dashboard.netmaker.example.com, api.netmaker.example.com)
If you don’t want to use a wildcard domain (*.netmaker.example.com): create individual DNS records (A for IPv4 and/or AAAA for IPv6) for each required subdomain:

Purpose

Required Subdomain

Netmaker API

api.example.com

Dashboard UI

dashboard.example.com

MQTT Broker

broker.example.com

Prometheus

prometheus.example.com

Grafana

grafana.example.com

Netmaker Exporter

netmaker-exporter.example.com

Make sure you have permission and access to modify DNS records (e.g., Route53).

Important Note on Cloudflare: Cloudflare’s proxying can interfere with MQTT functionality. You can disable proxying in the Cloudflare DNS dashboard. Cloudflare proxy configuration may lead to issues with Netmaker; Netmaker does not provide guidance for resolving these problems.

Quick Install Script

Execute the nm-quick script for a self-hosted/on-premises setup.

To install Community Edition:

Install Community Edition

sudo wget -qO /root/nm-quick.sh https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh && sudo chmod +x /root/nm-quick.sh && sudo /root/nm-quick.sh

To install Pro Edition:

Install Pro Edition

sudo wget -qO /root/nm-quick.sh https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh && sudo chmod +x /root/nm-quick.sh && sudo /root/nm-quick.sh -p

IMPORTANT: The auto-generated domain used by the installer has been rate-limited by the certificate provider. Strongly recommend using your own domain. Using the auto-generated domain may lead to failed installation due to rate limiting.

Integrating IdP

Users can join a Netmaker server via OAuth by clicking "Login with SSO" on the dashboard login page. See the integrating IdP docs: https://docs.netmaker.io/docs/how-to-guides/identity-provider-integration-guide

After the trial period ends

If you wish to continue using PRO

Check these steps to obtain a pro license: https://docs.netmaker.io/docs/server-installation/netmaker-professional-setup
Run:

If you wish to downgrade to the community version

Run:

To get started the easiest way, visit our SaaS platform to set up a Netmaker server with a few clicks: https://app.netmaker.io

Post-Installation: Accessing the Dashboard & Creating a Super Admin

Follow these steps after a successful Quick Install to create a Super Admin and verify access.

Access the Netmaker Dashboard

Open a web browser and navigate to your Netmaker dashboard URL:
- Custom domain: https://dashboard.example.com
- Auto-generated domain: https://dashboard.nm.<your-server-ip>.nip.io (format provided during installation)

Log In

On the login screen, use the initial admin credentials created during installation.

Create a user

Navigate to User Management in the left-hand sidebar.
Click Add a User. In Netmaker Professional there are two ways to add users:
- Basic Auth: create users with username, password, and assign groups/roles.
- User Invite: send invitations via email (SMTP setup required for self-hosted — https://docs.netmaker.io/docs/server-installation/advanced-options#setting-a-netmaker-server-up-for-emailing). Invitees receive a link to create their account with pre-assigned roles/groups.

If you selected Create a User:

Fill in Username, Password.
Platform Access Level: select Admin.
Click Create User.

If you selected Invite a User:

Fill in Email address(es).
Platform Access Level: select Admin.
Click Create User Invite(s).

Test the Super Admin Access

Log out of the current session.
Log in using the new Super Admin credentials.
Verify access to all administrative features in the dashboard.

Next Steps

Getting Started with Netmaker: https://docs.v2.netmaker.io/docs/getting-started
Use Case Guides: https://docs.netmaker.io/docs/how-to-guides

PreviousServer Installation NextAdvanced Options

Last updated 21 hours ago

Was this helpful?

Good evening

hashtagWelcome to the Netmaker Quick Install Guide

hashtagPrerequisites

hashtagOperating System & Server Requirements

hashtagRecommended Cloud Providers

hashtagNetmaker Firewall Rules

hashtagNetclient Firewall Rules

hashtagDomain

hashtagQuick Install Script

hashtagIntegrating IdP

hashtagAfter the trial period ends

hashtagIf you wish to continue using PRO

hashtagIf you wish to downgrade to the community version

hashtagPost-Installation: Accessing the Dashboard & Creating a Super Admin

hashtagAccess the Netmaker Dashboard

hashtagLog In

hashtagCreate a user

hashtagTest the Super Admin Access

hashtagNext Steps

Welcome to the Netmaker Quick Install Guide

Prerequisites

Operating System & Server Requirements

Recommended Cloud Providers

Netmaker Firewall Rules

Netclient Firewall Rules

Domain

Quick Install Script

Integrating IdP

After the trial period ends

If you wish to continue using PRO

If you wish to downgrade to the community version

Post-Installation: Accessing the Dashboard & Creating a Super Admin

Access the Netmaker Dashboard

Log In

Create a user

Test the Super Admin Access

Next Steps