From 4b953b203c860e8a0e0cc502e0667be7b56ed35c Mon Sep 17 00:00:00 2001 From: sa6anw Date: Thu, 4 Jan 2024 13:01:43 +0000 Subject: [PATCH] NA --- docs/Services/index.md | 2 +- docs/Services/netmaker.md | 202 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 193 insertions(+), 11 deletions(-) diff --git a/docs/Services/index.md b/docs/Services/index.md index 165d7c2..6e730ed 100644 --- a/docs/Services/index.md +++ b/docs/Services/index.md @@ -1,5 +1,5 @@ --- -Title: Services +title: Services --- - **[Cloudlog](https://cloudlog.sa6anw.se)** diff --git a/docs/Services/netmaker.md b/docs/Services/netmaker.md index f5c554b..278ab48 100644 --- a/docs/Services/netmaker.md +++ b/docs/Services/netmaker.md @@ -1,13 +1,195 @@ --- -Title: Netmaker +title: Netmaker --- - __ __ ________ ________ __ __ ______ __ __ ________ _______ -| \ | \ | \ | \ | \ / \ / \ | \ / \ | \ | \ -| $$\ | $$ | $$$$$$$$ \$$$$$$$$ | $$\ / $$ | $$$$$$\ | $$ / $$ | $$$$$$$$ | $$$$$$$\ -| $$$\| $$ | $$__ | $$ | $$$\ / $$$ | $$__| $$ | $$/ $$ | $$__ | $$__| $$ -| $$$$\ $$ | $$ \ | $$ | $$$$\ $$$$ | $$ $$ | $$ $$ | $$ \ | $$ $$ -| $$\$$ $$ | $$$$$ | $$ | $$\$$ $$ $$ | $$$$$$$$ | $$$$$\ | $$$$$ | $$$$$$$\ -| $$ \$$$$ | $$_____ | $$ | $$ \$$$| $$ | $$ | $$ | $$ \$$\ | $$_____ | $$ | $$ -| $$ \$$$ | $$ \ | $$ | $$ \$ | $$ | $$ | $$ | $$ \$$\ | $$ \ | $$ | $$ - \$$ \$$ \$$$$$$$$ \$$ \$$ \$$ \$$ \$$ \$$ \$$ \$$$$$$$$ \$$ \$$ \ No newline at end of file + __ __ ________ ________ __ __ ______ __ __ ________ _______ + |\_\ |\_\ |\ ______\ |\ ______\ |\_\ /\_\ /\ ____\ | \ / \ |\ ______\ |\ _____\ + | XX\ | XX | XXXXXXXX \XXXXXXXX | XX\ / XX | XXXXXX\ | XX / XX | XXXXXXXX | XXXXXXX\ + | XXX\| XX | XX__ | XX | XXX\ / XXX | XX__| XX | XX/ XX | XX__ | XX__| XX + | XXXX\ XX | XX _\ | XX | XXXX\ XXXX | XX __\XX | XX XX | XX _\ | XX __\XX + | XX\XX XX | XXXXX | XX | XX\XX XX XX | XXXXXXXX | XXXXX\ | XXXXX | XXXXXXX\ + | XX \XXXX | XX_____ | XX | XX \XXX| XX | XX | XX | XX \XX\ | XX_____ | XX | XX + | XX \XXX | XX ____\ | XX | XX \X | XX | XX | XX | XX \XX\ | XX ____\ | XX | XX + \XX \XX \XXXXXXXX \XX \XX \XX \XX \XX \XX \XX \XXXXXXXX \XX \XX + + SA6ANW + +**Netmaker**
+Wireguard VPN & Software Defined Networking + +Med Netmaker Kan jag styra kommunikationen precis som jag vill. Det påminner om Tailscale men man har möjlighet att hosta det själv. Jag kör version 0.17.0. + +För att köra netnetmaker +Skapa en `docker-compose.yaml` med följande innehåll + + version: "3.4" + + services: + netmaker: + container_name: netmaker + image: gravitl/netmaker:v0.17.0 + cap_add: + - NET_ADMIN + - NET_RAW + - SYS_MODULE + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv6.conf.all.forwarding=1 + restart: always + volumes: + - dnsconfig:/root/config/dnsconfig + - sqldata:/root/data + - mosquitto_data:/etc/netmaker + environment: + SERVER_NAME: "broker.netmaker.sa6anw.se" + SERVER_HOST: "81.170.219.67" + SERVER_API_CONN_STRING: "api.netmaker.sa6anw.se:443" + COREDNS_ADDR: "81.170.219.67" + DNS_MODE: "on" + SERVER_HTTP_HOST: "api.netmaker.sa6anw.se" + API_PORT: "8081" + CLIENT_MODE: "on" + MASTER_KEY: "Masterkey" + CORS_ALLOWED_ORIGIN: "*" + DISPLAY_KEYS: "on" + DATABASE: "sqlite" + NODE_ID: "netmaker-server-1" + MQ_HOST: "mq" + MQ_PORT: "443" + MQ_SERVER_PORT: "1883" + HOST_NETWORK: "off" + VERBOSITY: "1" + MANAGE_IPTABLES: "on" + PORT_FORWARD_SERVICES: "dns" + MQ_ADMIN_PASSWORD: "AdminPassword" + ports: + - "51821-51830:51821-51830/udp" + netmaker-ui: + container_name: netmaker-ui + image: gravitl/netmaker-ui:v0.17.0 + depends_on: + - netmaker + links: + - "netmaker:api" + restart: always + environment: + BACKEND_URL: "https://api.netmaker.sa6anw.se" + caddy: + image: caddy:2.6.2 + container_name: caddy + restart: unless-stopped + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - caddy_data:/data + - caddy_conf:/config + ports: + - "80:80" + - "443:443" + coredns: + container_name: coredns + image: coredns/coredns + command: -conf /root/dnsconfig/Corefile + depends_on: + - netmaker + restart: always + volumes: + - dnsconfig:/root/dnsconfig + mq: + container_name: mq + image: eclipse-mosquitto:2.0.15-openssl + depends_on: + - netmaker + restart: unless-stopped + command: ["/mosquitto/config/wait.sh"] + environment: + NETMAKER_SERVER_HOST: "https://api.netmaker.sa6anw.se" + volumes: + - ./mosquitto.conf:/mosquitto/config/mosquitto.conf + - ./wait.sh:/mosquitto/config/wait.sh + - mosquitto_data:/mosquitto/data + - mosquitto_logs:/mosquitto/log + volumes: + caddy_data: {} + caddy_conf: {} + sqldata: {} + dnsconfig: {} + mosquitto_data: {} + mosquitto_logs: {} + +- Byt till din egen domän +- Sätt lång MASTER_KEY och AdminPassword + +Du behöver också dilen `Caddyfile` i samma folder med följande innehåll + + { + # LetsEncrypt account + email sa6anw@gmail.com + } + + # Dashboard + https://dashboard.netmaker.sa6anw.se { + # Apply basic security headers + header { + # Enable cross origin access to *.netmaker.sa6anw.se + Access-Control-Allow-Origin *.netmaker.sa6anw.se + # Enable HTTP Strict Transport Security (HSTS) + Strict-Transport-Security "max-age=31536000;" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection) + X-Frame-Options "SAMEORIGIN" + # Prevent search engines from indexing + X-Robots-Tag "none" + # Remove the server name + -Server + } + + reverse_proxy http://netmaker-ui + } + + # API + https://api.netmaker.sa6anw.se { + reverse_proxy http://netmaker:8081 + } + + # MQ + wss://broker.netmaker.sa6anw.se { + reverse_proxy ws://mq:8883 + } +Samma sak här, byt till din domän och mailadress. + +Sista filen du behöver ät `wait.sh` + + #!/bin/ash + + wait_for_netmaker() { + echo "SERVER: ${NETMAKER_SERVER_HOST}" + until curl --output /dev/null --silent --fail --head \ + --location "${NETMAKER_SERVER_HOST}/api/server/health"; do + echo "Waiting for netmaker server to startup" + sleep 1 + done + } + + main(){ + # wait for netmaker to startup + apk add curl + wait_for_netmaker + echo "Starting MQ..." + # Run the main container command. + /docker-entrypoint.sh + /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf + + } + + main "${@}" + +Sen är det bara att köra `docker-compose up -d` + +**Modifiering**
+Jag har valt att bryta ut caddy så att jag kan köra fler tjänster med bara en IP. + +Det kommer mera!!! +