Yadda ake Sanya Hailbytes VPN don Muhalli na AWS

Gabatarwa

A cikin wannan labarin, za mu yi magana game da yadda ake saita HailBytes VPN akan hanyar sadarwar ku, VPN mai sauƙi kuma amintacce da Tacewar zaɓi don hanyar sadarwar ku. Ana iya samun ƙarin cikakkun bayanai da ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanai a alaƙar takaddun masu haɓaka mu nan.

Shiri

1. Bukatun albarkatun:

Muna ba da shawarar farawa da 1 vCPU da 1 GB na RAM kafin haɓakawa.

Don tushen Omnibus akan sabobin da ke da ƙasa da 1 GB na ƙwaƙwalwar ajiya, yakamata ku kunna musanyawa don guje wa kernel Linux daga kashe hanyoyin Firezone ba zato ba tsammani.

1 vCPU yakamata ya isa ya daidaita hanyar haɗin Gbps 1 don VPN.

2. Ƙirƙirar rikodin DNS: Firezone yana buƙatar sunan yankin da ya dace don amfanin samarwa, misali firezone.company.com. Ƙirƙirar rikodin DNS mai dacewa kamar A, CNAME, ko rikodin AAAA za a buƙaci.

3. Saita SSL: Za ku buƙaci ingantaccen takardar shaidar SSL don amfani da Firezone a cikin ƙarfin samarwa. Firezone yana goyan bayan ACME don samarwa ta atomatik na takaddun shaida na SSL don shigarwar Docker da tushen Omnibus.

4. Bude tashoshin wuta na wuta: Firezone yana amfani da tashar jiragen ruwa 51820/udp da 443/tcp don zirga-zirgar HTTPS da WireGuard bi da bi. Kuna iya canza waɗannan tashoshin jiragen ruwa daga baya a cikin fayil ɗin sanyi.

Aike kan Docker (An shawarta)

1. Abubuwan da ake bukata:

Tabbatar cewa kuna kan dandamali mai goyan baya tare da shigar da nau'in docker-compose 2 ko sama da haka.

Tabbatar an kunna isar da tashar jiragen ruwa akan Tacewar zaɓi. Defaults suna buƙatar waɗannan tashoshin jiragen ruwa don buɗewa:

o 80/tcp (na zaɓi): Ba da takaddun SSL ta atomatik

o 443/tcp: Shiga UI na yanar gizo

o 51820/udp: tashar tashar sauraron zirga-zirga ta VPN

2. Shigar Zaɓin Sabar I: Shigarwa ta atomatik (An shawarta)

Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c

Zai tambaye ku ƴan tambayoyi game da daidaitawar farko kafin zazzage samfurin docker-compose.yml fayil. Za ku so ku saita shi tare da martaninku, da buga umarni don samun damar yanar gizo UI.

Tsohuwar adireshin Firezone: $HOME/.firezone.

2. Shigar uwar garken Zabin II: Shigar da Manual

Zazzage samfur ɗin mai docker ɗin zuwa kundin tsarin aiki na gida

- Linux: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml

- macOS ko Windows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml

Ƙirƙirar asirin da ake buƙata: docker run –rm firezone/firezone bin/gen-env> .env

Canza masu canji DEFAULT_ADMIN_EMAIL da EXTERNAL_URL. Gyara wasu sirrikan yadda ake bukata.

Ƙaura bayanan bayanai: docker compose run-rm firezone bin/migrate

Ƙirƙiri asusun gudanarwa: docker ya tsara run-rm firezone bin/create-ko-reset-admin

Kawo ayyukan: docker compose up -d

Ya kamata ku sami damar shiga Firezome UI ta hanyar EXTERNAL_URL m da aka ayyana a sama.

3. Kunna kan taya (na zaɓi):

Tabbatar cewa an kunna Docker a farawa: sudo systemctl kunna docker

Sabis na Firezone yakamata su sake farawa: koyaushe ko sake farawa: sai dai in an tsayar da zaɓi a cikin fayil ɗin docker-compose.yml.

4. Kunna IPV6 Gudanarwar Jama'a (na zaɓi):

Ƙara waɗannan zuwa /etc/docker/daemon.json don ba da damar IPv6 NAT da kuma saita isar da IPv6 don kwantena Docker.

Kunna sanarwar na'ura mai ba da hanya tsakanin hanyoyin sadarwa akan taya don ƙirar egress ɗinku ta asali: egress=`ip way yana nuna tsoho 0.0.0.0/0 | grep -oP '(?<=dev)*' | yanke -f1 -d' | tr -d '\n'' sudo bash -c "echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf"

Sake yi da gwadawa ta hanyar yin pinging zuwa Google daga cikin kwandon docker: docker run –rm -t busybox ping6 -c 4 google.com

Babu buƙatar ƙara kowane ƙa'idodin iptables don ba da damar IPV6 SNAT/masquerading don zirga-zirgar rami. Firezone zai kula da wannan.

5. Sanya aikace-aikacen abokin ciniki

Yanzu zaku iya ƙara masu amfani zuwa cibiyar sadarwar ku kuma saita umarnin don kafa zaman VPN.

Saita Bayan Bayan

Taya murna, kun gama saitin! Kuna iya bincika takaddun masu haɓaka mu don ƙarin daidaitawa, abubuwan tsaro, da abubuwan ci-gaba: https://www.firezone.dev/docs/

An Bayyana Shaidar Jagoran LockBit - Halal ko Troll?

Bari 9, 2024 No Comments

An Bayyana Shaidar Jagoran LockBit - Halal ko Troll? An san shi sosai a matsayin ɗayan manyan ƙungiyoyin fansa na duniya, Lockbit ya fara shiga

Kara karantawa "

Yadda ake Cire Metadata daga Fayil

Afrilu 27, 2024 No Comments

Yadda ake Cire Metadata daga Metadata Gabatarwa na Fayil, galibi ana bayyana shi azaman “bayanai game da bayanai,” shine bayanin da ke ba da cikakkun bayanai game da takamaiman fayil. Yana

Kara karantawa "

Ketare Binciken Intanet tare da TOR

Afrilu 27, 2024 No Comments

Ketare Binciken Intanet tare da Gabatarwar TOR A cikin duniyar da ake ƙara daidaita samun bayanai, kayan aiki kamar cibiyar sadarwar Tor sun zama mahimmanci ga

Kara karantawa "

Yadda ake Sanya Hailbytes VPN don Muhalli na AWS

Gabatarwa

Shiri

Aike kan Docker (An shawarta)

Saita Bayan Bayan

An Bayyana Shaidar Jagoran LockBit - Halal ko Troll?

Yadda ake Cire Metadata daga Fayil

Ketare Binciken Intanet tare da TOR

sabis

Kamfaninmu

Adireshinmu

Solutions

Tsaro FAQ

Social Media