Quomodo erigat Hailbytes VPN pro AWS Environment tuum?
Introduction
In hoc articulo transibimus quomodo HailBytes VPN constituere in retia tua, simplex et securum VPN et firewall pro retia tua. Singulae praeterea et specificae specificae notiones reperiri possunt in documentis nostris electronicis annexis hic.
Praeparatio
Resource 1. Requisita:
- Commendamus incipiens ab 1 vCPU et 1 GB ipsius RAM antequam scalis ascendimus.
- Pro Omnibus-substructis inceptis in servientibus minus quam 1 GB memoriae, debes in swam facere ad Linux nucleum vitare ab processibus Firezonis improviso necandis.
- 1 vCPU sufficiens sit ad amnium 1 Gbps nexus pro VPN.
2. Create DNS record: Firezone requirit nomen proprium domain ad usum productionis, eg firezone.company.com. Aptum DNS creans recordum sicut A, CNAME, vel AAAA recordum requiretur.
3. Pone SSL: testimonium SSL validum opus erit ut Firezone utendi in facultate productionis. Firezone ACME sustinet pro provisione latae sententiae de SSL libellorum Docker et Omnibus-substructis installationibus.
4. Firewall aperti sunt portus: Firezone utitur portubus 51820/udp et 443/tcp pro HTTPS et WireGuard commercii respective. Hos portus postea in file configurationis mutare potes.
Deploy in Docker (commendatur)
1. PRAEREQUISITIS:
- Perficite, vos es in suggestu fulcito cum versione spathulata componendo 2 vel superiore inaugurato.
- Fac portum procuret quod possit in firewall. Defectus sequentes portus ut aperiantur requirunt;
o LXXX / tcp (libitum): Automatarie fiebant SSL libellorum
o 443/tcp: Access web UI
o 51820/udp: VPN negotiationis auribus port
2. Install Servo Bene I: automatic instruitur (commendatur)
- Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c
- Rogabit te paucas quaestiones de configuratione initiali antequam exemplum depone.yml fasciculi docker-compose. Hanc configurare vis cum responsionibus tuis, et instructiones imprime ad accessionem interreti UI.
- Inscriptio default Firezone: $HOME/.firezone.
2. Install Servo Option II: Manual Installation
- Download Docker componere template ad loci operationem Directory
- Linux: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml
- macOS vel Windows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml
- Generare secreta requisita: docker run -rm firezone/firezone bin/gen-env > .env
- Mutationes DEFAULT_ADMIN_EMAIL et EXTERNAL_URL variabiles. Alia secreta mutare prout opus est.
- Migrandum database: docker componere currere -rm firezone bin / migrare
- Create an admin rationem: docker componere currere -rm firezone bin / creare-vel-reset-admin
- Officia sursum deducere: docker componere sursum -d
- Firezome UI per EXTERNAL_URL variabilis supra definita accedere possis.
3. Admitte in tabernus (libitum):
- Ensure Docker is enabled at startup: sudo systemctl enable docker
- Incendia officia sileo: semper vel sileo: nisi optio certa in fasciculo docker-compose.yml-stiterit.
4. Admitte Public Routability IPv6 (libitum):
- Adde sequentia ad /etc/docker/daemon.json ut IPv6 NAT efficiat et IPv6 pro vasis Docker configuret.
- Admitte iter itineris notificationes in tabernus pro egressu tuo default interface: egress=`ip route ostende default 0.0.0.0/0 | grep -oP ' (?<=dev ).*' | cut -f1 -d'' | tr -d ' \n'` sudo bash -c "echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf"
- Reboot et test pinging ad Google ab intus docker continens: docker run -rm -t busybox ping6 -c 4 google.com
- Nihil opus est regulas iptas quaslibet addere ut IPv6 SNAT/observans pro cuniculis commercii efficiat. Firezone hoc tractabit.
5. Install clientis apps
Nunc users ad retiacula tua addere potes et instructiones configurare ad sessionem VPN constituendam.
Post Setup
Gratulationes, setup perfecisti! Documenta nostra elit reprimere fortasse velis pro additionals configurationibus, considerationibus securitatis et notis provectis: https://www.firezone.dev/docs/
