6.3 KiB
6.3 KiB
| title |
|---|
| Netmaker |
__ __ ________ ________ __ __ ______ __ __ ________ _______
|\_\ |\_\ |\ ______\ |\ ______\ |\_\ /\_\ /\ ____\ | \ / \ |\ ______\ |\ _____\
| XX\ | XX | XXXXXXXX \XXXXXXXX | XX\ / XX | XXXXXX\ | XX / XX | XXXXXXXX | XXXXXXX\
| XXX\| XX | XX__ | XX | XXX\ / XXX | XX__| XX | XX/ XX | XX__ | XX__| XX
| XXXX\ XX | XX _\ | XX | XXXX\ XXXX | XX __\XX | XX XX | XX _\ | XX __\XX
| XX\XX XX | XXXXX | XX | XX\XX XX XX | XXXXXXXX | XXXXX\ | XXXXX | XXXXXXX\
| XX \XXXX | XX_____ | XX | XX \XXX| XX | XX | XX | XX \XX\ | XX_____ | XX | XX
| XX \XXX | XX ____\ | XX | XX \X | XX | XX | XX | XX \XX\ | XX ____\ | XX | XX
\XX \XX \XXXXXXXX \XX \XX \XX \XX \XX \XX \XX \XXXXXXXX \XX \XX
SA6ANW
Netmaker
Wireguard VPN & Software Defined Networking
Med Netmaker Kan jag styra kommunikationen precis som jag vill. Det påminner om Tailscale men man har möjlighet att hosta det själv. Jag kör version 0.17.0.
För att köra netnetmaker
Skapa en docker-compose.yaml med följande innehåll
version: "3.4"
services:
netmaker:
container_name: netmaker
image: gravitl/netmaker:v0.17.0
cap_add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.all.forwarding=1
restart: always
volumes:
- dnsconfig:/root/config/dnsconfig
- sqldata:/root/data
- mosquitto_data:/etc/netmaker
environment:
SERVER_NAME: "broker.netmaker.sa6anw.se"
SERVER_HOST: "81.170.219.67"
SERVER_API_CONN_STRING: "api.netmaker.sa6anw.se:443"
COREDNS_ADDR: "81.170.219.67"
DNS_MODE: "on"
SERVER_HTTP_HOST: "api.netmaker.sa6anw.se"
API_PORT: "8081"
CLIENT_MODE: "on"
MASTER_KEY: "Masterkey"
CORS_ALLOWED_ORIGIN: "*"
DISPLAY_KEYS: "on"
DATABASE: "sqlite"
NODE_ID: "netmaker-server-1"
MQ_HOST: "mq"
MQ_PORT: "443"
MQ_SERVER_PORT: "1883"
HOST_NETWORK: "off"
VERBOSITY: "1"
MANAGE_IPTABLES: "on"
PORT_FORWARD_SERVICES: "dns"
MQ_ADMIN_PASSWORD: "AdminPassword"
ports:
- "51821-51830:51821-51830/udp"
netmaker-ui:
container_name: netmaker-ui
image: gravitl/netmaker-ui:v0.17.0
depends_on:
- netmaker
links:
- "netmaker:api"
restart: always
environment:
BACKEND_URL: "https://api.netmaker.sa6anw.se"
caddy:
image: caddy:2.6.2
container_name: caddy
restart: unless-stopped
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_conf:/config
ports:
- "80:80"
- "443:443"
coredns:
container_name: coredns
image: coredns/coredns
command: -conf /root/dnsconfig/Corefile
depends_on:
- netmaker
restart: always
volumes:
- dnsconfig:/root/dnsconfig
mq:
container_name: mq
image: eclipse-mosquitto:2.0.15-openssl
depends_on:
- netmaker
restart: unless-stopped
command: ["/mosquitto/config/wait.sh"]
environment:
NETMAKER_SERVER_HOST: "https://api.netmaker.sa6anw.se"
volumes:
- ./mosquitto.conf:/mosquitto/config/mosquitto.conf
- ./wait.sh:/mosquitto/config/wait.sh
- mosquitto_data:/mosquitto/data
- mosquitto_logs:/mosquitto/log
volumes:
caddy_data: {}
caddy_conf: {}
sqldata: {}
dnsconfig: {}
mosquitto_data: {}
mosquitto_logs: {}
- Byt till din egen domän
- Sätt lång MASTER_KEY och AdminPassword
Du behöver också dilen Caddyfile i samma folder med följande innehåll
{
# LetsEncrypt account
email sa6anw@gmail.com
}
# Dashboard
https://dashboard.netmaker.sa6anw.se {
# Apply basic security headers
header {
# Enable cross origin access to *.netmaker.sa6anw.se
Access-Control-Allow-Origin *.netmaker.sa6anw.se
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
X-Frame-Options "SAMEORIGIN"
# Prevent search engines from indexing
X-Robots-Tag "none"
# Remove the server name
-Server
}
reverse_proxy http://netmaker-ui
}
# API
https://api.netmaker.sa6anw.se {
reverse_proxy http://netmaker:8081
}
# MQ
wss://broker.netmaker.sa6anw.se {
reverse_proxy ws://mq:8883
}
Samma sak här, byt till din domän och mailadress.
Sista filen du behöver ät wait.sh
#!/bin/ash
wait_for_netmaker() {
echo "SERVER: ${NETMAKER_SERVER_HOST}"
until curl --output /dev/null --silent --fail --head \
--location "${NETMAKER_SERVER_HOST}/api/server/health"; do
echo "Waiting for netmaker server to startup"
sleep 1
done
}
main(){
# wait for netmaker to startup
apk add curl
wait_for_netmaker
echo "Starting MQ..."
# Run the main container command.
/docker-entrypoint.sh
/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
}
main "${@}"
Sen är det bara att köra docker-compose up -d
Modifiering
Jag har valt att bryta ut caddy så att jag kan köra fler tjänster med bara en IP.
Det kommer mera!!!