|
| 1 | +--- |
| 2 | +slug: release-0-6-0 |
| 3 | +title: Release 0.6.0 |
| 4 | +authors: [jamil] |
| 5 | +tags: [release, docker, saml] |
| 6 | +--- |
| 7 | + |
| 8 | +import AsciinemaPlayer from '@site/src/components/AsciinemaPlayer'; |
| 9 | +import 'asciinema-player/dist/bundle/asciinema-player.css'; |
| 10 | + |
| 11 | +## Firezone 0.6 Released! |
| 12 | + |
| 13 | +Today, I'm excited to announce we've closed the [first public issue |
| 14 | +](https://github.com/firezone/firezone/issues/260) on our GitHub repository, |
| 15 | +more than a year after it was originally opened: Containerization support! |
| 16 | +We're also releasing preliminary support for SAML 2.0 identity providers |
| 17 | +like Okta and OneLogin. |
| 18 | + |
| 19 | +### Docker Support |
| 20 | + |
| 21 | +Docker is now the preferred method for deploying Firezone. Our [ |
| 22 | +automatic install script](https://raw.githubusercontent.com/firezone/firezone/master/scripts/docker_install.sh) |
| 23 | +now uses Docker by default, and we even have a new [Docker migration script |
| 24 | +](https://raw.githubusercontent.com/firezone/firezone/master/scripts/docker_migrate.sh) |
| 25 | +that will non-destructively migrate your Omnibus-based Firezone installation |
| 26 | +to a Docker-based one with minimal downtime. |
| 27 | + |
| 28 | +#### How to Deploy |
| 29 | + |
| 30 | +You can now deploy Firezone complete with valid SSL certificates and a |
| 31 | +provisioned administrator in just a couple minutes: |
| 32 | + |
| 33 | +<AsciinemaPlayer src="https://asciinema.org/a/530197.cast" autoplay={true} rows={30} idleTimeLimit={3} preload={true} /> |
| 34 | + |
| 35 | +--- |
| 36 | +This also means Firezone runs on any platform that supports Docker, |
| 37 | +like my Mac in the video above. The automatic install script will _probably_ |
| 38 | +barf on Windows, though. In that case, try the |
| 39 | +[manual install method](https://docs.firezone.dev/deploy/docker/#option-2-manual-install)! |
| 40 | + |
| 41 | +#### Why Docker? |
| 42 | + |
| 43 | +Docker offers a number of benefits over the old Omnibus-based method of deploying |
| 44 | +Firezone: |
| 45 | + |
| 46 | +- **Simpler, more robust upgrades**: In most cases, simply pull the latest `firezone/firezone` |
| 47 | + image and restart the container. |
| 48 | +- **Simpler configuration**: Most day-to-day configuration of Firezone can now |
| 49 | + be done in the web UI instead of the `/etc/firezone/firezone.rb` configuration |
| 50 | + file. All other configuration variables can be specified as ENV vars to the |
| 51 | + Firezone container. |
| 52 | +- **Smaller footprint**: The Firezone image weighs in at a couple dozen |
| 53 | + megabytes versus hundreds of megabytes for the Omnibus package. |
| 54 | +- **Portability**: Firezone now runs on any platform that supports Docker. |
| 55 | +- **Security**: Containerization providers better security isolation than |
| 56 | + simply running as an unprivileged local user. |
| 57 | + |
| 58 | +It also makes it easier to build and test Firezone. CI pipelines rejoice! |
| 59 | +No more 4-hour long compiles and intermittent build failures. |
| 60 | + |
| 61 | +#### What about Omnibus? |
| 62 | + |
| 63 | +[Chef Omnibus](https://github.com/chef/omnibus) is a Ruby-based build system |
| 64 | +designed to make building and distributing complex software easier. You define |
| 65 | +your dependencies as source tarballs, configure options, and platform-specific |
| 66 | +build flags, and Omnibus automatically fetches, builds, and links all your |
| 67 | +dependencies automagically, emitting an OS-native installer artifact when |
| 68 | +complete. |
| 69 | + |
| 70 | +Omnibus was a popular choice for distributing self-hosted software before |
| 71 | +Docker was popular -- GitLab and Mattermost are two popular self-hosted products |
| 72 | +that still support Omnibus-based deployments today. It's still used in many |
| 73 | +cases where Docker can't be used (on the *BSDs, for example). |
| 74 | + |
| 75 | +But, since Omnibus is [effectively EOL in 2024](https://docs.chef.io/versions/) |
| 76 | +due to its reliance on Chef Infra Client, we've decided to deprioritize |
| 77 | +reliance on it, and dedicate those resources to containerized deployments |
| 78 | +instead. |
| 79 | + |
| 80 | +**Note**: Beginning with 0.6, Omnibus support in Firezone is **deprecated**. |
| 81 | +We'll be removing support for it completely in a future Firezone release. |
| 82 | + |
| 83 | +#### How to migrate from Omnibus to Docker |
| 84 | + |
| 85 | +We've written an in-depth migration guide to migrate your instance from Omnibus |
| 86 | +to Docker: |
| 87 | + |
| 88 | +https://docs.firezone.dev/administer/migrate |
| 89 | + |
| 90 | +Most instances will migrate without issue. If you're running Firezone in production |
| 91 | +for your team or business, [contact us](https://www.firezone.dev/contact/sales) |
| 92 | +so we can better understand how we can help with your migration. |
| 93 | + |
| 94 | +### SAML 2.0 |
| 95 | + |
| 96 | +Also in 0.6 is preliminary support for SAML 2.0 authentication. You'll need the |
| 97 | +IdP Metadata XML document to set it up. In most cases the identity provider |
| 98 | +will provide it for you. If not, you should be able to build it manually or |
| 99 | +using a tool such as |
| 100 | +[this nifty online IdP builder](https://www.samltool.com/idp_metadata.php). |
| 101 | + |
| 102 | + |
| 103 | +In general we recommend using OpenID Connect integration over SAML whenever possible. |
| 104 | +It's simpler, tends to be implemented more consistently across identity providers, |
| 105 | +and much easier to debug when things go wrong. |
| 106 | + |
| 107 | +Speaking of OIDC, 0.6 also introduces a couple improvements to make integrating |
| 108 | +your identity provider a more pleasant experience: |
| 109 | + |
| 110 | +* `auto_create_oidc_users` is now a per-provider configuration setting. Enable or disable |
| 111 | + autocreation of users when logging into Firezone via that provider. |
| 112 | +* New web form for entering OIDC details, with improved validation and error checking: |
| 113 | + |
| 114 | + |
| 115 | + |
| 116 | +If your IdP isn't supported or you'd like to learn about your options for |
| 117 | +custom integrations, [contact us](https://www.firezone.dev/contact/sales) to |
| 118 | +learn more about our Business plan features. |
0 commit comments