Netmaker
__ __ ________ ________ __ __ ______ __ __ ________ _______
|\_\ |\_\ |\ ______\ |\ ______\ |\_\ /\_\ /\ ____\ |\_\ /\_\ |\ ______\ |\ _____\
| XX\ | XX | XXXXXXXX \XXXXXXXX | XX\ / XX |\ XXXXXX\ | XX / XX | XXXXXXXX | XXXXXXX\
| XXX\| XX | XX__ | XX | XXX\ / XXX | XX__| XX | XX/ XX | XX__ | XX__| XX
| XXXX\ XX | XX _\ | XX | XXXX\ XXXX | XX __\XX | XX XX | XX _\ | XX __\XX
| XX\XX XX | XXXXX | XX | XX\XX XX XX | XXXXXXXX | XXXXX\ | XXXXX | XXXXXXX\
| XX \XXXX | XX_____ | XX | XX \XXX| XX | XX | XX | XX \XX\ | XX_____ | XX | XX
| XX \XXX | XX ____\ | XX | XX \X | XX | XX | XX | XX \XX\ | XX ____\ | XX | XX
\XX \XX \XXXXXXXX \XX \XX \XX \XX \XX \XX \XX \XXXXXXXX \XX \XX
SA6ANW 20240104
Netmaker
Wireguard VPN & Software Defined Networking
Med Netmaker Kan jag styra kommunikationen precis som jag vill. Det påminner om Tailscale men man har möjlighet att hosta det själv. Jag kör version 0.17.0.
För att köra netnetmaker
Skapa en docker-compose.yaml med följande innehåll
version: "3.4"
services:
netmaker:
container_name: netmaker
image: gravitl/netmaker:v0.17.0
cap_add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.all.forwarding=1
restart: always
volumes:
- dnsconfig:/root/config/dnsconfig
- sqldata:/root/data
- mosquitto_data:/etc/netmaker
environment:
SERVER_NAME: "broker.netmaker.sa6anw.se"
SERVER_HOST: "81.170.219.67"
SERVER_API_CONN_STRING: "api.netmaker.sa6anw.se:443"
COREDNS_ADDR: "81.170.219.67"
DNS_MODE: "on"
SERVER_HTTP_HOST: "api.netmaker.sa6anw.se"
API_PORT: "8081"
CLIENT_MODE: "on"
MASTER_KEY: "Masterkey"
CORS_ALLOWED_ORIGIN: "*"
DISPLAY_KEYS: "on"
DATABASE: "sqlite"
NODE_ID: "netmaker-server-1"
MQ_HOST: "mq"
MQ_PORT: "443"
MQ_SERVER_PORT: "1883"
HOST_NETWORK: "off"
VERBOSITY: "1"
MANAGE_IPTABLES: "on"
PORT_FORWARD_SERVICES: "dns"
MQ_ADMIN_PASSWORD: "AdminPassword"
ports:
- "51821-51830:51821-51830/udp"
netmaker-ui:
container_name: netmaker-ui
image: gravitl/netmaker-ui:v0.17.0
depends_on:
- netmaker
links:
- "netmaker:api"
restart: always
environment:
BACKEND_URL: "https://api.netmaker.sa6anw.se"
caddy:
image: caddy:2.6.2
container_name: caddy
restart: unless-stopped
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_conf:/config
ports:
- "80:80"
- "443:443"
coredns:
container_name: coredns
image: coredns/coredns
command: -conf /root/dnsconfig/Corefile
depends_on:
- netmaker
restart: always
volumes:
- dnsconfig:/root/dnsconfig
mq:
container_name: mq
image: eclipse-mosquitto:2.0.15-openssl
depends_on:
- netmaker
restart: unless-stopped
command: ["/mosquitto/config/wait.sh"]
environment:
NETMAKER_SERVER_HOST: "https://api.netmaker.sa6anw.se"
volumes:
- ./mosquitto.conf:/mosquitto/config/mosquitto.conf
- ./wait.sh:/mosquitto/config/wait.sh
- mosquitto_data:/mosquitto/data
- mosquitto_logs:/mosquitto/log
volumes:
caddy_data: {}
caddy_conf: {}
sqldata: {}
dnsconfig: {}
mosquitto_data: {}
mosquitto_logs: {}
- Byt till din egen domän
- Sätt lång MASTER_KEY och MQ_ADMIN_PASSWORD
Du behöver också filen Caddyfile i samma folder med följande innehåll
{
# LetsEncrypt account
email sa6anw@gmail.com
}
# Dashboard
https://dashboard.netmaker.sa6anw.se {
# Apply basic security headers
header {
# Enable cross origin access to *.netmaker.sa6anw.se
Access-Control-Allow-Origin *.netmaker.sa6anw.se
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
X-Frame-Options "SAMEORIGIN"
# Prevent search engines from indexing
X-Robots-Tag "none"
# Remove the server name
-Server
}
reverse_proxy http://netmaker-ui
}
# API
https://api.netmaker.sa6anw.se {
reverse_proxy http://netmaker:8081
}
# MQ
wss://broker.netmaker.sa6anw.se {
reverse_proxy ws://mq:8883
}
- Samma sak här, byt till din domän och mailadress.
Som näst sista filen du behöver är wait.sh
#!/bin/ash
wait_for_netmaker() {
echo "SERVER: ${NETMAKER_SERVER_HOST}"
until curl --output /dev/null --silent --fail --head \
--location "${NETMAKER_SERVER_HOST}/api/server/health"; do
echo "Waiting for netmaker server to startup"
sleep 1
done
}
main(){
# wait for netmaker to startup
apk add curl
wait_for_netmaker
echo "Starting MQ..."
# Run the main container command.
/docker-entrypoint.sh
/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
}
main "${@}"
Till sist mosquitto.conf
per_listener_settings false
listener 8883
protocol websockets
allow_anonymous false
listener 1883
protocol websockets
allow_anonymous false
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/data/dynamic-security.json
Sen är det bara att köra docker-compose up -d
Modifiering
Jag har valt att bryta ut caddy så att jag kan köra fler tjänster med bara en publik IP.
Modifiera docker-compose.yaml på följande sätt
version: "3.4"
services:
netmaker:
container_name: netmaker
image: gravitl/netmaker:v0.17.0
cap_add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.all.forwarding=1
restart: always
volumes:
- dnsconfig:/root/config/dnsconfig
- sqldata:/root/data
- mosquitto_data:/etc/netmaker
environment:
SERVER_NAME: "broker.netmaker.sa6anw.se"
SERVER_HOST: "81.170.219.67"
SERVER_API_CONN_STRING: "api.netmaker.sa6anw.se:443"
COREDNS_ADDR: "81.170.219.67"
DNS_MODE: "on"
SERVER_HTTP_HOST: "api.netmaker.sa6anw.se"
API_PORT: "8081"
CLIENT_MODE: "on"
MASTER_KEY: "MasterKey"
CORS_ALLOWED_ORIGIN: "*"
DISPLAY_KEYS: "on"
DATABASE: "sqlite"
NODE_ID: "netmaker-server-1"
MQ_HOST: "mq"
MQ_PORT: "443"
MQ_SERVER_PORT: "1883"
HOST_NETWORK: "off"
VERBOSITY: "1"
MANAGE_IPTABLES: "on"
PORT_FORWARD_SERVICES: "dns"
MQ_ADMIN_PASSWORD: "AdminPassword"
ports:
- "51821-51830:51821-51830/udp"
+ - "8081:8081"
netmaker-ui:
container_name: netmaker-ui
image: gravitl/netmaker-ui:v0.17.0
depends_on:
- netmaker
links:
- "netmaker:api"
restart: always
environment:
BACKEND_URL: "https://api.netmaker.sa6anw.se"
+ ports:
+ - "8080:80"
- caddy:
- image: caddy:2.6.2
- container_name: caddy
- restart: unless-stopped
- volumes:
- - ./Caddyfile:/etc/caddy/Caddyfile
- - caddy_data:/data
- - caddy_conf:/config
- ports:
- - "80:80"
- - "443:443"
coredns:
container_name: coredns
image: coredns/coredns
command: -conf /root/dnsconfig/Corefile
depends_on:
- netmaker
restart: always
volumes:
- dnsconfig:/root/dnsconfig
mq:
container_name: mq
image: eclipse-mosquitto:2.0.15-openssl
depends_on:
- netmaker
restart: unless-stopped
command: ["/mosquitto/config/wait.sh"]
environment:
NETMAKER_SERVER_HOST: "https://api.netmaker.sa6anw.se"
volumes:
- ./mosquitto.conf:/mosquitto/config/mosquitto.conf
- ./wait.sh:/mosquitto/config/wait.sh
- mosquitto_data:/mosquitto/data
- mosquitto_logs:/mosquitto/log
+ ports:
+ - "8883:8883"
volumes:
caddy_data: {}
caddy_conf: {}
sqldata: {}
dnsconfig: {}
Filen Caddyfile kan du ta bort