Upgrading Gateways

Firezone Gateways are designed to be easily upgraded with little or no planned downtime for your organization. This guide will walk you through the steps to upgrade your Gateway for both Docker and systemd deployments.

This guide covers Gateway upgrades only. For details on upgrading Clients, refer to the appropriate user guide for your platform.

Upgrade process

Upgrading a Gateway generally consists of simply replacing the binary or Docker image with the newer version and then restarting. See below for specific steps depending on how you've deployed your Gateway:

Copy-paste the following command to upgrade your Docker-based Gateway:

curl -fsSL \
  https://raw.githubusercontent.com/firezone/firezone/main/scripts/gateway-docker-upgrade.sh \
  | bash
View script source

Verification

After running the upgrade, you can verify the Gateway is running the latest version by ensuring the sha256 hash of the pulled image matches the latest artifact published on GitHub:

Gateway upgrade verification
# Get the sha256 hash of the gateway image running on your system
> docker inspect ghcr.io/firezone/gateway:1.0 --format='{{index .RepoDigests 0}}'

# Ensure this hash matches the latest available image above
ghcr.io/firezone/gateway@sha256:0516fa4a305fac10571238db2b7bf02e6adeda0fb5afc1fe7e8d0c4d0a93ebc6

Downtime considerations

Gateways deployed within the same Site will automatically failover for each other. By upgrading Gateways one-by-one in a rolling update strategy, Clients connected to the Gateway being upgraded will automatically reconnect to an available Gateway.

Users may notice very brief interruptions to Resources for a few seconds as their Client reconnects to a healthy Gateway.

Need additional help?

Try asking on one of our community-powered support channels:

Or try searching the docs:
Last updated: April 16, 2024