Maitiro ekuseta Hailbytes VPN kune Yako AWS Nzvimbo

ziviso

Muchikamu chino, tichaenda pamusoro pekuti tingamisa sei HailBytes VPN panetiweki yako, iri nyore uye yakachengeteka VPN uye firewall kunetiweki yako. Rumwe ruzivo uye zvakatemwa zvakatemwa zvinogona kuwanikwa mune yedu yekuvandudza zvinyorwa zvakabatana pano.

Tanga Iye zvino PaAWS

Kugadzirira

   1. Resource Zvinodiwa:

  • Isu tinokurudzira kutanga ne1 vCPU uye 1 GB ye RAM tisati takwira kumusoro.
  • Kune Omnibus-yakavakirwa deployments pamaseva ane isingasviki 1 GB yendangariro, iwe unofanirwa kuvhura swap kudzivirira iyo Linux kernel kubva kusingafungidzirwe kuuraya Firezone maitiro.
  • 1 vCPU inofanira kukwana kugutsa 1 Gbps link yeVPN.
 

   2.  Gadzira DNS rekodhi: Firezone inoda zita rakakodzera rezita rekushandisa kugadzira, semuenzaniso firezone.company.com. Kugadzira yakakodzera DNS rekodhi senge A, CNAME, kana AAAA rekodhi ichadikanwa.

   3.  Gadzirisa SSL: Iwe unozoda inoshanda SSL chitupa kuti ushandise Firezone muhuwandu hwekugadzira. Firezone inotsigira ACME yekugovera otomatiki kweSSL zvitupa zveDocker uye Omnibus-yakavakirwa kumisikidzwa.

   4.  Vhura firewall ports: Firezone inoshandisa ports 51820/udp uye 443/tcp yeHTTPS uye WireGuard traffic zvakateerana. Unogona kushandura aya madoko gare gare mufaira rekugadzirisa.

Deploy paDocker (Inokurudzirwa)

   1. Zvinodiwa:

  • Ita shuwa kuti uri papuratifomu inotsigirwa ine docker-compose vhezheni 2 kana yepamusoro yakaiswa.

 

  • Ita shuwa kuti port forward inogoneswa pane firewall. Defaults inoda kuti madoko anotevera avhurwe:

         o 80/tcp (inosarudza): Kuburitsa otomatiki zvitupa zveSSL

         o 443/tcp: Svika pawebhu UI

         o 51820/udp: VPN traffic inoteerera chiteshi

  2.  Isa Server Sarudzo I: Kuisirwa otomatiki (Inokurudzirwa)

  • Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c

 

  • Ichakubvunza iwe mibvunzo mishoma maererano nekutanga kumisikidzwa usati wadhawunirodha sampuli docker-compose.yml faira. Iwe uchada kuigadzirisa nemhinduro dzako, uye kudhinda mirairo yekuwana iyo Webhu UI.

 

  • Firezone default address: $HOME/.firezone.
 

  2.  Isa Server Sarudzo II: Manual Installation

  • Dhawunirodha iyo docker nyora template kune yemuno inoshanda dhairekitori

          - Linux: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml

          - macOS kana Windows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml

  • Gadzira zvakavanzika zvinodiwa: docker run -rm firezone/firezone bin/gen-env > .env

 

  • Chinja DEFAULT_ADMIN_EMAIL neEXTERNAL_URL zvinosiyana. Shandura zvimwe zvakavanzika sezvinodiwa.

 

  • Tamisa dhatabhesi: docker compose run -rm firezone bin/migrate

 

  • Gadzira admin account: docker nyora run -rm firezone bin/gadzira-kana-reset-admin

 

  • Hunza masevhisi kumusoro: docker compose up -d

 

  • Iwe unofanirwa kukwanisa kuwana iyo Firezome UI kuburikidza neEXTERNAL_URL musiyano watsanangurwa pamusoro.
 

   3. Gonesa pabhutsu (optional):

  • Ita shuwa kuti Docker inogoneswa pakutanga: sudo systemctl inogonesa docker

 

  • Firezone masevhisi anofanirwa kuve nekutangwa patsva: nguva dzose kana kutangazve: kunze kwekunge-yakamira sarudzo inotsanangurwa mudocker-compose.yml faira.

   4. Gonesa IPv6 Public Routability (optional):

  • Wedzera zvinotevera ku /etc/docker/daemon.json kugonesa IPv6 NAT uye gadzirisa IPv6 kutumira kune Docker midziyo.

 

  • Gonesa zviziviso zverouter pabhutsu kuitira yako default egress interface: egress=`ip nzira inoratidza default 0.0.0.0/0 | grep -oP '(?<=dev ).*' | cheka -f1 -d'' | tr -d '\n'` sudo bash -c “echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf”

 

  • Reboot uye edza nepinging kuGoogle kubva mukati medocker mudziyo: docker run -rm -t busybox ping6 -c 4 google.com

 

  • Hapana chikonzero chekuwedzera chero iptables mitemo yekugonesa IPv6 SNAT/masquerading kune tunneled traffic. Firezone ichabata izvi.
 

   5. Isa mapurogiramu evatengi

        Iwe unogona ikozvino kuwedzera vashandisi kunetiweki yako uye kugadzirisa mirairo yekumisikidza VPN sesheni.

Post Setup

Makorokoto, wapedza kuseta! Ungangoda kutarisa zvinyorwa zvedu zvemugadziri kuti uwane mamwe magadzirirwo, kufunga nezvekuchengetedza, uye maficha epamberi: https://www.firezone.dev/docs/

Services

Our Company

Our Address

Hailbytes

9511 Queens Guard Ct.

Laurel, MD 20723

Telefon: (732) 771-9995

Email: info@hailbytes.com

Solutions

Chengetedzo FAQ

Social Media