Otu esi edozi VPN Hailbytes maka gburugburu AWS gị
Okwu Mmalite
N'isiokwu a, anyị ga-enyocha otu esi edozi HailBytes VPN na netwọk gị, VPN dị mfe ma dị nchebe na firewall maka netwọk gị. Enwere ike ịchọta nkọwa ndị ọzọ na nkọwapụta n'ime akwụkwọ ndị nrụpụta anyị jikọtara Ebe a.
Nkwadebe
1. Ihe achọrọ akụrụngwa:
- Anyị na-akwado ịmalite site na 1 vCPU na 1 GB nke RAM tupu ebuli elu.
- Maka mbugharị dabere na Omnibus na sava nwere ihe na-erughị 1 GB nke ebe nchekwa, ị kwesịrị ịgbanwuo swap iji zere kernel Linux site na igbu usoro Firezone na-atụghị anya ya.
- 1 vCPU kwesịrị ezuru iji mejupụta njikọ 1 Gbps maka VPN.
2. Mepụta ndekọ DNS: Firezone chọrọ aha ngalaba kwesịrị ekwesị maka iji mmepụta, dịka firezone.company.com. Ịmepụta ndekọ DNS kwesịrị ekwesị dị ka ndekọ A, CNAME, ma ọ bụ AAAA ga-achọrọ.
3. Hazie SSL: Ị ga-achọ akwụkwọ SSL dị irè iji Firezone na ikike mmepụta. Firezone na-akwado ACME maka ịnye asambodo SSL akpaaka maka nrụnye dabere na Docker na Omnibus.
4. Mepee ọdụ ụgbọ mmiri firewall: Firezone na-eji ọdụ ụgbọ mmiri 51820/udp na 443/tcp maka HTTPS na okporo ụzọ WireGuard n'otu n'otu. Ị nwere ike ịgbanwe ọdụ ụgbọ mmiri ndị a ma emechaa na faịlụ nhazi.
Buga na Docker (atụ aro)
1. Ihe achọrọ:
- Gbaa mbọ hụ na ịnọ n'elu ikpo okwu akwadoro nwere ụdị docker-compose 2 ma ọ bụ karịa arụnyere.
- Gbaa mbọ hụ na agbanyere mbugharị ọdụ ụgbọ mmiri na firewall. Ihe ndabara chọrọ ka emeghe ọdụ ụgbọ mmiri ndị a:
o 80/tcp (nhọrọ): Na-enye asambodo SSL na-akpaghị aka
o 443/tcp: Nweta webụ UI
o 51820/udp: VPN okporo ụzọ ntị ọdụ ụgbọ mmiri
2. Wụnye Nhọrọ nke sava I: Nwụnye akpaaka (A kwadoro)
- Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c
- Ọ ga-ajụ gị ajụjụ ole na ole gbasara nhazi mbụ tupu nbudata faịlụ docker-compose.yml sample. Ị ga-achọ iji nzaghachi gị hazie ya, wee bipụta ntuziaka maka ịnweta UI Weebụ.
- Adreesị ndabara nke Firezone: $HOME/.firezone.
2. Wụnye ihe nkesa Nhọrọ II: Ntinye akwụkwọ ntuziaka
- Budata docker dere ndebiri na ndekọ ọrụ mpaghara
- Linux: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml
- macOS ma ọ bụ Windows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml
- Mepụta ihe nzuzo achọrọ: docker run –rm firezone/firezone bin/gen-env> .env
- Gbanwee mgbanwe DEFAULT_ADMIN_EMAIL na EXTERNAL_URL. Gbanwee ihe nzuzo ndị ọzọ dị ka achọrọ.
- Bugharịa nchekwa data: docker dere run –rm firezone bin/migrate
- Mepụta akaụntụ nchịkwa: docker dere run-rm firezone bin/mepụta-ma ọ bụ-reset-admin
- Weta ọrụ ndị a: docker compose up -d
- Ị ga-enwe ike ịnweta Firezome UI site na mgbanwe EXTERNAL_URL akọwapụtara n'elu.
3. Kwado na buut (nhọrọ):
- Gbaa mbọ hụ na agbanyere Docker na mmalite: sudo systemctl nyeere docker
- Ọrụ Firezone kwesịrị ịmalitegharị: mgbe niile ma ọ bụ malitegharịa: ọ gwụla ma nhọrọ akwụsịghị akọwapụtara na faịlụ docker-compose.yml.
4. Kwado IPv6 Ọhaneze Routability (nhọrọ):
- Tinye ihe ndị a na /etc/docker/daemon.json iji mee ka IPv6 NAT wee hazie IPv6 ebugharị maka arịa Docker.
- Kwado amamọkwa rawụta na buut maka ndabara egress interface gị: egress=`ip ụzọ na-egosi ndabara 0.0.0.0/0 | grep -oP '(?<=dev)*' | gbu -f1 -d' | tr -d '\n'' sudo bash -c "echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf"
- Malitegharịa ma nwalee site na ịpị na Google site na akpa docker: docker run –rm -t busybox ping6 -c 4 google.com
- Ọ dịghị mkpa ịgbakwunye iwu iptables ọ bụla iji mee ka IPv6 SNAT/masquerading maka okporo ụzọ gbawara agbawa. Firezone ga-edozi nke a.
5. Wụnye ngwa ahịa
Ị nwere ike tinye ndị ọrụ ugbu a na netwọkụ gị wee hazie ntuziaka iji guzobe nnọkọ VPN.
Mbido Mbido
Ekele, ị mechala ntọlite a! Ị nwere ike ịlele akwụkwọ onye nrụpụta anyị maka nhazi ndị ọzọ, nleba anya nchekwa na atụmatụ dị elu: https://www.firezone.dev/docs/
