Installation#

Requirements#

  • Python 3.11+
  • Docker + Docker Compose (recommended)
  • A valid TLS certificate (Let’s Encrypt, ACME, or self-signed for internal use)
git clone https://github.com/Whispergate/InfraGuard
cd InfraGuard
cp config/examples/c2-cobalt-strike.yaml config/config.yaml
# Edit config/config.yaml — set your upstream, TLS paths, env vars
docker compose up -d

The compose file mounts ./config into the container. Edit config/config.yaml and restart to pick up changes.

pip / virtualenv#

git clone https://github.com/Whispergate/InfraGuard
cd InfraGuard
python -m venv .venv
source .venv/bin/activate      # Windows: .venv\Scripts\activate
pip install -e .
infraguard --help

Environment Variables#

InfraGuard uses env-var interpolation in YAML configs (${VAR}). Create a .env file or export before starting:

export INFRAGUARD_TLS_CERT=/certs/fullchain.pem
export INFRAGUARD_TLS_KEY=/certs/privkey.pem
export INFRAGUARD_DB_PATH=/data/infraguard.db
export CS_UPSTREAM=https://10.0.0.1:443

With Docker Compose, add these to an env_file: block or your .env file at the project root.

TLS Certificates#

InfraGuard terminates TLS. Point tls.cert and tls.key at PEM files:

listeners:
  - protocol: "https"
    bind: "0.0.0.0"
    port: 443
    tls:
      cert: "${INFRAGUARD_TLS_CERT}"
      key: "${INFRAGUARD_TLS_KEY}"

For automated Let’s Encrypt issuance, use Caddy or certbot in sidecar mode and mount the resulting PEM files.

Verify#

infraguard --version
infraguard config show --config config/config.yaml
Backward Getting Started Quickstart Forward