Bii o ṣe le Ṣeto Hailbytes VPN fun Ayika AWS Rẹ
ifihan
Ninu nkan yii, a yoo lọ lori bii o ṣe le ṣeto HailBytes VPN lori nẹtiwọọki rẹ, VPN ti o rọrun ati aabo ati ogiriina fun nẹtiwọọki rẹ. Awọn alaye diẹ sii ati awọn pato ni pato ni a le rii ninu awọn iwe ti olupilẹṣẹ ti o sopọ mọ Nibi.
igbaradi
1. Awọn ibeere orisun:
- A ṣeduro bibẹrẹ pẹlu 1 vCPU ati 1 GB ti Ramu ṣaaju igbelosoke.
- Fun awọn imuṣiṣẹ ti o da lori Omnibus lori awọn olupin ti o kere ju 1 GB ti iranti, o yẹ ki o tan swap lati yago fun ekuro Linux lati pa awọn ilana Firezone lairotẹlẹ.
- 1 vCPU yẹ ki o to lati saturate ọna asopọ 1 Gbps fun VPN.
2. Ṣẹda igbasilẹ DNS: Firezone nilo orukọ ìkápá to dara fun lilo iṣelọpọ, fun apẹẹrẹ firezone.company.com. Ṣiṣẹda igbasilẹ DNS ti o yẹ bi A, CNAME, tabi igbasilẹ AAAA yoo nilo.
3. Ṣeto SSL: Iwọ yoo nilo ijẹrisi SSL to wulo lati lo Firezone ni agbara iṣelọpọ kan. Firezone ṣe atilẹyin ACME fun ipese laifọwọyi ti awọn iwe-ẹri SSL fun Docker ati awọn fifi sori ẹrọ Omnibus.
4. Ṣii awọn ibudo ogiriina: Firezone nlo awọn ebute oko oju omi 51820/udp ati 443/tcp fun HTTPS ati ijabọ WireGuard lẹsẹsẹ. O le yi awọn ibudo wọnyi pada nigbamii ni faili iṣeto ni.
Ran lọ sori Docker (Ti ṣeduro)
1. Awọn ibeere:
- Rii daju pe o wa lori pẹpẹ ti o ni atilẹyin pẹlu ẹya docker-compose 2 tabi fifi sori ẹrọ ga julọ.
- Rii daju pe fifiranšẹ siwaju ibudo ṣiṣẹ lori ogiriina. Awọn aṣiṣe nilo awọn ebute oko oju omi wọnyi lati ṣii:
o 80/tcp (iyan): Pipin awọn iwe-ẹri SSL ni adaṣe
o 443/tcp: Wiwọle si UI wẹẹbu
o 51820 / udp: VPN ijabọ gbọ ibudo
2. Fi Aṣayan olupin sori ẹrọ I: Fifi sori ẹrọ Aifọwọyi (Ti ṣeduro)
- Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c
- Yoo beere lọwọ rẹ awọn ibeere diẹ nipa iṣeto ni ibẹrẹ ṣaaju ṣiṣe igbasilẹ faili docker-compose.yml kan. Iwọ yoo fẹ lati tunto rẹ pẹlu awọn idahun rẹ, ati tẹ awọn ilana fun iwọle si UI wẹẹbu naa.
- Firezone aiyipada adirẹsi: $HOME/.firezone.
2. Fi sori ẹrọ Server Aṣayan II: Fifi sori Afowoyi
- Ṣe igbasilẹ awoṣe docker lati ṣajọ si itọsọna iṣẹ agbegbe kan
- Lainos: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml
- macOS tabi Windows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml
- Ṣe ina awọn aṣiri ti a beere: docker run –rm firezone/firezone bin/gen-env> .env
- Yi DEFAULT_ADMIN_EMAIL ati awọn oniyipada EXTERNAL_URL pada. Ṣe atunṣe awọn aṣiri miiran bi o ṣe nilo.
- Gbe ibi data silẹ: docker compose run –rm firezone bin/migrate
- Ṣẹda akọọlẹ abojuto kan: docker ṣajọ ṣiṣe –rm firezone bin/ṣẹda-tabi-abojuto-abojuto
- Mu awọn iṣẹ naa wa: docker compose up -d
- O yẹ ki o ni anfani lati wọle si Firezome UI lati inu oniyipada EXTERNAL_URL ti a ṣalaye loke.
3. Mu ṣiṣẹ lori bata (aṣayan):
- Rii daju pe Docker ṣiṣẹ ni ibẹrẹ: sudo systemctl mu docker ṣiṣẹ
- Awọn iṣẹ Firezone yẹ ki o tun bẹrẹ: nigbagbogbo tabi tun bẹrẹ: ayafi ti aṣayan ti o da duro ni pato ninu faili docker-compose.yml.
4. Mu IPv6 Iyipada Ilọsiwaju ṣiṣẹ (aṣayan):
- Ṣafikun atẹle naa si /etc/docker/daemon.json lati mu IPv6 NAT ṣiṣẹ ati tunto ifiranšẹ IPv6 fun awọn apoti Docker.
- Mu awọn iwifunni olulana ṣiṣẹ lori bata fun wiwo egress aiyipada rẹ: egress=`ip ipa ọna fi aiyipada 0.0.0.0/0 | grep -oP '(?<=dev).*' | ge -f1 -d' ' | tr -d '\n'` sudo bash -c "echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf"
- Tun atunbere ati idanwo nipasẹ pinging si Google lati inu apoti docker: docker run –rm -t busybox ping6 -c 4 google.com
- Ko si iwulo lati ṣafikun eyikeyi awọn ofin iptables lati mu IPv6 SNAT/masquerading ṣiṣẹ fun ijabọ oju eefin. Firezone yoo mu eyi.
5. Fi sori ẹrọ ni ose apps
O le ni bayi ṣafikun awọn olumulo si nẹtiwọọki rẹ ati tunto awọn ilana lati fi idi igba VPN kan mulẹ.
Ifiweranṣẹ Eto
Oriire, o ti pari iṣeto naa! O le fẹ lati ṣayẹwo awọn iwe idagbasoke wa fun awọn atunto afikun, awọn ero aabo, ati awọn ẹya ilọsiwaju: https://www.firezone.dev/docs/
