Uyisetha kanjani i-Hailbytes VPN yendawo yakho ye-AWS

Isingeniso

Kulesi sihloko, sizohamba mayelana nendlela yokusetha i-HailBytes VPN kunethiwekhi yakho, i-VPN elula nevikelekile kanye ne-firewall yenethiwekhi yakho. Eminye imininingwane nokucaciswa okuthile kungatholakala kumadokhumenti kanjiniyela wethu axhunyiwe lapha.

Ukulungiselela

1. Izidingo Zensiza:

Sincoma ukuthi uqale nge-vCPU engu-1 no-1 GB we-RAM ngaphambi kokukhuphula.

Ngokusetshenziswa okususelwe ku-Omnibus kumaseva anenkumbulo engaphansi kwe-1 GB, kufanele uvule ukushintshwa ukuze ugweme i-Linux kernel ekubulaleni kungazelelwe izinqubo ze-Firezone.

I-vCPU engu-1 kufanele yanele ukuze igcwalise isixhumanisi esingu-1 Gbps se-VPN.

2. Dala irekhodi le-DNS: I-Firezone idinga igama lesizinda elifanele ukuze lisetshenziswe ekukhiqizeni, isb firezone.company.com. Ukudala irekhodi elifanele le-DNS elifana ne-A, CNAME, noma irekhodi le-AAAA kuzodingeka.

3. Setha i-SSL: Uzodinga isitifiketi se-SSL esivumelekile ukuze usebenzise i-Firezone endaweni yokukhiqiza. I-Firezone isekela i-ACME ekuhlinzekeni okuzenzakalelayo kwezitifiketi ze-SSL zokufakwa kwe-Docker ne-Omnibus-based.

4. Vula izimbobo zokuvikela umlilo: I-Firezone isebenzisa izimbobo ezingu-51820/udp kanye ne-443/tcp ku-HTTPS nethrafikhi ye-WireGuard ngokulandelanayo. Ungashintsha lezi zimbobo kamuva kufayela lokumisa.

Sebenzisa ku-Docker (Kunconyiwe)

1. Okudingekayo:

Qinisekisa ukuthi usendaweni esekelwayo ene-docker-compose version 2 noma ngaphezulu efakiwe.

Qiniseka ukuthi ukudlulisela ngembobo kunikwe amandla ku-firewall. Okuzenzakalelayo kudinga ukuthi izimbobo ezilandelayo zivulwe:

o 80/tcp (ongakukhetha): Ukukhipha ngokuzenzakalelayo izitifiketi ze-SSL

o 443/tcp: Finyelela i-UI yewebhu

o 51820/udp: Imbobo yokulalela yethrafikhi ye-VPN

2. Faka Inketho Yeseva I: Ukufaka Okuzenzakalelayo (Kunconyiwe)

Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c

Izokubuza imibuzo embalwa mayelana nokucushwa kokuqala ngaphambi kokulanda ifayela lesampula le-docker-compose.yml. Uzofuna ukuyilungiselela ngezimpendulo zakho, futhi uphrinte imiyalelo yokufinyelela i-Web UI.

Ikheli elizenzakalelayo le-Firezone: $HOME/.firezone.

2. Faka Iseva Inketho II: Ukufakwa Mathupha

Dawuniloda ithempulethi yokubhala idokhu kunkomba yendawo yokusebenza

- Linux: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml

- i-macOS noma iWindows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml

Khiqiza izimfihlo ezidingekayo: idocker run –rm firezone/firezone bin/gen-env > .env

Shintsha i-DEFAULT_ADMIN_EMAIL kanye ne-EXTERNAL_URL ehlukile. Lungisa ezinye izimfihlo njengoba kudingeka.

Thutha imininingwane egciniwe: idokha qamba run -rm firezone bin/migrate

Dala i-akhawunti yomqondisi: i-docker compose run -rm firezone bin/create-or-reset-admin

Letha izinsizakalo phezulu: i-docker compose up -d

Kufanele ukwazi ukufinyelela i-Firezome UI ngokusebenzisa i-EXTERNAL_URL eguquguqukayo echazwe ngenhla.

3. Nika amandla ekuqaliseni (kuyakhetheka):

Qinisekisa ukuthi i-Docker inikwe amandla ekuqaleni: sudo systemctl vumela i-docker

Amasevisi e-Firezone kufanele aqale kabusha: njalo noma aqalise kabusha: ngaphandle uma kumiswe inketho ecaciswe kufayela le-docker-compose.yml.

4. Nika amandla i-IPv6 Public Routability (ongakukhetha):

Engeza okulandelayo ku-/etc/docker/daemon.json ukuze unike amandla i-IPv6 NAT futhi ulungiselele ukudluliselwa kwe-IPv6 kweziqukathi ze-Docker.

Nika amandla izaziso zerutha ekuqaliseni ukuze uthole isixhumi esibonakalayo se-egress esizenzakalelayo: egress=`indlela ye-ip ibonisa okuzenzakalelayo 0.0.0.0/0 | grep -oP '(?<=dev ).*' | sika -f1 -d'' | tr -d '\n'` sudo bash -c “echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf”

Qalisa kabusha futhi uhlole ngokucindezela ku-Google ungaphakathi kwesiqukathi sedokha: i-docker run –rm -t busybox ping6 -c 4 google.com

Asikho isidingo sokwengeza noma yimiphi imithetho ye-iptables ukuze unike amandla i-IPv6 SNAT/ukuzehlisa kuthrafikhi emhubhe. I-Firezone izophatha lokhu.

5. Faka izinhlelo zokusebenza zeklayenti

Manje usungangeza abasebenzisi kunethiwekhi yakho futhi ulungiselele imiyalelo yokusungula iseshini ye-VPN.

Ukusethwa kokuthunyelwe

Halala, uqedile ukusetha! Ungase ufune ukuhlola imibhalo yethu yonjiniyela ukuze uthole ukucushwa okwengeziwe, ukucatshangelwa kwezokuphepha, nezici ezithuthukisiwe: https://www.firezone.dev/docs/

Kuveziwe Umazisi Womholi we-LockBit - Osemthethweni noma we-Troll?

Kwembulwa Ubunikazi Bomholi we-LockBit - Kusemthethweni noma i-Troll?

Kwangathi 9, 2024 Awekho amazwana

Kwembulwa Ubunikazi Bomholi we-LockBit - Kusemthethweni noma i-Troll? Eyaziwa kabanzi njengelinye lamaqembu e-ransomware akhiqiza kakhulu emhlabeni, i-Lockbit yaqala ukuvela

Funda kabanzi "

Uyikhipha kanjani imethadatha kufayela

April 27, 2024 Awekho amazwana

Ikhishwa Kanjani Imethadatha Kumethadatha Yesethulo Sefayela, evame ukuchazwa “njengedatha emayelana nedatha,” iwulwazi olunikeza imininingwane ngefayela elithile. It

Funda kabanzi "

Ukweqa Ukuhlolwa Kwe-inthanethi nge-TOR

April 27, 2024 Awekho amazwana

Ukweqa Ukuhlolwa Kwe-inthanethi Ngesingeniso Se-TOR Ezweni lapho ukufinyelela olwazini kulawulwa ngokwandayo, amathuluzi afana nenethiwekhi ye-Tor asebaluleke kakhulu

Funda kabanzi "

Uyisetha kanjani i-Hailbytes VPN yendawo yakho ye-AWS

Isingeniso

Ukulungiselela

Sebenzisa ku-Docker (Kunconyiwe)

Ukusethwa kokuthunyelwe

Kwembulwa Ubunikazi Bomholi we-LockBit - Kusemthethweni noma i-Troll?

Uyikhipha kanjani imethadatha kufayela

Ukweqa Ukuhlolwa Kwe-inthanethi nge-TOR

Imisebenzi

Inkampani yethu

Ikheli Lethu

Solutions

I-FAQ Yezokuphepha

Social Media