Upgrading Gateways
Firezone Gateways are designed to be easily upgraded with little or no planned downtime for your organization. This guide will walk you through the steps to upgrade your Gateway for both Docker and systemd deployments.
This guide covers Gateway upgrades only. For details on upgrading Clients, refer to the appropriate user guide for your platform.
Upgrade process
Upgrading a Gateway generally consists of simply replacing the binary or Docker image with the newer version and then restarting. See below for specific steps depending on how you've deployed your Gateway:
Copy-paste the following command to upgrade your Docker-based Gateway:
curl -fsSL \
https://raw.githubusercontent.com/firezone/firezone/main/scripts/gateway-docker-upgrade.sh \
| bash
If you deployed via the portal, your unit file should already contain logic necessary to upgrade the Gateway on service start. Simply move the old binary and restart the service to trigger the upgrade:
# Stop the Gateway service. WARNING: This will cause brief downtime for this Gateway.
sudo systemctl stop firezone-gateway
# Move the old binary to a backup location
sudo mv /usr/local/bin/firezone-gateway /usr/local/bin/firezone-gateway.bak
# Start the Gateway service to trigger the upgrade
sudo systemctl start firezone-gateway
Rollback in case of issues
If something goes wrong during the upgrade, you can always revert to the old binary by stopping the service and moving the backup binary back to its original location:
# Restore the old binary and restart the service
sudo systemctl stop firezone-gateway
sudo mv /usr/local/bin/firezone-gateway.bak /usr/local/bin/firezone-gateway
sudo systemctl start firezone-gateway
Please file a GitHub issue if you consistently encounter issues with the upgrade process.
Verification
After running the upgrade, check that the version reported by the Gateway in the admin portal matches the latest published version on our GitHub releases page to ensure it's up to date:
Downtime considerations
Gateways deployed within the same Site will automatically failover for each other. By upgrading Gateways one-by-one in a rolling update strategy, Clients connected to the Gateway being upgraded will automatically reconnect to an available Gateway.
Users may notice very brief interruptions to Resources for a few seconds as their Client reconnects to a healthy Gateway.
Need additional help?
Try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.