Momwe Mungakhazikitsire Hailbytes VPN Pamalo Anu AWS

Introduction

M'nkhaniyi, tiona momwe tingakhazikitsire HailBytes VPN pamanetiweki yanu, VPN yosavuta komanso yotetezeka komanso firewall pamaneti anu. Tsatanetsatane ndi zina zambiri zitha kupezeka muzolemba zathu zolumikizidwa Pano.

Kukonzekera

1. Zofunikira:

Tikukulimbikitsani kuyamba ndi 1 vCPU ndi 1 GB ya RAM musanakweze.

Pakuyika kwa Omnibus pamaseva omwe ali ndi kukumbukira kosakwana 1 GB, muyenera kuyatsa kusinthana kuti mupewe kernel ya Linux kuti isaphe mwadzidzidzi njira za Firezone.

1 vCPU iyenera kukhala yokwanira kudzaza ulalo wa 1 Gbps wa VPN.

2. Pangani mbiri ya DNS: Firezone imafuna dzina loyenera kuti ligwiritsidwe ntchito popanga, mwachitsanzo firezone.company.com. Kupanga mbiri yoyenera ya DNS monga A, CNAME, kapena AAAA rekodi kudzafunika.

3. Konzani SSL: Mufunika satifiketi yovomerezeka ya SSL kuti mugwiritse ntchito Firezone popanga. Firezone imathandizira ACME popereka ziphaso zokha za SSL pakuyika kwa Docker ndi Omnibus.

4. Tsegulani madoko a firewall: Firezone imagwiritsa ntchito madoko 51820/udp ndi 443/tcp pamayendedwe a HTTPS ndi WireGuard motsatana. Mutha kusintha madoko awa pambuyo pake mufayilo yosinthira.

Ikani pa Docker (Yovomerezeka)

1. Zofunikira:

Onetsetsani kuti muli pa nsanja yothandizidwa ndi docker-compose version 2 kapena apamwamba omwe adayikidwa.

Onetsetsani kuti kutumizira madoko ndikoyatsa pa chowotchera moto. Zosasintha zimafuna kuti madoko otsatirawa atsegulidwe:

o 80/tcp (posankha): Kupereka ziphaso za SSL zokha

o 443/tcp: Pezani UI pa intaneti

o 51820/udp: doko lomvera la VPN traffic

2. Ikani Server Option I: Kuyika Mongodziwikiratu (Kovomerezeka)

Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c

Ikufunsani mafunso angapo okhudzana ndi kasinthidwe koyambirira musanatsitse fayilo ya docker-compose.yml. Mudzafuna kuyikonza ndi mayankho anu, ndikusindikiza malangizo ofikira pa Web UI.

Adilesi yofikira ya Firezone: $HOME/.firezone.

2. Ikani Seva Njira II: Kuyika pamanja

Tsitsani template ya docker ku chikwatu chogwirira ntchito kwanuko

- Linux: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml

- macOS kapena Windows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml

Pangani zinsinsi zofunika: docker run -rm firezone/firezone bin/gen-env > .env

Sinthani zosintha za DEFAULT_ADMIN_EMAIL ndi EXTERNAL_URL. Sinthani zinsinsi zina ngati pakufunika.

Samutsirani nkhokwe: docker compose run -rm firezone bin/migrate

Pangani akaunti ya admin: docker compose run -rm firezone bin/create-or-reset-admin

Bweretsani ntchitozo: docker compose up -d

Muyenera kupeza Firezome UI kudzera mumitundu ya EXTERNAL_URL yomwe yafotokozedwa pamwambapa.

3. Yambitsani pa boot (ngati mukufuna):

Onetsetsani kuti Docker imayatsidwa poyambira: sudo systemctl thandizani docker

Ntchito za Firezone ziyenera kuyambanso: nthawi zonse kapena kuyambitsanso: pokhapokha ngati njira yoyimitsidwa yotchulidwa mu fayilo ya docker-compose.yml.

4. Yambitsani IPv6 Public Routability (posankha):

Onjezani zotsatirazi ku /etc/docker/daemon.json kuti mutsegule IPv6 NAT ndikukonzekera kutumiza kwa IPv6 kwa zotengera za Docker.

Yambitsani zidziwitso za rauta pa boot pawonekedwe lanu losasinthika la egress: egress=`njira ya ip kuwonetsa kusakhazikika 0.0.0.0/0 | grep -oP '(?<=dev ).*' | kudula -f1 -d'' | tr -d '\n'` sudo bash -c “echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf”

Yambitsaninso ndikuyesani ku Google kuchokera mkati mwa chidebe cha docker: docker run -rm -t busybox ping6 -c 4 google.com

Palibe chifukwa chowonjezera malamulo a iptables kuti mutsegule IPv6 SNAT/masquerading for tunneled traffic. Firezone idzasamalira izi.

5. Ikani mapulogalamu a kasitomala

Tsopano mutha kuwonjezera ogwiritsa ntchito pamaneti anu ndikukonzekera malangizo kuti mukhazikitse gawo la VPN.

Kupanga Post

Zabwino zonse, mwamaliza kuyika! Mungafune kuyang'ana zolemba zathu zamapulogalamu kuti muwone zosintha zina, malingaliro achitetezo, ndi zina zapamwamba: https://www.firezone.dev/docs/

Chidziwitso cha Mtsogoleri wa LockBit Wawululidwa - Chovomerezeka kapena Troll?

Mwina 9, 2024 No Comments

Chidziwitso cha Mtsogoleri wa LockBit Wawululidwa - Chovomerezeka kapena Troll? Lockbit imadziwika kuti ndi imodzi mwamagulu otsogola kwambiri padziko lonse lapansi.

Werengani zambiri "

Momwe Mungachotsere Metadata pa Fayilo

April 27, 2024 No Comments

Momwe Mungachotsere Metadata mu Fayilo Yoyambira Metadata, yomwe nthawi zambiri imatchedwa "deta ya data," ndi chidziwitso chomwe chimapereka zambiri za fayilo inayake. Iwo

Werengani zambiri "

Kudutsa Kufufuza pa intaneti ndi TOR

April 27, 2024 No Comments

Kudutsa Kufufuza pa intaneti ndi TOR Mau oyamba M'dziko lomwe mwayi wopeza zidziwitso ukuchulukirachulukira, zida ngati netiweki ya Tor zakhala zofunikira kwambiri

Werengani zambiri "

Momwe Mungakhazikitsire Hailbytes VPN Pamalo Anu AWS

Introduction

Kukonzekera

Ikani pa Docker (Yovomerezeka)

Kupanga Post

Chidziwitso cha Mtsogoleri wa LockBit Wawululidwa - Chovomerezeka kapena Troll?

Momwe Mungachotsere Metadata pa Fayilo

Kudutsa Kufufuza pa intaneti ndi TOR

Services

Kampani Yathu

Adilesi Yathu

Solutions

Security FAQ

Media Social