tahua
Ko nga tohutohu taahiraa-i-te-taahiraa mo te tuku Hailbytes VPN me te Firezone GUI kei konei.
Whakahaere: Ko te whakarite i te tauira tūmau e hono tika ana ki tenei waahanga.
Aratohu Kaiwhakamahi: Nga tuhinga awhina ka taea e koe te ako me pehea te whakamahi Firezone me te whakaoti rapanga angamaheni. I muri i te tukunga angitu o te tūmau, tirohia tenei waahanga.
Wehenga Tunneling: Whakamahia te VPN ki te tuku waka ki nga awhe IP motuhake.
Whakamaa: Tautuhia te wahitau IP pateko o te tūmau VPN hei whakamahi i te raarangi ma.
Nga Tunnel Whakamuri: Waihangahia nga huarahi i waenga i nga hoa maha ma te whakamahi i nga huarahi whakamuri.
Kei te koa matou ki te awhina ia koe ki te hiahia awhina koe ki te whakauru, ki te whakarite, ki te whakamahi ranei i te Hailbytes VPN.
I mua i te wa e taea ai e nga kaiwhakamahi te whakaputa, te tango ranei i nga konae whirihoranga taputapu, ka taea te whirihora a Firezone ki te hiahia motuhēhēnga. Ka hiahia pea nga kaiwhakamahi ki te whakamotuhēhē anō i ia wā kia mau tonu ai o raatau hononga VPN.
Ahakoa ko te tikanga takiuru taunoa a Firezone he imeera me te kupuhipa o te rohe, ka taea hoki te whakauru ki tetahi kaiwhakarato tuakiri OpenID Connect (OIDC). Ka taea e nga kaiwhakamahi te takiuru ki te Firezone ma te whakamahi i a raatau Okta, Google, Azure AD, me nga tohu kaiwhakarato tuakiri motuhake.
Whakauruhia He Kaiwhakarato OIDC Generic
Ko nga tawhā whirihoranga e hiahiatia ana e Firezone kia taea e SSO te whakamahi i tetahi kaiwhakarato OIDC e whakaatuhia ana i te tauira i raro nei. I /etc/firezone/firezone.rb, ka kitea pea e koe te konae whirihoranga. Whakahaerehia te firezone-ctl reconfigure ka timata ano te firezone-ctl ki te whakahou i te tono me te whai mana o nga huringa.
# He tauira tenei ma te whakamahi i a Google me Okta hei kaiwhakarato tuakiri SSO.
# He maha nga whirihora OIDC ka taea te taapiri atu ki te waaahi Firezone ano.
Ka taea e # Firezone te whakakore i te VPN a te kaiwhakamahi mena ka kitea he hapa e ngana ana
# ki te whakahou i to raatau uru_tohu. Ka whakamanahia tenei ki te mahi mo Google, Okta, me
# Azure SSO ka whakamahia hei momotu aunoa i te VPN a te kaiwhakamahi mena ka tangohia
# mai i te kaiwhakarato OIDC. Waiho tenei kia monoa mena ko to kaiwhakarato OIDC
# kei a ia nga take e whakahou ana i nga tohu uru na te mea ka pokanoa ohorere a
# hui VPN a te kaiwhakamahi.
taunoa['firezone']['motuhēhēnga']['disable_vpn_on_oidc_error'] = teka
taunoa['firezone']['motuhēhēnga']['oidc'] = {
google: {
discovery_document_uri: “https://accounts.google.com/.well-known/openid-configuration”,
kiritaki_id: “ ”,
kiritaki_huna: “ ”,
redirect_uri: "https://instance-id.yourfirezone.com/auth/oidc/google/callback/",
momo_whakautu: “waehere”,
awhe: "whakatuwherahia te kōtaha imeera",
tapanga: "Google"
},
okta: {
discovery_document_uri: “https:// /.well-known/openid-configuration”,
kiritaki_id: “ ”,
kiritaki_huna: “ ”,
redirect_uri: "https://instance-id.yourfirezone.com/auth/oidc/okta/callback/",
momo_whakautu: “waehere”,
hōkai: “whakatuwherahia te kōtaha imeera tuimotu_whakauru”,
tapanga: “Okta”
}
}
Ko nga tautuhinga whirihora e whai ake nei e hiahiatia ana mo te whakauru:
Mo ia kaiwhakarato OIDC ka hangaia he URL ataahua mo te tuku ki te URL takiuru o te kaiwhakarato kua whirihorahia. Mo te tauira whirihora OIDC i runga ake nei, ko nga URL ko:
Kaituku kei a matou nga tuhinga mo:
Mēnā he tūhono OIDC whānui tō kaiwhakarato tuakiri, ā, kāore i te whakarārangitia i runga ake nei, tēnā haere ki ā rātou tuhinga mō ngā pārongo me pēhea te tiki i ngā tautuhinga whirihoranga e tika ana.
Ko te tautuhinga i raro i nga tautuhinga/haumarutanga ka taea te huri ki te hiahia motuhēhēnga anō wā. Ka taea te whakamahi hei whakamana i te whakaritenga kia uru nga kaiwhakamahi ki roto i te Firezone i nga wa katoa kia haere tonu ai o raatau huihuinga VPN.
Ka taea te whirihora i te roanga o te waahi ki waenga i te haora kotahi me te iwa tekau nga ra. Ma te tautuhi i tenei ki Kaua rawa, ka taea e koe te whakahohe i nga waahi VPN i nga wa katoa. Koinei te paerewa.
Me whakamutu te kaiwhakamahi i tana wahanga VPN ka takiuru ki te tomokanga Firezone kia whakamotuhēhē anō i te wātū VPN kua pau (kua tohua te URL i te wā tukunga).
Ka taea e koe te whakamotuhēhē anō i tō wātū mā te whai i ngā tohutohu tika i kitea i konei.
Tūnga o te Hononga VPN
Ko te rarangi ripanga Hononga VPN o te wharangi Kaiwhakamahi e whakaatu ana i te mana hononga o te kaiwhakamahi. Ko nga ahuatanga hononga enei:
WHAKAMAHI - Kua whakahohehia te hononga.
HE WHAKAMAHI - Kua monoa te hononga e te kaiwhakahaere, te rahunga whakahou ranei i te OIDC.
MATE - Kua monoa te hononga na te paunga o te motuhēhēnga, karekau he kaiwhakamahi i haina mo te wa tuatahi.
Na roto i te hononga whanui OIDC, ka taea e Firezone te Waitohu Takitahi (SSO) me te Mokowāmahi a Google me te Tuakiri Kapua. Ma tenei aratohu e whakaatu ki a koe me pehea te tiki i nga tawhā whirihoranga kua whakarārangitia i raro nei, e tika ana mo te whakauru:
1. Mata Whirihora OAuth
Mena koinei te wa tuatahi ki te hanga i tetahi ID kiritaki OAuth hou, ka tonoa koe ki te whirihora i te mata whakaae.
*Tīpakohia a roto mo te momo kaiwhakamahi. Ma tenei ka taea e nga kaute a nga kaiwhakamahi o to Whakahaere Mokowāmahi Google te hanga whirihora taputapu. KAUA e kowhiria ki waho mena ka hiahia koe ki te whakaahei i te tangata whai Kaute Google whaimana ki te hanga whirihora taputapu.
I runga i te mata korero mo te tono:
2. Waihangahia nga TT Kiritaki OAuth
Ko tenei waahanga kei runga i nga tuhinga a Google ake mo te whakarite i te OAuth 2.0.
Tirohia te Google Cloud Console Te wharangi tohu wharangi, pawhiria + Waihangahia nga Taipitopito ka tohua te ID kiritaki OAuth.
I te mata waihanga ID kiritaki OAuth:
Whai muri i te waihanga i te ID kiritaki OAuth, ka hoatu ki a koe he TT Kiritaki me te Mea ngaro Kiritaki. Ka whakamahia tahi me te URI anga whakamua i te taahiraa e whai ake nei.
Whakatika /etc/firezone/firezone.rb hei whakauru i nga whiringa i raro nei:
# Ma te whakamahi i a Google hei kaiwhakarato tuakiri SSO
taunoa['firezone']['motuhēhēnga']['oidc'] = {
google: {
discovery_document_uri: “https://accounts.google.com/.well-known/openid-configuration”,
kiritaki_id: “ ”,
kiritaki_huna: “ ”,
redirect_uri: "https://instance-id.yourfirezone.com/auth/oidc/google/callback/",
momo_whakautu: “waehere”,
awhe: "whakatuwherahia te kōtaha imeera",
tapanga: "Google"
}
}
Whakahaerehia te firezone-ctl reconfigure ka timata ano te firezone-ctl ki te whakahou i te tono. Me kite koe i te paatene Waitohu me Google i te URL Firezone pakiaka.
Ka whakamahia e Firezone te hononga hono OIDC hei whakahaere i te Waitohu Takitahi (SSO) me Okta. Ma tenei akoranga e whakaatu ki a koe me pehea te tiki i nga tawhā whirihoranga kua whakarārangitia i raro nei, e tika ana mo te whakauru:
Ko tenei waahanga o te aratohu kei runga Nga tuhinga a Okta.
I roto i te Papatohu Kaiwhakahaere, haere ki nga Tono> Nga tono ka paato i te Waihanga Taupānga Whakauru. Tautuhia te tikanga Waitohu ki OICD – OpenID Connect me te momo Taupānga ki te tono Tukutuku.
Whakaritehia enei tautuhinga:
Kia ora nga tautuhinga, ka hoatu ki a koe he ID Kiritaki, Kiritaki Secret, me Okta Domain. Ka whakamahia enei uara e 3 i te Hipanga 2 ki te whirihora Firezone.
Whakatika /etc/firezone/firezone.rb hei whakauru i nga whiringa kei raro. To Discovery_document_url ka waiho /.well-known/openid-configuration apiti ki te mutunga o to rohe_okta.
# Ma te whakamahi i a Okta hei kaiwhakarato tuakiri SSO
taunoa['firezone']['motuhēhēnga']['oidc'] = {
okta: {
discovery_document_uri: “https:// /.well-known/openid-configuration”,
kiritaki_id: “ ”,
kiritaki_huna: “ ”,
redirect_uri: "https://instance-id.yourfirezone.com/auth/oidc/okta/callback/",
momo_whakautu: “waehere”,
hōkai: “whakatuwherahia te kōtaha imeera tuimotu_whakauru”,
tapanga: “Okta”
}
}
Whakahaerehia te firezone-ctl reconfigure ka timata ano te firezone-ctl ki te whakahou i te tono. Me kite koe i te Waitohu me te paatene Okta i te pakiaka Firezone URL.
Ko nga kaiwhakamahi ka uru atu ki te taupānga Firezone ka taea e Okta te aukati. Haere ki to Okta Admin Console's Firezone App Integration's Assignments page hei whakatutuki i tenei.
Na roto i te hononga hono OIDC, ka taea e Firezone te Waitohu Takitahi (SSO) me te Azure Active Directory. Ma tenei pukapuka e whakaatu ki a koe me pehea te tiki i nga tawhā whirihoranga kua whakarārangitia i raro nei, e tika ana mo te whakauru:
I tangohia mai tenei aratohu mai i te Azure Active Directory Docs.
Haere ki te wharangi Azure Active Directory o te tomokanga Azure. Kōwhirihia te kōwhiringa tahua Whakahaere, tohua te Rehitatanga Hou, ka rēhita ma te tuku korero i raro nei:
I muri i te rehitatanga, whakatuwherahia te tirohanga taipitopito o te tono me te kape i te Tono (kaitono) ID. Koinei te uara client_id. I muri mai, whakatuwherahia te tahua mutunga hei tiki i te OpenID Tūhono tuhinga metadata. Koinei te uara_tuhinga_uri.
Waihangatia he mea ngaro kiritaki hou ma te panui i te Tiwhikete me nga mea ngaro i raro i te tahua Whakahaere. Tāruatia te mea ngaro a te kiritaki; ko te uara huna a te kiritaki ko tenei.
Ka mutu, tohua te hononga whakaaetanga API i raro i te tahua Whakahaere, paatohia Tāpiri whakaaetanga, ka tīpako Microsoft Graph, Tāpiri īmēra, OpenID, tuimotu_whakauru a kōtaha ki nga whakaaetanga e hiahiatia ana.
Whakatika /etc/firezone/firezone.rb hei whakauru i nga whiringa i raro nei:
# Te whakamahi i te Azure Active Directory hei kaiwhakarato tuakiri SSO
taunoa['firezone']['motuhēhēnga']['oidc'] = {
kikorangi: {
discovery_document_uri: “https://login.microsoftonline.com/ /v2.0/.well-known/openid-configuration”,
kiritaki_id: “ ”,
kiritaki_huna: “ ”,
redirect_uri: "https://instance-id.yourfirezone.com/auth/oidc/azure/callback/",
momo_whakautu: “waehere”,
hōkai: “whakatuwherahia te kōtaha imeera tuimotu_whakauru”,
tapanga: “Azure”
}
}
Whakahaerehia te firezone-ctl reconfigure ka timata ano te firezone-ctl ki te whakahou i te tono. Me kite koe i te paatene Waitohu me te Azure i te URL Firezone pakiaka.
Ma te Azure AD ka taea e nga kaiwhakahaere te whakatiki i te urunga o te taupānga ki tetahi roopu kaiwhakamahi i roto i to kamupene. Ko etahi atu korero mo te mahi i tenei ka kitea i roto i nga tuhinga a Microsoft.
Ko te Kaitao Omnibus e whakamahia ana e Firezone ki te whakahaere i nga mahi tae atu ki te tuku i te kete tuku, te tirotiro i te tukanga, te whakahaere rangitaki, me etahi atu.
Ko te waehere Ruby te konae whirihora tuatahi, kei te /etc/firezone/firezone.rb. Ma te whakaara ano i te sudo firezone-ctl reconfigure i muri i te whakarereketanga o tenei konae ka mohio a Kaitao nga huringa me te whakamahi ki te punaha whakahaere o naianei.
Tirohia te tohutoro kōnae whirihoranga mo te rarangi katoa o nga taurangi whirihoranga me o raatau whakaahuatanga.
Ka taea te whakahaere i to tauira Firezone ma te firezone-ctl whakahau, penei i raro nei. Ko te nuinga o nga whakahau iti e hiahia ana ki te whakauru ki mua Tuhinga.
pakiaka @ demo:~# firezone-ctl
omnibus-ctl: whakahau (tohutohu)
Whakahau Whānui:
horoi
Mukua *katoa* nga raraunga rohe ahi, ka timata mai i te wahanga.
hanga-tau-tau-kaiwhakahaere ranei
Ka tautuhi ano i te kupuhipa mo te kaiwhakahaere me te imeera kua tohua ma te taunoa['firezone']['admin_email'] ka hanga ranei he kaiwhakahaere hou mena karekau taua imeera.
tauturu i
Tāngia tēnei karere āwhina.
whakahou
Whakaritea ano te tono.
tautuhi-whatunga
Ka tautuhi ano i nga nftables, WireGuard atanga, me te tepu ararere hoki ki nga taunoa Firezone.
whakaatu-whirihora
Whakaatuhia te whirihoranga ka mahia ma te whirihora ano.
teardown-whatunga
Ka tangohia te atanga WireGuard me te ripanga nftables firezone.
kaha-cert-renewal
Whakahauhia te whakahou tiwhikete inaianei ahakoa kare ano i pau.
mutu-cert-renewal
Ka tango i te cronjob e whakahou ana i nga tiwhikete.
tango
Patua nga tukanga katoa me te tango i te kaitirotiro tukanga (ka tiakina nga raraunga).
putanga
Whakaaturia te putanga onāianei o Firezone
Nga Tono Whakahaere Ratonga:
kohuru-whakamate
Whakamātauria he tūnga pai, kātahi ka SIGKILL te roopu mahi katoa.
hup
Tukuna nga ratonga he HUP.
int
Tukuna nga ratonga he INT.
patua
Tukuna nga ratonga he KILL.
kotahi
Tīmatahia nga ratonga mena kei te heke. Kaua e whakaara ano mena ka mutu.
tīmata
Kati nga ratonga mena kei te whakahaere, katahi ka timata ano.
rarangi ratonga
Whakarārangihia nga ratonga katoa (ka puta mai nga ratonga kua whakahohea me te *.)
tīmatanga
Tīmatahia ngā ratonga mēnā kei te heke, ka tīmata anō mēnā ka mutu.
tūnga
Whakaatuhia te mana o nga ratonga katoa.
mutu
Whakamutua nga ratonga, kaua hoki e timata ano.
hiku
Tirohia nga raarangi ratonga o nga ratonga katoa kua whakahohea.
wā
Tukuna nga ratonga he TERM.
usr1
Tukua nga ratonga he USR1.
usr2
Tukua nga ratonga he USR2.
Me whakamutua nga waahi VPN katoa i mua i te whakapai ake i te Firezone, e kii ana kia kati te UI Tukutuku. Mena ka hee tetahi mea i te wa o te whakahoutanga, ka tohutohu matou me wehe he haora mo te tiaki.
Hei whakarei ake i te Firezone, mahia enei mahi:
Mena ka ara ake etahi raru, tena koa whakamohio mai te tuku tikiti tautoko.
He torutoru nga huringa pakaru me nga whakarereketanga whirihoranga i roto i te 0.5.0 me whakatika. Kimihia etahi atu korero i raro nei.
Kua kore a Nginx e tautoko i te kaha SSL me nga tawhā tauranga kore-SSL mai i te putanga 0.5.0. Na te mea e hiahia ana a Firezone ki te SSL kia mahi, ka tohutohu matou ki te tango i te paihere ratonga Nginx ma te tautuhi taunoa['firezone']['nginx']['whakahohea'] = teka me te tuku i to takawaenga whakamuri ki te taupānga Phoenix i runga i te tauranga 13000 (ma te taunoa. ).
0.5.0 te whakauru i te tautoko kawa ACME mo te whakahou aunoa i nga tiwhikete SSL me te ratonga Nginx paihere. Kia taea ai,
Kua ngaro te whai waahi ki te taapiri i nga ture me nga whainga taarua i Firezone 0.5.0. Ko ta maatau tuhinga hekenga ka mohio aunoa i enei ahuatanga i te wa o te whakamohoatanga ki te 0.5.0 ka pupuri noa i nga ture kei roto i te haerenga tetahi atu ture. Kaore he mea hei mahi mena ka pai tenei.
Ki te kore, i mua i te whakapai ake, ka tohutohu matou ki te whakarereke i to rarangi ture kia whakakorehia enei ahuatanga.
Ka whakakorehia e te Firezone 0.5.0 te tautoko mo te whirihoranga Okta tawhito me te whirihoranga a Google SSO mo te whirihoranga hou, ngawari ake i runga i te OIDC.
Mena kei a koe etahi whirihoranga i raro i te taunoa['firezone']['authentication']['okta'] taunoa['firezone']['authentication']['google'] mau taviri, me heke enei ki to tatou OIDC -i runga i te whirihoranga ma te whakamahi i te aratohu i raro nei.
Te whirihoranga Google OAuth inaianei
Tangohia enei raina kei roto nga whirihora OAuth Google tawhito mai i to konae whirihora kei /etc/firezone/firezone.rb
taunoa['firezone']['motuhēhēnga']['google']['whakahohea']
taunoa['firezone']['motuhēhēnga']['google']['client_id']
taunoa['firezone']['motuhēhēnga']['google']['client_secret']
taunoa['firezone']['motuhēhēnga']['google']['redirect_uri']
Na, whirihorahia a Google hei kaiwhakarato OIDC ma te whai i nga tikanga i konei.
(Homai nga tohutohu hono)<<<<<<<<<<<<<<<<
Whirihorahia a Google OAuth
Tangohia enei raina kei roto nga whirihora Okta OAuth tawhito mai i to konae whirihoranga kei /etc/firezone/firezone.rb
taunoa['firezone']['motuhēhēnga']['okta']['whakahohe']
taunoa['firezone']['motuhēhēnga']['okta']['client_id']
taunoa['firezone']['motuhēhēnga']['okta']['client_secret']
Taunoa['firezone']['motuhēhēnga']['okta']['pae']
Na, whirihora i a Okta hei kaiwhakarato OIDC ma te whai i nga tikanga i konei.
I runga i to tatūnga me to putanga o naianei, u ki nga tohutohu kei raro nei:
Mena kei a koe he whakauru OIDC:
Mo etahi kaiwhakarato OIDC, ko te whakahou ake ki te >= 0.3.16 me whiwhi tohu whakahou mo te atanga uru tuimotu. Ma te mahi i tenei, ka tino mohio kei te whakahou a Firezone me te kaiwhakarato tuakiri ka tutakina te hononga VPN i muri i te whakakorenga o te kaiwhakamahi. Ko nga korero o mua a Firezone i hapa i tenei waahanga. I etahi wa, ka hono tonu nga kaiwhakamahi kua mukua mai i to kaiwhakarato tuakiri ki te VPN.
Me whakauru te uru tuimotu ki roto i te tawhā hōkai o to whirihoranga OIDC mo nga kaiwhakarato OIDC e tautoko ana i te whānuitanga uru tuimotu. Me mahi ano te Firezone-ctl reconfigure hei tono huringa ki te konae whirihora Firezone, kei te /etc/firezone/firezone.rb.
Mo nga kaiwhakamahi kua whakamotuhēhēhia e tō kaiwhakarato OIDC, ka kite koe i te OIDC Connections pane i te wharangi taipitopito kaiwhakamahi o te UI tukutuku mena ka taea e Firezone te tiki angitu i te tohu whakahou.
Ki te kore e mahi, ka hiahia koe ki te muku i to taupānga OAuth o mua me te whakahoki ano i nga taahiraa tatūnga OIDC ki hanga he whakaurunga taupānga hou .
He whakaurunga OAuth kei ahau
I mua i te 0.3.11, i whakamahia e Firezone nga kaiwhakarato OAuth2 kua whirihora-mua.
Whaia nga tohutohu ki konei ki te heke ki OIDC.
Kaore au i whakauru i tetahi kaiwhakarato tuakiri
Kaore he mahi e hiahiatia ana.
Ka taea e koe te whai i nga tohutohu ki konei kia taea ai te SSO ma te kaiwhakarato OIDC.
Hei whakakapi, ko taunoa['firezone']['waho url'] kua whakakapi i te whiringa whirihoranga taunoa['firezone']['fqdn'].
Tautuhia tenei ki te URL o to tomokanga ipurangi Firezone e waatea ana ki te iwi whanui. Ka taunoa ki https:// me te FQDN o to tūmau ki te waiho kia kore e tautuhia.
Ko te konae whirihoranga kei /etc/firezone/firezone.rb. Tirohia te tohutoro kōnae whirihoranga mo te rarangi katoa o nga taurangi whirihoranga me o raatau whakaahuatanga.
Kua kore a Firezone e pupuri i nga taviri motuhake o te taputapu i runga i te tūmau Firezone mai i te putanga 0.3.0.
E kore e tukua e te UI Tukutuku Firezone koe ki te tango ano, ki te kite ranei i enei whirihoranga, engari me mahi tonu nga taputapu o mua.
Mena kei te whakapai ake koe mai i te Firezone 0.1.x, he iti noa nga huringa o nga konae whirihoranga me whakatika a-ringa.
Hei whakarereke i to konae /etc/firezone/firezone.rb, whakahaerehia nga whakahau i raro nei hei pakiaka.
cp /etc/firezone/firezone.rb /etc/firezone/firezone.rb.bak
sed -i “s/\['whakahohea'\]/\['whakahohea'\]/” /etc/firezone/firezone.rb
echo “taunoa['firezone']['connectivity_checks']['whakahohea'] = pono” >> /etc/firezone/firezone.rb
echo “taunoa['firezone']['connectivity_checks']['wawhanga'] = 3_600” >> /etc/firezone/firezone.rb
firezone-ctl configure anō
firezone-ctl tīmata anō
Ko te tirotiro i nga raarangi Firezone he mahi tuatahi mo nga take ka puta.
Whakahaerehia te sudo firezone-ctl hiku hei tiro i nga raarangi Firezone.
Ko te nuinga o nga raru hononga ki a Firezone ka kawea mai e nga iptables hotokore, nga ture nftables ranei. Me whakarite koe kia kaua e taupatupatu nga ture kei a koe me nga ture Firezone.
Me mohio ka tukuna e te mekameka FORWARD nga paatete mai i o kaihoko WireGuard ki nga waahi e hiahia ana koe ki te tuku ma te Firezone mena ka kino to hononga Ipurangi i nga wa katoa ka whakahohe koe i to kohanga WireGuard.
Ka tutuki pea tenei mena kei te whakamahi koe i te ufw ma te whakarite kia whakaaetia te kaupapa here ararere taunoa:
ubuntu@fz:~$ sudo ufw taunoa tukua ara
I hurihia te kaupapa here arai taunoa ki 'whakaae'
(kia mahara ki te whakahou i o ture)
A Tuhinga o mua penei pea te ahua o te tuunga mo te tūmau Firezone angamaheni:
ubuntu@fz:~$ sudo ufw tūnga verbose
Tūnga: hohe
Takitaki: kei runga (iti)
Taunoa: whakakāhore (taumai), tukua (waho), tukua (whakahaerehia)
Nga korero hou: peke
Hei Mahi Mai
——— —-
22/tcp Tukua ki nga waahi katoa
80/tcp Tukua ki nga waahi katoa
443/tcp WHAKATAHI KI NGA WAHI
51820/udp WHAKATAHI KI NGA WAHI
22/tcp (v6) Tukua ki nga waahi katoa (v6)
80/tcp (v6) Tukua ki nga waahi katoa (v6)
443/tcp (v6) Tukua ki nga waahi katoa (v6)
51820/udp (v6) Tukua KI Ahea (v6)
Ka tohutohu matou kia whakawhäitihia te urunga ki te atanga tukutuku mo nga whakangaotanga whakangao tino tairongo me te miihana, pera i te whakamarama i raro nei.
ratonga | Tauranga Taunoa | Whakarongo Wāhitau | Whakaahuatanga |
Nginx | 80, 443 | katoa | Tauranga HTTP(S) Tūmatanui mo te whakahaere Firezone me te whakahaere motuhēhēnga. |
Kaitiaki Waea | 51820 | katoa | Ko te tauranga WireGuard mo nga huihuinga VPN. (UDP) |
PanuiWhakaahua | 15432 | 127.0.0.1 | Tauranga-a-rohe anake e whakamahia ana mo te tūmau Postgresql paihere. |
Phoenix | 13000 | 127.0.0.1 | Tauranga-a-rohe anake e whakamahia ana e te tūmau taupānga elixir whakarunga. |
Ka tohutohu koe ki a koe ki te whakaaro mo te aukati i te uru atu ki te UI paetukutuku a Firezone e kitea ana e te iwi whanui (ma nga tauranga taunoa 443/tcp me 80/tcp) me whakamahi i te kauhanga WireGuard hei whakahaere i a Firezone mo te whakaputanga me nga mahi e anga ana ki te iwi kei reira te kaiwhakahaere kotahi te mana whakahaere. o te hanga me te tohatoha i nga whirihoranga taputapu ki nga kaiwhakamahi mutunga.
Hei tauira, ki te hanga e te kaiwhakahaere he whirihoranga taputapu me te hanga i tetahi kauhanga me te wahitau WireGuard rohe 10.3.2.2, ko te whirihoranga ufw e whai ake nei ka taea e te kaiwhakahaere te uru atu ki te UI tukutuku Firezone i runga i te atanga wg-firezone o te tūmau ma te whakamahi i te taunoa 10.3.2.1 wāhitau kauhanga:
pakiaka@demo:~# ufw tūnga verbose
Tūnga: hohe
Takitaki: kei runga (iti)
Taunoa: whakakāhore (taumai), tukua (waho), tukua (whakahaerehia)
Nga korero hou: peke
Hei Mahi Mai
——— —-
22/tcp Tukua ki nga waahi katoa
51820/udp WHAKATAHI KI NGA WAHI
Ko nga waahi katoa WHAKAARO I 10.3.2.2
22/tcp (v6) Tukua ki nga waahi katoa (v6)
51820/udp (v6) Tukua KI Ahea (v6)
Ka waiho noa tenei 22/tcp kitea mo te uru SSH ki te whakahaere i te tūmau (kōwhiringa), me 51820/udp whakakitenga hei whakatu i nga kauhanga WireGuard.
He paihere a Firezone he tūmau Postgresql me te taurite psql whaipainga ka taea te whakamahi mai i te anga rohe penei:
/opt/firezone/embedded/bin/psql \
-U rohe ahi \
-d rohe ahi \
-h localhost \
-p 15432 \
-c “SQL_STATEMENT”
Ka whai hua tenei mo nga kaupapa patuiro.
Nga Mahi Taunoa:
Whakarārangihia nga kaiwhakamahi katoa:
/opt/firezone/embedded/bin/psql \
-U rohe ahi \
-d rohe ahi \
-h localhost \
-p 15432 \
-c "KORERO * MAI i nga kaiwhakamahi;"
Whakarārangihia nga taputapu katoa:
/opt/firezone/embedded/bin/psql \
-U rohe ahi \
-d rohe ahi \
-h localhost \
-p 15432 \
-c "KORERO * MAI i nga taputapu;"
Hurihia te tūranga kaiwhakamahi:
Tautuhia te mahi ki te 'kaiwhakahaere', ki te 'kaore he painga':
/opt/firezone/embedded/bin/psql \
-U rohe ahi \
-d rohe ahi \
-h localhost \
-p 15432 \
-c “Whakahoutia nga kaiwhakamahi SET role = 'admin' WHERE email = 'user@example.com';”
Kei te tārua i te pātengi raraunga:
I tua atu, kei roto ko te pg dump program, ka taea te whakamahi ki te tango i nga taapiri o te paataka raraunga. Whakamahia te waehere e whai ake nei ki te maka i te kape o te patengi raraunga i roto i te whakatakotoranga uiui SQL noa (whakakapihia /path/to/backup.sql ki te waahi hei hanga i te konae SQL):
/opt/firezone/embedded/bin/pg_dump \
-U rohe ahi \
-d rohe ahi \
-h localhost \
-p 15432 > /path/to/backup.sql
I muri i te tukunga pai o te Firezone, me taapiri e koe nga kaiwhakamahi kia uru atu ki to whatunga. Ka whakamahia te UI Tukutuku ki te mahi i tenei.
Ma te kowhiri i te paatene "Taapiri Kaiwhakamahi" i raro i te /kaiwhakamahi, ka taea e koe te taapiri i tetahi kaiwhakamahi. Ka hiahia koe ki te whakarato ki te kaiwhakamahi he wahitau imeera me tetahi kupuhipa. Kia taea ai te uru atu ki nga kaiwhakamahi o to whakahaere, ka taea hoki e Firezone te atanga me te tukutahi me tetahi kaiwhakarato tuakiri. Kei te waatea etahi atu korero i roto Whakamatau. < Tāpirihia he hononga ki te Motuhēhē
Ka tohutohu matou ki te tono kia hanga e nga kaiwhakamahi a raatau ake whirihoranga taputapu kia kitea noa e ratou te taviri tūmataiti. Ka taea e nga kaiwhakamahi te whakaputa i a raatau ake whirihoranga taputapu ma te whai i nga tohutohu i runga i te Tohutohu Kiritaki wharangi.
Ka taea e nga kaiwhakahaere Firezone te hanga i nga whirihoranga taputapu kaiwhakamahi katoa. I runga i te whaarangi whaarangi kaiwhakamahi kei /kaiwhakamahi, tohua te "Taapirihia te taputapu" hei whakatutuki i tenei.
[Whakauruhia te Whakaahuamata]
Ka taea e koe te imeera ki te kaiwhakamahi te konae whirihoranga WireGuard i muri i te waihanga i te tohu taputapu.
Ka hono nga kaiwhakamahi me nga taputapu. Mo etahi atu korero mo te taapiri i tetahi kaiwhakamahi, tirohia Taapiri Kaiwhakamahi.
Ma te whakamahi i te punaha netfilter a te kernel, ka taea e Firezone te kaha ki te tātari putanga ki te tautuhi i nga paatete DROP, ACCEPT ranei. Ka whakaaetia nga waka katoa.
Ko nga IPv4 me te IPv6 CIDR me nga wāhitau IP e tautokohia ana ma te Rarangi Whakaae me te Rarangi Whakakore. Ka taea e koe te whiriwhiri kia horahia he ture ki tetahi kaiwhakamahi ina taapiri ana, e pa ana te ture ki nga taputapu katoa o taua kaiwhakamahi.
Tāuta me te whirihora
Hei whakarite hononga VPN ma te whakamahi i te kiritaki WireGuard taketake, tirohia tenei aratohu.
Ko nga kiritaki WireGuard Whaimana kei konei he hototahi ki a Firezone:
Tirohia te paetukutuku mana WireGuard i https://www.wireguard.com/install/ mo nga punaha OS kaore i whakahuahia i runga ake nei.
Ka taea e to kaiwhakahaere Firezone, koe ranei te whakaputa i te konae whirihoranga taputapu ma te whakamahi i te tomokanga Firezone.
Tirohia te URL i tukuna mai e to kaiwhakahaere Firezone ki te hanga i tetahi konae whirihoranga taputapu. Ka whai URL ahurei to umanga mo tenei; i roto i tenei take, he https://instance-id.yourfirezone.com.
Takiuru ki Firezone Okta SSO
[Kōkuhu Whakaahuamata]
Kawemai te.conf kōnae ki te kiritaki WireGuard ma te whakatuwhera. Ma te huri i te whakahuri Whakahohe, ka taea e koe te tiimata i te waahi VPN.
[Kōkuhu Whakaahuamata]
A pee i nga tohutohu kei raro nei mena kua whakahauhia e to kaiwhakahaere whatunga te whakamotuhēhēnga kia mau tonu to hononga VPN.
Me koe:
URL o te tomokanga Firezone: Tonoa to kaiwhakahaere whatunga mo te hononga.
Ka taea e to kaiwhakahaere whatunga te tuku i to takiuru me to kupuhipa. Ma te pae Firezone koe e tono ki te takiuru ma te whakamahi i te ratonga tohu-i runga kotahi e whakamahia ana e to kaituku mahi (penei i a Google, Okta ranei).
[Kōkuhu Whakaahuamata]
Haere ki te URL o te tomokanga Firezone ka takiuru ma te whakamahi i nga tohu kua tukuna e to kaiwhakahaere whatunga. Mēnā kua haina kē koe, pāwhiritia te pātene Whakamotuhēhē anō i mua i te hainatanga anō.
[Kōkuhu Whakaahuamata]
[Kōkuhu Whakaahuamata]
Hei kawemai i te tohu whirihoranga WireGuard ma te whakamahi i te Kaiwhakahaere Whatunga CLI i runga i nga taputapu Linux, whai i enei tohutohu (nmcli).
Mena he tautoko IPv6 te kōtaha, ka taka pea te ngana ki te kawemai i te konae whirihoranga ma te GUI Kaiwhakahaere Whatunga me te hapa e whai ake nei:
ipv6.method: ko te tikanga "aunoa" kaore i te tautokohia mo WireGuard
Me whakauru nga taputapu mokowāmahi WireGuard. He kete tenei e kiia nei he wireguard, wireguard-taputapu ranei mo nga tohatoha Linux.
Mo Ubuntu/Debian:
sudo apt tāuta wireguard
Hei whakamahi Fedora:
sudo dnf tāuta wireguard-taputapu
Arch Linux:
sudo pacman -S wireguard-taputapu
Tirohia te paetukutuku mana WireGuard i https://www.wireguard.com/install/ mo nga tohatoha kaore i te whakahuahia i runga ake nei.
Ka taea e to kaiwhakahaere Firezone, te whakatipuranga-whaiaro ranei te whakaputa i te konae whirihoranga taputapu ma te whakamahi i te tomokanga Firezone.
Tirohia te URL i tukuna mai e to kaiwhakahaere Firezone ki te hanga i tetahi konae whirihoranga taputapu. Ka whai URL ahurei to umanga mo tenei; i roto i tenei take, he https://instance-id.yourfirezone.com.
[Kōkuhu Whakaahuamata]
Kawemai i te konae whirihoranga i tukuna ma te nmcli:
sudo nmcli hononga kawemai momo kōnae wireguard /path/to/configuration.conf
Ko te ingoa o te konae whirihoranga ka rite ki te hononga/atanga WireGuard. I muri i te kawemai, ka taea te whakaingoa ano i te hononga ki te tika:
whakakē hononga nmcli [ingoa tawhito] connection.id [ingoa hōu]
Ma te raina whakahau, hono atu ki te VPN penei:
hononga nmcli [ingoa vpn]
Hei momotu:
hononga nmcli ki raro [ingoa vpn]
Ka taea hoki te whakamahi i te aporo Kaiwhakahaere Whatunga e tika ana hei whakahaere i te hononga ki te whakamahi i te GUI.
Ma te kowhiri i te "ae" mo te whiringa hono aunoa, ka taea te whirihora i te hononga VPN ki te hono aunoa:
Ko te hononga nmcli te whakarereke i [ingoa vpn] hononga. <<<<<<<<<<<<<<<<<<<<<<
hono aunoa ae
Hei mono i te hononga aunoa, whakahokia ki te kore:
Ko te hononga nmcli te whakarereke i [ingoa vpn] hononga.
hono aunoa no
Hei whakahohe i te MFA Haere ki te tomokanga o Firezone / pūkete kaiwhakamahi/rehita mfa page. Whakamahia to taupānga whakamotuhēhē ki te matawai i te waehere QR i muri i te hanganga, katahi ka uru ki te waehere ono-mati.
Whakapa atu ki to Kaiwhakahaere ki te tautuhi ano i nga korero urunga o to putea mena ka pohehe koe i to tono motuhēhēnga.
Ma tenei akoranga e arahi i a koe i roto i te huarahi ki te whakarite i te waahanga whakahiatotanga a WireGuard me Firezone kia tukuna noa nga waka ki nga awhe IP motuhake ma te tūmau VPN.
Ko nga awhe IP e arai ai te kiritaki i nga waka whatunga kua whakatakotoria ki te mara IP Whakaaetia kei te wharangi / tautuhinga/ taunoa. Ko nga whirihoranga kauhanga WireGuard katahi ano ka mahia e Firezone ka pangia e nga huringa ki tenei mara.
[Kōkuhu Whakaahuamata]
Ko te uara taunoa ko 0.0.0.0/0, ::/0, e arai ana i nga hokohoko whatunga katoa mai i te kiritaki ki te tūmau VPN.
Ko nga tauira o nga uara o tenei mara ko:
0.0.0.0/0, ::/0 – ka tukuna katoatia nga hokohoko whatunga ki te tūmau VPN.
192.0.2.3/32 – ko nga waka ki te wahitau IP kotahi ka tukuna ki te tūmau VPN.
3.5.140.0/22 – ko te hokohoko anake ki nga IP i te awhe 3.5.140.1 – 3.5.143.254 ka tukuna ki te tūmau VPN. I tenei tauira, i whakamahia te awhe CIDR mo te rohe ap-ma-raki-2 AWS.
Ka kowhiria e Firezone te atanga putanga e hono ana ki te huarahi tino tika i te tuatahi ka whakatauhia ki hea te arai i te kete.
Me whakahou nga kaiwhakamahi i nga konae whirihoranga me te taapiri atu ki o raatau kaihoko WireGuard taketake kia taea ai te whakahou i nga taputapu kaiwhakamahi o mua me te whirihoranga kohanga hou.
Mo nga tohutohu, tirohia tāpiri taputapu. <<<<<<<<<< Tāpiri hono
Ma tenei pukapuka e whakaatu me pehea te hono i nga taputapu e rua ma te whakamahi i te Firezone hei rei. Ko tetahi o nga keehi ka taea e te kaiwhakahaere te uru atu ki tetahi tūmau, ipu, miihini ranei e parea ana e te NAT, te paahi ahi ranei.
Ko tenei whakaahua e whakaatu ana i tetahi ahuatanga ngawari e hanga ana e nga Pūrere A me B he kauhanga.
[Whakauruhia te pikitia hoahoanga rohe ahi]
Tīmata mā te hanga i te Pūrere A me te Pūrere B mā te whakatere ki /users/[user_id]/new_device. I roto i nga tautuhinga mo ia taputapu, whakarite kia whakaritea nga tawhā e whai ake nei ki nga uara kua whakarārangitia i raro nei. Ka taea e koe te tautuhi i nga tautuhinga taputapu i te wa e hanga ana i te whirihora taputapu (tirohia te Tāpiri Pūrere). Mena ka hiahia koe ki te whakahou i nga tautuhinga i runga i tetahi taputapu o naianei, ka taea e koe ma te whakaputa i tetahi whirihora taputapu hou.
Kia mahara he wharangi /tautuhinga/taunoa nga taputapu katoa ka taea te whirihora a PersistentKeepalive.
IP Whakaaetia = 10.3.2.2/32
Koinei te IP, te awhe ranei o nga IP o te Pūrere B
TonuKeepalive = 25
Mena kei muri te taputapu i te NAT, ma tenei ka taea e te taputapu te pupuri i te ora me te whiwhi tonu i nga paatete mai i te atanga WireGuard. Ko te tikanga he rawaka te uara o te 25, engari ka hiahia koe ki te whakaheke i tenei uara i runga i to taiao.
IP Whakaaetia = 10.3.2.3/32
Koinei te IP, te awhe ranei o nga IP o te Pūrere A
TonuKeepalive = 25
Ko tenei tauira e whakaatu ana i tetahi ahuatanga ka taea e te Pūrere A te korero ki nga Pūrere B ki D i nga taha e rua. Ka taea e tenei tatūnga te tohu i tetahi miihini, kaiwhakahaere ranei e uru ana ki nga rauemi maha (tumau, ipu, miihini ranei) puta noa i nga momo whatunga.
[Hoahoa Hangahanga]<<<<<<<<<<<<<<<<<<<<<<<<
Me mohio kei te mahia nga tautuhinga e whai ake nei i roto i nga tautuhinga o ia taputapu ki nga uara e rite ana. A, no te hanga i te whirihoranga taputapu, ka taea e koe te tautuhi i nga tautuhinga taputapu (tirohia te Tāpiri Pūrere). Ka taea te hanga i tetahi whirihora taputapu hou mena me whakahou nga tautuhinga i runga i tetahi taputapu o naianei.
IP Whakaaetia = 10.3.2.3/32, 10.3.2.4/32, 10.3.2.5/32
Ko te IP tenei o nga taputapu B ki D. Ko nga IP o nga Pūrere B ki D me whakauru ki tetahi awhe IP ka whiriwhiri koe ki te tautuhi.
TonuKeepalive = 25
Ma tenei ka whakapumau ka taea e te taputapu te pupuri i te kauhanga me te whiwhi tonu i nga paatete mai i te atanga WireGuard ahakoa kua parea e te NAT. I te nuinga o te waa, he tika te uara o te 25, engari i runga i to taiao, ka hiahia koe ki te whakaheke i tenei whika.
Hei tuku i tetahi IP puta noa mo nga waka katoa o to roopu kia rere ki waho, ka taea te whakamahi Firezone hei kuaha NAT. Ko enei ahuatanga ko te whakamahi auau:
Nga Mahi Whakawhitiwhiti: Tonoa kia whakararangihia e to kaihoko tetahi wahitau IP pateko kotahi, kaua ki te IP taputapu motuhake o ia kaimahi.
Ma te whakamahi i te takawaenga, te huna ranei i to IP puna mo nga kaupapa haumarutanga, mo nga kaupapa tūmataiti ranei.
He tauira ngawari mo te whakawhäiti i te uru atu ki te tono paetukutuku manaaki-whaiaro ki tetahi IP tuuturu kua whakarangihia e rere ana a Firezone ka whakaatuhia ki tenei pou. I roto i tenei whakaahua, ko Firezone me te rauemi tiaki kei roto i nga waahi VPC rereke.
He maha nga wa ka whakamahia tenei otinga hei whakakapi mo te whakahaere i tetahi rarangi maa IP mo te maha o nga kaiwhakamahi mutunga, ka pau te waa i te wa e toro haere ana te rarangi uru.
Ko ta matou whainga ko te whakatu i tetahi tūmau Firezone i runga i te tauira EC2 ki te tuku ano i nga hokohoko VPN ki te rauemi kua herea. I tenei wa, kei te mahi a Firezone hei takawaenga whatunga, he kuaha NAT ranei hei hoatu ki ia taputapu hono he IP puta motuhake mo te iwi.
I tenei keehi, he tauira EC2 ko tc2.micro kua whakauruhia he tauira Firezone ki runga. Mo nga korero mo te whakamahi i te Firezone, haere ki te Aratohu Whakamahinga. Mo te AWS, kia mohio koe:
Ka whakaaetia e te roopu haumarutanga a Firezone EC2 nga waka ki waho ki te wahitau IP o te rauemi kua tiakina.
Ka tae mai te tauira Firezone me te IP rapa. Ko nga waka ka tukuna ma te tauira Firezone ki nga waahi o waho ka waiho hei wahitau IP puna. Ko te wahitau IP e patai ana ko 52.202.88.54.
[Kōkuhu Whakaahuamata]<<<<<<<<<<<<<<<<<<<<<<<<
Ko te tono tukutuku e manaakihia ana e ia hei rauemi tiaki i tenei keehi. Ka taea anake te uru ki te taupānga tukutuku ma nga tono mai i te IP IP 52.202.88.54. I runga i te rauemi, ka taea te whakaae kia uru mai nga waka ki roto i nga momo tauranga me nga momo waka. Kaore tenei i roto i tenei pukapuka.
[Whakauruhia te Whakaahuamata]<<<<<<<<<<<<<<<<<<<<<<<<
Tena koa korero atu ki te hunga tuatoru e whakahaere ana i te rauemi kua tiakina me whakaaehia te hokohoko mai i te IP pateko kua tautuhia i te Hipanga 1 (i tenei keehi 52.202.88.54).
Ma te taunoa, ka haere nga waka kaiwhakamahi katoa i roto i te tūmau VPN ka puta mai i te IP tuuturu i whirihorahia i te Hipanga 1 (i tenei keehi 52.202.88.54). Heoi, ki te whakahoehia te whakahiatotanga, ka tika pea nga tautuhinga kia mohio kei te whakararangihia te IP ūnga o te rauemi kua tiakina ki roto i nga IP Whakaaetia.
Kei raro nei he rarangi katoa o nga whiringa whirihoranga kei roto /etc/firezone/firezone.rb.
kōwhiringa | whakaahuatanga | uara taunoa |
taunoa['firezone']['external_url'] | URL i whakamahia hei uru atu ki te tomokanga tukutuku o tenei tauira Firezone. | “https://#{node['fqdn'] || node['ingoa kaihautū']}” |
taunoa['firezone']['config_directory'] | Whaiaronga taumata-runga mo te whirihoranga Firezone. | /etc/firezone' |
taunoa['firezone']['install_directory'] | Whaiaronga taumata-runga hei whakauru Firezone ki. | /opt/firezone' |
taunoa['firezone']['app_directory'] | Whaiaronga taumata-runga hei whakauru i te tono tukutuku Firezone. | “#{node['firezone']['install_directory']}/whakauruhia/service/firezone" |
taunoa['firezone']['log_directory'] | Whaiaronga taumata-runga mo nga raarangi Firezone. | /var/log/firezone' |
taunoa['firezone']['var_directory'] | Whaiaronga taumata-runga mo nga konae wa whakahaere Firezone. | /var/opt/firezone' |
taunoa['firezone']['kaiwhakamahi'] | Ingoa o te kaiwhakamahi Linux karekau te nuinga o nga ratonga me nga konae kei a ratou. | rohe ahi' |
taunoa['firezone']['roopu'] | Ingoa o te roopu Linux ka uru te nuinga o nga ratonga me nga konae. | rohe ahi' |
taunoa['firezone']['admin_email'] | Wāhitau īmēra mō te kaiwhakamahi Firezone tuatahi. | “firezone@localhost” |
taunoa['firezone']['max_devices_per_user'] | Te maha o nga taputapu ka taea e te kaiwhakamahi. | 10 |
taunoa['firezone']['allow_unprivileged_device_management'] | Ka taea e nga kaiwhakamahi kore-kaiwhakahaere ki te hanga me te whakakore i nga taputapu. | Tuhinga |
taunoa['firezone']['allow_unprivileged_device_configuration'] | Whakaaetia nga kaiwhakamahi kore-kaiwhakahaere ki te whakarereke i nga whirihoranga taputapu. Ina monokia, ka aukati i nga kaiwhakamahi kore rawa ki te huri i nga mara taputapu katoa engari mo te ingoa me te whakaahuatanga. | Tuhinga |
taunoa['firezone']['egress_interface'] | Ingoa atanga ka puta nga waka atanga. Ki te kore, ka whakamahia te atanga ara taunoa. | Tuhinga o mua |
taunoa['firezone']['fips_enabled'] | Whakahohe, whakakorehia ranei te aratau OpenSSL FIPs. | Tuhinga o mua |
taunoa['firezone']['takiuru']['whakahohe'] | Whakahohe, whakakorehia ranei te takiuru puta noa i te Firezone. Whakatakotoria ki te teka ki te whakakore i te takiuru katoa. | Tuhinga |
taunoa['enterprise']['ingoa'] | He ingoa i whakamahia e te Kaitao 'enterprise' pukapuka tunu kai. | rohe ahi' |
taunoa['firezone']['install_path'] | Tāutahia te ara e whakamahia ana e te pukapuka tunu kai a te Kaitao 'enterprise'. Me whakarite kia rite ki te install_directory i runga ake nei. | node['firezone']['install_directory'] |
taunoa['firezone']['sysvinit_id'] | He tohu i whakamahia i /etc/inittab. Me noho he raupapa ahurei o 1-4 pūāhua. | HUI' |
taunoa['firezone']['motuhēhēnga']['local']['whakahohea'] | Whakahohe, whakakorehia ranei te motuhēhēnga īmēra/kupuhipa rohe. | Tuhinga |
taunoa['firezone']['motuhēhēnga']['auto_create_oidc_users'] | Waihanga aunoa i nga kaiwhakamahi ka haina mai i OIDC mo te wa tuatahi. Monokia ki te tuku i nga kaiwhakamahi o mua ki te haina ma OIDC. | Tuhinga |
taunoa['firezone']['motuhēhēnga']['disable_vpn_on_oidc_error'] | Monokia te VPN a te kaiwhakamahi mena ka kitea he hapa e ngana ana ki te whakahou i tana tohu OIDC. | FALSE |
taunoa['firezone']['motuhēhēnga']['oidc'] | OpenID Connect whirihora, i roto i te hōputu o {“kaiwhakarato” => [whiriwhiringa...]} – Tirohia Tuhinga OpenIDConnect mo nga tauira whirihora. | {} |
taunoa['firezone']['nginx']['whakahohea'] | Whakahohe, whakakorehia ranei te tūmau nginx kua oti te paihere. | Tuhinga |
taunoa['firezone']['nginx']['ssl_port'] | HTTPS tauranga whakarongo. | 443 |
taunoa['firezone']['nginx']['directory'] | Whaiaronga ki te rokiroki i te whirihoranga ope mariko nginx e pa ana ki a Firezone. | “#{node['firezone']['var_directory']}/nginx/etc” |
taunoa['firezone']['nginx']['log_directory'] | Whaiaronga hei rokiroki i nga konae rangitaki nginx e pa ana ki a Firezone. | “#{node['firezone']['log_directory']}/nginx” |
taunoa['firezone']['nginx']['log_rotation']['file_maxbytes'] | Rahi konae hei huri i nga konae rangitaki Nginx. | 104857600 |
taunoa['firezone']['nginx']['log_rotation']['num_to_keep'] | Te maha o nga kōnae rangitaki nginx Firezone hei pupuri i mua i te whakakore. | 10 |
taunoa['firezone']['nginx']['log_x_forwarded_for'] | Me takiuru Firezone nginx x-whakamua-mo te pane. | Tuhinga |
taunoa['firezone']['nginx']['hsts_header']['whakahohea'] | Tuhinga | |
taunoa['firezone']['nginx']['hsts_header']['include_subdomains'] | Whakahohe, whakakorehia ranei te whakauruSubDomains mo te pane HSTS. | Tuhinga |
taunoa['firezone']['nginx']['hsts_header']['max_age'] | Morahi tau mo te pane HSTS. | 31536000 |
taunoa['firezone']['nginx']['redirect_to_canonical'] | Mena ka tukuna ano nga URL ki te FQDN kanoona kua tohua i runga ake nei | FALSE |
taunoa['firezone']['nginx']['cache']['whakahohe'] | Whakahohe, whakakorehia ranei te keteroki nginx Firezone. | FALSE |
taunoa['firezone']['nginx']['cache']['directory'] | Whaiaronga mo te keteroki nginx Firezone. | “#{node['firezone']['var_directory']}/nginx/cache” |
taunoa['firezone']['nginx']['kaiwhakamahi'] | Firezone nginx kaiwhakamahi. | node['firezone']['kaiwhakamahi'] |
taunoa['firezone']['nginx']['roopu'] | Rōpū nginx Firezone. | node['firezone']['roopu'] |
taunoa['firezone']['nginx']['dir'] | Whaiaronga whirihoranga nginx taumata-runga. | node['firezone']['nginx']['directory'] |
taunoa['firezone']['nginx']['log_dir'] | Whaiaronga rangitaki nginx taumata-runga. | node['firezone']['nginx']['log_directory'] |
taunoa['firezone']['nginx']['pid'] | Tauwāhi mo te kōnae nginx pid. | “#{node['firezone']['nginx']['directory']}/nginx.pid” |
taunoa['firezone']['nginx']['daemon_disable'] | Monokia te aratau daemon nginx kia taea ai e tatou te aroturuki. | Tuhinga |
taunoa['firezone']['nginx']['gzip'] | Whakakāngia, whakawetohia rānei te kōpeketanga gzip nginx. | i runga i ' |
taunoa['firezone']['nginx']['gzip_static'] | Whakawetohia te nginx gzip compression mo nga konae pateko. | atu' |
taunoa['firezone']['nginx']['gzip_http_version'] | Putanga HTTP hei whakamahi mo te mahi i nga konae pateko. | 1.0 ' |
taunoa['firezone']['nginx']['gzip_comp_level'] | nginx gzip taumata kōpeketanga. | 2 ' |
taunoa['firezone']['nginx']['gzip_proxied'] | Whakahohe, mono ranei te gzipping o nga whakautu mo nga tono takawaenga i runga i te tono me te whakautu. | ahakoa' |
taunoa['firezone']['nginx']['gzip_vary'] | Whakahohe, mono ranei te whakauru i te pane whakautu "Whakaae: Whakaae-Whakawaehere". | atu' |
taunoa['firezone']['nginx']['gzip_buffers'] | Ka tautuhi i te tau me te rahi o nga parepare e whakamahia ana hei kopiri i te whakautu. Ki te kore, ka whakamahia te nginx taunoa. | Tuhinga o mua |
taunoa['firezone']['nginx']['gzip_types'] | Momo MIME hei whakahohe i te kōpeketanga gzip mo. | ['kuputuhi/mania', 'kuputuhi/css','tono/x-javascript', 'tuhinga/xml', 'tono/xml', 'tono/rss+xml', 'tono/atom+xml', ' kuputuhi/javascript', 'tono/javascript', 'tono/json'] |
taunoa['firezone']['nginx']['gzip_min_length'] | Te roanga o te konae kia taea ai te whakakope i te konae gzip. | 1000 |
taunoa['firezone']['nginx']['gzip_disable'] | Kaihoahoa-kaiwhakamahi hei mono i te kōpeketanga gzip mo. | MSIE [1-6]\.' |
taunoa['firezone']['nginx']['keepalive'] | Whakahohe keteroki mo te hono ki nga tūmau whakarunga. | i runga i ' |
taunoa['firezone']['nginx']['keepalive_timeout'] | Wā wā i roto i te hēkona mō te tūhonohono ora ki ngā tūmau whakarunga. | 65 |
taunoa['firezone']['nginx']['kaimahi_processes'] | Te maha o nga tukanga kaimahi nginx. | node['cpu'] && node['cpu']['tapeke'] ? node['cpu']['tapeke'] : 1 |
taunoa['firezone']['nginx']['kaimahi_hononga'] | Te maha o nga hononga tukutahi ka taea te whakatuwhera ma te tukanga kaimahi. | 1024 |
taunoa['firezone']['nginx']['worker_rlimit_nofile'] | Hurihia te tepe mo te maha rawa o nga konae tuwhera mo nga tukanga kaimahi. Ka whakamahi taunoa nginx ki te kore. | Tuhinga o mua |
taunoa['firezone']['nginx']['multi_accept'] | Me whakaae nga kaimahi kia kotahi hononga i te wa kotahi, maha ranei. | Tuhinga |
taunoa['firezone']['nginx']['takahanga'] | Ka tautuhi i te tikanga tukatuka hononga hei whakamahi i roto i te horopaki takahanga nginx. | epoll' |
taunoa['firezone']['nginx']['tūmau_tokens'] | Whakahohe, mono ranei te whakaputa i te putanga nginx ki nga wharangi hapa me te mara pane whakautu "Tumau". | Tuhinga o mua |
taunoa['firezone']['nginx']['server_name_hash_bucket_size'] | Ka tautuhi i te rahi o te peere mo nga ingoa tūmau nga ripanga hash. | 64 |
taunoa['firezone']['nginx']['sendfile'] | Whakahohe, whakakore ranei i te whakamahinga o te sendfile() a nginx. | i runga i ' |
taunoa['firezone']['nginx']['access_log_options'] | Ka tautuhi i nga whiringa rangitaki uru nginx. | Tuhinga o mua |
taunoa['firezone']['nginx']['error_log_options'] | Ka tautuhi i nga whiringa rangitaki hapa nginx. | Tuhinga o mua |
taunoa['firezone']['nginx']['disable_access_log'] | Ka mono i te rangitaki uru nginx. | FALSE |
taunoa['firezone']['nginx']['types_hash_max_size'] | momo nginx te rahi o te hash max. | 2048 |
taunoa['firezone']['nginx']['types_hash_bucket_size'] | momo nginx rahi peere hash. | 64 |
taunoa['firezone']['nginx']['proxy_read_timeout'] | nginx takawaenga panui taima. Tautuhi ki te kore hei whakamahi taunoa nginx. | Tuhinga o mua |
taunoa['firezone']['nginx']['client_body_buffer_size'] | nginx te rahi o te tinana o te kiritaki. Tautuhi ki te kore hei whakamahi taunoa nginx. | Tuhinga o mua |
taunoa['firezone']['nginx']['client_max_body_size'] | nginx kiritaki te rahi o te tinana. | 250m' |
taunoa['firezone']['nginx']['taunoa']['kōwae'] | Tauwhāitihia ētahi atu kōwae nginx. | [] |
taunoa['firezone']['nginx']['enable_rate_limiting'] | Whakahohehia, whakakorehia ranei te whakaiti reiti nginx. | Tuhinga |
taunoa['firezone']['nginx']['rate_limiting_zone_name'] | Ingoa rohe whakawhāiti reiti Nginx. | rohe ahi' |
taunoa['firezone']['nginx']['rate_limiting_backoff'] | Nginx reiti whakawhāiti hoki. | 10m' |
taunoa['firezone']['nginx']['rate_limit'] | Te rohe reeti Nginx. | 10r/s' |
taunoa['firezone']['nginx']['ipv6'] | Tukua te nginx ki te whakarongo mo nga tono HTTP mo IPv6 hei taapiri atu ki te IPv4. | Tuhinga |
taunoa['firezone']['postgresql']['whakahohea'] | Whakahohehia, whakakorehia ranei te Postgresql paihere. Whakatakotoria ki te teka ka whakakiia nga whiringa raraunga i raro nei hei whakamahi i to ake tauira Postgresql. | Tuhinga |
taunoa['firezone']['postgresql']['ingoawhakamahi'] | Ingoa Kaiwhakamahi mo Postgresql. | node['firezone']['kaiwhakamahi'] |
taunoa['firezone']['postgresql']['papanga_raraunga'] | Whaiaronga raraunga Postgresql. | "#{node['firezone']['var_directory']}/postgresql/13.3/data" |
taunoa['firezone']['postgresql']['log_directory'] | Whaiaronga rangitaki Postgresql. | “#{node['firezone']['log_directory']}/postgresql” |
taunoa['firezone']['postgresql']['log_rotation']['file_maxbytes'] | Te rahinga o te konae rangitaki Postgresql i mua i te hurihanga. | 104857600 |
taunoa['firezone']['postgresql']['log_rotation']['num_to_keep'] | Te maha o nga konae rangitaki Postgresql hei pupuri. | 10 |
taunoa['firezone']['postgresql']['checkpoint_completion_target'] | Ko te whainga otinga o te waahi taki Postgresql. | 0.5 |
taunoa['firezone']['postgresql']['checkpoint_segments'] | Te maha o nga waahanga tirotiro a Postgresql. | 3 |
taunoa['firezone']['postgresql']['checkpoint_timeout'] | Wā wā wāhitaki Postgresql. | 5min' |
taunoa['firezone']['postgresql']['tirohia_whakatupato'] | Ko te wa whakatupato waahi tirotiro Postgresql i roto i nga hēkona. | 30s' |
taunoa['firezone']['postgresql']['effective_cache_size'] | Postgresql rahi keteroki whai hua. | 128MB' |
taunoa['firezone']['postgresql']['whakarongo_address'] | Postgresql whakarongo wahitau. | 127.0.0.1 ' |
taunoa['firezone']['postgresql']['max_hononga'] | Postgresql max hononga. | 350 |
taunoa['firezone']['postgresql']['md5_auth_cidr_addresses'] | Postgresql CIDRs ki te tuku md5 whakamotuhēhē. | ['127.0.0.1/32', '::1/128'] |
taunoa['firezone']['postgresql']['tauranga'] | Tauranga whakarongo Postgresql. | 15432 |
taunoa['firezone']['postgresql']['shared_buffers'] | Postgresql tiritahi i te rahi o nga buffers. | “#{(node['memory']['tapeke'].to_i / 4) / 1024}MB” |
taunoa['firezone']['postgresql']['shmmax'] | Postgresql shmmax i roto i nga paita. | 17179869184 |
taunoa['firezone']['postgresql']['shmall'] | Postgresql shmall i roto i nga paita. | 4194304 |
taunoa['firezone']['postgresql']['work_mem'] | Rahi mahara mahi Postgresql. | 8MB' |
taunoa['firezone']['paunga raraunga']['kaiwhakamahi'] | Ka tautuhi i te ingoa kaiwhakamahi ka whakamahia e Firezone ki te hono atu ki te DB. | node['firezone']['postgresql']['ingoawhakamahi'] |
taunoa['firezone']['patengi raraunga']['kupuhipa'] | Mena kei te whakamahi i te DB o waho, ka tohua te kupuhipa ka whakamahia e Firezone ki te hono atu ki te DB. | huri_me' |
taunoa['firezone']['patengi raraunga']['ingoa'] | Raraunga raraunga ka whakamahia e Firezone. Ka hangaia mena karekau. | rohe ahi' |
taunoa['firezone']['patengi raraunga']['kaihautū'] | Kaihautu Raraunga Raraunga ka hono atu a Firezone. | node['firezone']['postgresql']['whakarongo_address'] |
taunoa['firezone']['patengi raraunga']['tauranga'] | Tauranga pātengi raraunga ka hono atu a Firezone. | node['firezone']['postgresql']['tauranga'] |
taunoa['firezone']['patengi raraunga']['pool'] | Ka whakamahia e Firezone te rahi o te puna puna raraunga. | [10, Etc.nprocessors].max |
taunoa['firezone']['patengi raraunga']['ssl'] | Mena ka hono atu ki te papaunga raraunga ma runga SSL. | FALSE |
taunoa['firezone']['patengi raraunga']['ssl_opts'] | {} | |
taunoa['firezone']['patengi raraunga']['tawhā'] | {} | |
taunoa['firezone']['patengi raraunga']['toronga'] | Ko nga toronga raraunga kia taea ai. | { 'plpgsql' => pono, 'pg_trgm' => pono } |
taunoa['firezone']['phoenix']['whakahohe'] | Whakahohe, whakakorehia ranei te tono paetukutuku Firezone. | Tuhinga |
taunoa['firezone']['phoenix']['whakarongo_address'] | Ko te wahitau whakarongo tono paetukutuku Firezone. Koinei te korero whakarongo whakarunga ka tukuna e te nginx. | 127.0.0.1 ' |
taunoa['firezone']['phoenix']['tauranga'] | Tauranga whakarongo tono tukutuku Firezone. Ko tenei te tauranga whakarunga e nginx takawaenga. | 13000 |
taunoa['firezone']['phoenix']['log_directory'] | Whaiaronga rangitaki tono paetukutuku Firezone. | “#{node['firezone']['log_directory']}/phoenix” |
taunoa['firezone']['phoenix']['log_rotation']['file_maxbytes'] | Rahi kōnae rangitaki tono paetukutuku Firezone. | 104857600 |
taunoa['firezone']['phoenix']['log_rotation']['num_to_keep'] | Te maha o nga kōnae rangitaki tono paetukutuku Firezone hei pupuri. | 10 |
taunoa['firezone']['phoenix']['crash_detection']['whakahohea'] | Whakahohe, whakakorehia ranei te tuku iho i te tono tukutuku Firezone ina kitea he tukinga. | Tuhinga |
taunoa['firezone']['phoenix']['waho_whakawhirinaki_proxies'] | Rarangi o nga takawaenga whakamuri whakawhirinaki kua whakahōputuhia hei Huanga o nga IP me/ranei nga CIDR. | [] |
taunoa['firezone']['phoenix']['kaitaki_private'] | Rarangi o nga kiritaki HTTP whatunga tūmataiti, i whakahōputuhia he Huranga IP me/ranei CIDR. | [] |
taunoa['firezone']['wireguard']['whakahohea'] | Whakahohehia, whakakorehia ranei te whakahaere WireGuard paihere. | Tuhinga |
taunoa['firezone']['wireguard']['log_directory'] | Takiuru whaiaronga mo te whakahaere WireGuard paihere. | “#{node['firezone']['log_directory']}/wireguard" |
taunoa['firezone']['wireguard']['log_rotation']['file_maxbytes'] | Te rahi o te rahi o te kōnae rangitaki WireGuard. | 104857600 |
taunoa['firezone']['wireguard']['log_rotation']['num_to_keep'] | Te maha o nga konae rangitaki WireGuard hei pupuri. | 10 |
taunoa['firezone']['wireguard']['ingoa_atanga'] | WireGuard ingoa atanga. Ma te huri i tenei tawhā ka ngaro pea te hononga VPN. | wg-firezone' |
taunoa['firezone']['wireguard']['tauranga'] | WireGuard whakarongo tauranga. | 51820 |
taunoa['firezone']['wireguard']['mtu'] | Atanga WireGuard MTU mo tenei tūmau me nga whirihoranga taputapu. | 1280 |
taunoa['firezone']['wireguard']['mutunga'] | WireGuard Endpoint hei whakamahi mo te whakaputa whirihoranga taputapu. Ki te kore, ka taunoa ki te wāhitau IP tūmatanui o te tūmau. | Tuhinga o mua |
taunoa['firezone']['wireguard']['dns'] | WireGuard DNS hei whakamahi mo nga whirihoranga taputapu hanga. | 1.1.1.1, 1.0.0.1′ |
taunoa['firezone']['wireguard']['allowed_ips'] | WireGuard AllowedIPs ki te whakamahi mo nga whirihoranga taputapu hangaia. | 0.0.0.0/0, ::/0′ |
taunoa['firezone']['wireguard']['persistent_keepalive'] | Tautuhinga PersistentKeepalive Taunoa mo nga whirihoranga taputapu i hangaia. Ko te uara o te 0 ka monokia. | 0 |
taunoa['firezone']['wireguard']['ipv4']['whakahohe'] | Whakahohe, whakakorehia ranei te IPv4 mo te whatunga WireGuard. | Tuhinga |
taunoa['firezone']['wireguard']['ipv4']['masquerade'] | Whakahohe, whakakorehia ranei te masquerade mo nga paatete ka mahue i te kauhanga IPv4. | Tuhinga |
taunoa['firezone']['wireguard']['ipv4']['whatunga'] | WireGuard whatunga IPv4 puna wāhitau wāhitau. | 10.3.2.0/24 ′ |
taunoa['firezone']['wireguard']['ipv4']['wāhitau'] | WireGuard atanga IPv4 wāhitau. Me noho i roto i te puna wahitau WireGuard. | 10.3.2.1 ' |
taunoa['firezone']['wireguard']['ipv6']['whakahohe'] | Whakahohe, whakakorehia ranei te IPv6 mo te whatunga WireGuard. | Tuhinga |
taunoa['firezone']['wireguard']['ipv6']['masquerade'] | Whakahohe, whakakorehia ranei te masquerade mo nga paatete ka mahue i te kauhanga IPv6. | Tuhinga |
taunoa['firezone']['wireguard']['ipv6']['whatunga'] | WireGuard whatunga IPv6 puna wāhitau wāhitau. | fd00::3:2:0/120′ |
taunoa['firezone']['wireguard']['ipv6']['wāhitau'] | WireGuard atanga wāhitau IPv6. Me noho i roto i te puna wāhitau IPv6. | fd00::3:2:1′ |
taunoa['firezone']['runit']['svlogd_bin'] | Runit svlogd bin wāhi. | “#{node['firezone']['install_directory']}/whakamau/bin/svlogd” |
taunoa['firezone']['ssl']['directory'] | Whaiaronga SSL mo te penapena i nga tohu i hangaia. | /var/opt/firezone/ssl' |
taunoa['firezone']['ssl']['email_address'] | Wāhitau imeera hei whakamahi mo nga tiwhikete haina-whaiaro me nga panui whakahou kawa ACME. | koe@example.com' |
taunoa['firezone']['ssl']['acme']['whakahohea'] | Whakahohehia te ACME mo te tuku tiwhikete SSL aunoa. Monokia tenei kia kore ai e whakarongo a Nginx ki te tauranga 80. Tirohia ki konei mo etahi atu tohutohu. | FALSE |
taunoa['firezone']['ssl']['acme']['tūmau'] | ka taea te tuku | |
taunoa['firezone']['ssl']['acme']['roamatua'] | Tauwhāitihia te momo matua me te roa mo nga tiwhikete SSL. Tirohia ki konei | ec-256 |
taunoa['firezone']['ssl']['tiwhikete'] | Ara ki te konae tiwhikete mo to FQDN. Ka takahia te tautuhinga ACME ki runga ake mena kua tohua. Ki te kore te ACME me tenei ka puta he tiwhikete haina-whaiaro. | Tuhinga o mua |
taunoa['firezone']['ssl']['tohu_matua'] | Ara ki te kōnae tiwhikete. | Tuhinga o mua |
taunoa['firezone']['ssl']['ssl_dhparam'] | nginx ssl dh_param. | Tuhinga o mua |
taunoa['firezone']['ssl']['country_name'] | Ingoa whenua mo te tiwhikete haina-whaiaro. | US' |
taunoa['firezone']['ssl']['state_name'] | Ingoa whenua mo te tiwhikete haina-whaiaro. | CA ' |
taunoa['firezone']['ssl']['locality_name'] | Ingoa rohe mo te tiwhikete haina-whaiaro. | San Francisco' |
taunoa['firezone']['ssl']['ingoa_kamupene'] | Tiwhikete haina-whaiaro te ingoa o te kamupene. | Taku Kamupene' |
taunoa['firezone']['ssl']['organizational_unit_name'] | Ingoa wae whakahaere mo te tiwhikete haina-whaiaro. | Nga Mahi' |
taunoa['firezone']['ssl']['ciphers'] | SSL ciphers mo te nginx hei whakamahi. | ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’ |
taunoa['firezone']['ssl']['fips_ciphers'] | SSL ciphers mo te aratau FIP. | FIPS@kaha:!aNULL:!eNULL' |
taunoa['firezone']['ssl']['protocols'] | Kawa TLS hei whakamahi. | TLSv1 TLSv1.1 TLSv1.2′ |
taunoa['firezone']['ssl']['session_cache'] | Keteroki wātū SSL. | tiritahi:SSL:4m' |
taunoa['firezone']['ssl']['wātū_wātū'] | Wātū wātū SSL. | 5m' |
taunoa['firezone']['robots_allow'] | karetao nginx tukua. | /' |
taunoa['firezone']['robots_disallow'] | karetao nginx kare e whakaae. | Tuhinga o mua |
taunoa['firezone']['outbound_email']['mai'] | He īmēra puta mai i te wāhitau. | Tuhinga o mua |
taunoa['firezone']['outbound_email']['kaiwhakarato'] | Kaiwhakarato ratonga imeera ki waho. | Tuhinga o mua |
taunoa['firezone']['outbound_email']['configs'] | Nga whirihora kaiwhakarato imeera ki waho. | tirohia omnibus/cookbooks/firezone/attributes/default.rb |
taunoa['firezone']['telemetry']['whakahohe'] | Whakahohe, monohia ranei te waea waea hua ingoamuna. | Tuhinga |
taunoa['firezone']['connectivity_checks']['whakahohea'] | Whakahohe, monohia ranei te ratonga arowhai hononga Firezone. | Tuhinga |
taunoa['firezone']['connectivity_checks']['wawhanga'] | Te waahi i waenga i nga tirotiro honohono i roto i nga hēkona. | 3_600 |
________________________________________________________________
I konei ka kitea e koe he rarangi o nga konae me nga raarangi e pa ana ki te whakaurunga Firezone. Ka huri pea enei i runga i nga huringa ki to konae whirihoranga.
ara | whakaahuatanga |
/var/opt/firezone | Whaiaronga taumata-runga kei roto nga raraunga me te whirihoranga i hangaia mo nga ratonga paihere Firezone. |
/opt/firezone | Whaiaronga taumata-runga kei roto i nga whare pukapuka hanga, rua me nga konae wa whakahaere e hiahiatia ana e Firezone. |
/usr/bin/firezone-ctl | whaipainga firezone-ctl mo te whakahaere i to whakaurunga Firezone. |
/etc/systemd/system/firezone-runsvdir-start.service | systemd kōnae mo te timata i te tukanga kaitirotiro Firezone runsvdir. |
/etc/firezone | Kōnae whirihoranga Firezone. |
__________________________________________________________
I putua tenei wharangi i roto i nga tuhinga
_____________________________________________________________
Ka taea te whakamahi i te tauira papangaahi nftables e whai ake nei ki te whakamau i te tūmau e whakahaere ana i te Firezone. Ka whakatauhia e te tauira etahi whakapae; Ka hiahia pea koe ki te whakatika i nga ture kia rite ki to keehi whakamahi:
Ka whirihorahia e Firezone ona ake ture nfttables ki te whakaae/whakakore i nga waka ki nga waahi kua whirihorahia ki te atanga tukutuku me te whakahaere i te NAT ki waho mo te hokohoko a te kiritaki.
Ma te whakamahi i te tauira papangaahi i raro nei i runga i te tūmau e mahi ana (kaore i te wa whakaoho) ka whakakorehia nga ture Firezone. He paanga haumarutanga pea tenei.
Hei mahi mo tenei ka whakaara ano i te ratonga phoenix:
firezone-ctl tīmata anō i te phoenix
#!/usr/sbin/nft -f
## Ūkuia/purua ngā ture katoa
ture horoi
################################################################ ##############
## Ingoa atanga Ipurangi/WAN
tautuhi DEV_WAN = eth0
## Ingoa atanga WireGuard
tautuhi DEV_WIREGUARD = wg-firezone
## Tauranga whakarongo WireGuard
tautuhi WIREGUARD_PORT = 51820
##################################################################################### ############
# Tepu tātari whanau matua inet
tātari inet ripanga {
# Ture mo nga waka whakamua
# Ka tukatukahia tenei mekameka i mua i te mekameka whakamua Firezone
mekameka whakamua {
patopato tātari matau matamua tātari matua – 5; whakaae kaupapa here
}
# Ture mo te hokohoko whakauru
urunga mekameka {
momo tātari matau tāuru tātari matua; takahanga kaupapa here
## Whakaaetia te hokohoko uru ki te atanga whakamuri
mena he \
whakaae \
kōrero "Whakaaetia nga waka katoa mai i te atanga whakamuri"
## Whakaaetanga kua whakaritea me nga hononga hono
ct ahua kua whakapumautia, e pa ana \
whakaae \
kōrero "Whakaaetanga kua whakaritea/hononga hono"
## Whakaaetia te hokohoko WireGuard ki roto
iif $DEV_WAN udp dport $WIREGUARD_PORT \
porotiti \
whakaae \
kōrero “Whakaaetia te hokohoko WireGuard ki roto”
## Takiuru me te tuku i nga putea TCP kore-SYN hou
haki tcp != tukutahi ct ahua hou \
reiti rohe 100/meneti pakaru 150 mōkihi \
takirere prefix “IN – Hou !SYN: “ \
kōrero "Whakatauhia te takiuru mo nga hononga hou karekau he huinga haki SYN TCP"
haki tcp != tukutahi ct ahua hou \
porotiti \
maturuturu \
kōrero "Whakarerea nga hononga hou kaore he huinga haki SYN TCP"
## Takiuru me te whakataka i nga paakete TCP me te huinga haki muhu/syn
tcp haki & (fin|syn) == (fin|syn) \
reiti rohe 100/meneti pakaru 150 mōkihi \
takirere prefix “IN – TCP FIN|SIN: “ \
kōrero "Tepe utu te takiuru mo nga paatete TCP me te huinga haki muhu/syn"
tcp haki & (fin|syn) == (fin|syn) \
porotiti \
maturuturu \
kōrero “Whakatakahia nga paakete TCP me te huinga kara whai muhu/syn”
## Takiuru me te whakataka i nga paakete TCP me te huinga tohu syn/mua muhu
tcp haki & (syn|tuatahi) == (syn|tuatahi) \
reiti rohe 100/meneti pakaru 150 mōkihi \
takirere prefix “IN – TCP SYN|RST: “ \
kōrero “Tepe reeti te takiuru mo nga paatete TCP me te syn muhu/te huinga haki tuatahi”
tcp haki & (syn|tuatahi) == (syn|tuatahi) \
porotiti \
maturuturu \
kōrero "Whakatakahia nga paakete TCP me te huinga syn/kara tuatahi muhu"
## Takiuru me te whakataka i nga haki TCP muhu
tcp haki & (fin|syn|tua|psh|ack|urg) < (fin) \
reiti rohe 100/meneti pakaru 150 mōkihi \
takirere prefix “IN – FIN:” \
kōrero “Tepe utu te takiuru mo nga haki TCP muhu (fin|syn|rst|psh|ack|urg) < (fin)”
tcp haki & (fin|syn|tua|psh|ack|urg) < (fin) \
porotiti \
maturuturu \
kōrero “Whakatakahia nga paakete TCP me nga haki (fin|syn|rst|psh|ack|urg) < (fin)”
## Takiuru me te whakataka i nga haki TCP muhu
tcp haki & (fin|syn|tuatahi|psh|ack|urg) == (fin|psh|urg) \
reiti rohe 100/meneti pakaru 150 mōkihi \
takirere prefix “IN – FIN|PSH|URG:” \
kōrero “Whakatauhia te takiuru tepe mo nga haki TCP muhu (fin|syn|tuatahi|psh|ack|urg) == (fin|psh|urg)”
tcp haki & (fin|syn|tuatahi|psh|ack|urg) == (fin|psh|urg) \
porotiti \
maturuturu \
kōrero “Whakatakahia nga paakete TCP me nga haki (fin|syn|rst|psh|ack|urg) == (fin|psh|urg)”
## Whakataka waka me te ahua hononga muhu
ct ahua muhu \
reiti rohe 100/meneti pakaru 150 mōkihi \
nga tohu takirere he prefix katoa “IN – Muhu:” \
kōrero "Tepe reiti takiuru mo nga waka me te ahua hononga muhu"
ct ahua muhu \
porotiti \
maturuturu \
kōrero "Whakarerea te hokohoko me te ahua hononga muhu"
## Whakaaetia nga whakautu ping/ping IPv4 engari tetee reeti ki te 2000 PPS
ip kawa icmp momo icmp { echo-reply, echo-tono } \
reiti rohe 2000/tuarua \
porotiti \
whakaae \
kōrero "Whakaaetia te paoro IPv4 ki roto (ping) iti ki te 2000 PPS"
## Whakaaetia era atu IPv4 ICMP katoa
ip kawa icmp \
porotiti \
whakaae \
kōrero "Whakaaetia etahi atu IPv4 ICMP katoa"
## Whakaaetia nga whakautu ping/ping IPv6 engari tetee reeti ki te 2000 PPS
momo icmpv6 {whakautu-whakautu, tono-echo} \
reiti rohe 2000/tuarua \
porotiti \
whakaae \
kōrero "Whakaaetia te paoro IPv6 ki roto (ping) iti ki te 2000 PPS"
## Whakaaetia era atu IPv6 ICMP katoa
meta l4proto {icmpv6} \
porotiti \
whakaae \
kōrero "Whakaaetia etahi atu IPv6 ICMP katoa"
## Whakaaetia nga tauranga UDP traceroute ki roto engari whakawhāiti ki te 500 PPS
udp dport 33434-33524 \
reiti rohe 500/tuarua \
porotiti \
whakaae \
kōrero "Whakaaetia te UDP traceroute ki roto ki te 500 PPS"
## Whakaaetia te SSH ki roto
tcp dport SSH ct ahua hou \
porotiti \
whakaae \
kōrero "Whakaaetia nga hononga SSH uru"
## Whakaaetia te HTTP uru me te HTTPS
tcp dport {http, https} ct ahua hou \
porotiti \
whakaae \
kōrero "Whakaaetia nga hononga HTTP me HTTPS"
## Takiuru i nga waka kaore i rite, engari me utu te rohe ki te 60 nga karere/meneti
## Ka whakamahia te kaupapa here taunoa ki nga waka kore taurite
reiti rohe 60/meneti pakaru 100 mōkihi \
takirere prefix “IN – Whakataka:” \
kōrero “Takiuruhia nga waka kore taurite”
## Tatauhia nga waka kaore i rite
porotiti \
kōrero “Tatauhia nga waka kore taurite”
}
# Ture mo te hokohoko whakaputa
putanga mekameka {
momo tātari matau putanga tātari matua; takahanga kaupapa here
## Whakaaetia te hokohoko ki waho ki te atanga whakamuri
oif ra \
whakaae \
kōrero "Whakaaetia nga hokohoko katoa ki te atanga whakamuri"
## Whakaaetanga kua whakaritea me nga hononga hono
ct ahua kua whakapumautia, e pa ana \
porotiti \
whakaae \
kōrero "Whakaaetanga kua whakaritea/hononga hono"
## Whakaaetia te hokohoko WireGuard ki waho i mua i te tuku hononga ki te ahua kino
oif $DEV_WAN udp hākinakina $WIREGUARD_PORT \
porotiti \
whakaae \
kōrero "Whakaaetia nga waka ki waho"
## Whakataka waka me te ahua hononga muhu
ct ahua muhu \
reiti rohe 100/meneti pakaru 150 mōkihi \
nga tohu takirere he prefix katoa “WHAI – Muhu:” \
kōrero "Tepe reiti takiuru mo nga waka me te ahua hononga muhu"
ct ahua muhu \
porotiti \
maturuturu \
kōrero "Whakarerea te hokohoko me te ahua hononga muhu"
## Whakaaetia etahi atu IPv4 ICMP puta noa
ip kawa icmp \
porotiti \
whakaae \
kōrero "Whakaaetia nga momo IPv4 ICMP katoa"
## Whakaaetia etahi atu IPv6 ICMP puta noa
meta l4proto {icmpv6} \
porotiti \
whakaae \
kōrero "Whakaaetia nga momo IPv6 ICMP katoa"
## Whakaaetia nga tauranga UDP traceroute ki waho engari whakawhāiti ki te 500 PPS
udp dport 33434-33524 \
reiti rohe 500/tuarua \
porotiti \
whakaae \
kōrero "Whakaaetia te UDP traceroute ki waho ki te 500 PPS"
## Whakaaetia nga hononga HTTP me te HTTPS ki waho
tcp dport {http, https} ct ahua hou \
porotiti \
whakaae \
kōrero "Whakaaetia nga hononga HTTP me te HTTPS ki waho"
## Whakaaetia te tukunga SMTP ki waho
tcp dport tukunga ct ahua hou \
porotiti \
whakaae \
kōrero “Whakaaetia te tukunga SMTP ki waho”
## Whakaaetia nga tono DNS ki waho
udp dport 53 \
porotiti \
whakaae \
kōrero "Whakaaetia nga tono UDP DNS ki waho"
tcp dport 53 \
porotiti \
whakaae \
kōrero "Whakaaetia nga tono TCP DNS ki waho"
## Whakaaetia nga tono NTP ki waho
udp dport 123 \
porotiti \
whakaae \
kōrero “Whakaaetia nga tono NTP ki waho”
## Takiuru i nga waka kaore i rite, engari me utu te rohe ki te 60 nga karere/meneti
## Ka whakamahia te kaupapa here taunoa ki nga waka kore taurite
reiti rohe 60/meneti pakaru 100 mōkihi \
takirere prefix “PUTA – Whakataka:” \
kōrero “Takiuruhia nga waka kore taurite”
## Tatauhia nga waka kaore i rite
porotiti \
kōrero “Tatauhia nga waka kore taurite”
}
}
# Tepu tātari NAT matua
tepu inet nat {
# Nga ture mo te hokohoko NAT i mua i te ararere
mekameka mua {
momo nat hook prerouting priority dstnat; whakaae kaupapa here
}
# Nga Ture mo te hokohoko NAT i muri i te ararere
# Ka tukatukahia tenei ripanga i mua i te mekameka ararere-muri a Firezone
mekameka poupou {
momo nat matau postrouting priority srcnat – 5; whakaae kaupapa here
}
}
Me penapena te papangaahi ki te waahi e tika ana mo te tohatoha Linux e rere ana. Mo Debian/Ubuntu ko /etc/nftables.conf tenei mo RHEL ko /etc/sysconfig/nftables.conf.
Me whirihora te nftables.service kia timata i runga i te boot (mehemea kare ano) kua tautuhia:
systemctl whakahohea nftables.service
Mēnā he huringa ki te tātauira pātūahi ka whakamanahia te wetereo mā te whakahaere i te whakahau taki:
nft -f /path/to/nftables.conf -c
Kia mohio koe ki te whakamana i nga mahi o te papangaahi i runga i te tumanako karekau pea etahi ahuatanga nftables e waatea ana i runga i te tukunga e rere ana i runga i te tūmau.
_______________________________________________________________
Ko tenei tuhinga e whakaatu ana i te tirohanga whanui mo te waea a Firezone i kohia mai i to tauira i manaakihia e koe me pehea te whakakore.
Rohe ahi whakawhirinaki i runga i te waea waea ki te whakaraupapa i ta maatau mahere huarahi me te arotau i nga rauemi miihini kei a matou kia pai ake a Firezone mo te katoa.
Ko te waea e kohia ana e matou ko te whakautu i nga patai e whai ake nei:
E toru nga waahi nui e kohia ai te waea waea i Firezone:
I roto i ia o enei horopaki e toru, ka hopukina e matou te iti rawa o nga raraunga e tika ana hei whakautu i nga paatai i te waahanga o runga.
Ka kohia nga imeera a te kaiwhakahaere mena ka uru koe ki nga whakahoutanga hua. Ki te kore, ko nga korero tautuhi-whaiaro e kore kohia.
Kei te toa a Firezone te waea waea i roto i tetahi tauira a PostHog e whakahaere ana i roto i te roopu Kubernetes motuhake, ka taea e te roopu Firezone anake te uru atu. Anei tetahi tauira o te huihuinga waea ka tukuna mai i to tauira o Firezone ki to maatau tūmau waea:
{
"Id": “0182272d-0b88-0000-d419-7b9a413713f1”,
“Waitohu”: “2022-07-22T18:30:39.748000+00:00”,
“takahanga”: “fz_http_timata”,
“id_distinct”: “1ec2e794-1c3e-43fc-a78f-1db6d1a37f54”,
“āhuatanga”:{
“$geoip_city_name”: “Ashburn”,
“$geoip_continent_code”: “NA”,
“$geoip_continent_ingoa”: “Amerika Te Tai Tokerau”,
“$geoip_country_code”: “US”,
“$geoip_country_name”: “Te Hononga o Amerika”,
“$geoip_latitude”: 39.0469,
“$geoip_longitude”: -77.4903,
“$geoip_postal_code”: "20149",
“$geoip_subdivision_1_code”: “VA”,
“$geoip_subdivision_1_ingoa”: “Virginia”,
“$geoip_time_zone”: “Amerika/New_York”,
“$ip”: "52.200.241.107",
“$plugins_deferred”: [],
“$ monomai_rahua”: [],
“$plugins_succeeded”: [
“GeoIP (3)”
],
“id_distinct”: “1zc2e794-1c3e-43fc-a78f-1db6d1a37f54”,
“fqdn”: “awsdemo.firezone.dev”,
“putanga_kernel”: “linux 5.13.0”,
“putanga”: "0.4.6"
},
“mea_mekameka”: ""
}
FAKATOKANGA
Ko te roopu whanaketanga Firezone whakawhirinaki i runga i te tātari hua kia pai ake a Firezone mo te katoa. Ko te waiho i te waea waea whakahoe ko te takoha tino nui ka taea e koe ki te whanaketanga o Firezone. E ai ki tera, kei te mohio matou he nui ake nga whakaritenga tūmataitinga, haumarutanga ranei o etahi kaiwhakamahi, a ka pai ki te whakakore i te waea waea. Mena ko koe tena, panui tonu.
Whakahohe taunoa te Telemetry. Hei whakakore katoa i te waea waea hua, tautuhia te whiringa whirihoranga e whai ake nei ki te teka i /etc/firezone/firezone.rb ka whakahaere sudo firezone-ctl reconfigure ki te tiki i nga huringa.
taunoa['rohe ahi']['telemetry']['whakahohe'] = teka
Ma tena ka whakakore katoa i te waea waea hua.
Hailbytes
9511 Kuini Kaitiaki Ct.
Laurel, MD 20723
Waea: (732) 771-9995
Īmēra: info@hailbytes.com
