search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.5k stars 552 forks source link

Internal only? FYI #552

Closed bcookatpcsd closed 2 years ago

bcookatpcsd commented 2 years ago

I wanted to have this internal only..

I modified the Caddyfile

{
    # LetsEncrypt account
    email name@domain42.dom
        debug
        admin off
        ocsp_stapling off
        on_demand_tls {
                interval 2m
                burst 10
        }
        default_sni nm.192-168-10-100.nip.io
}

# Dashboard
https://dashboard.nm.192-168-10-100.nip.io {
    reverse_proxy http://127.0.0.1:8082
        tls internal
}

# API
https://api.nm.192-168-10-100.nip.io {
    reverse_proxy http://127.0.0.1:8081
        tls internal
}

# gRPC
https://grpc.nm.192-168-10-100.nip.io {
    reverse_proxy h2c://127.0.0.1:50051
        tls internal
}

./nm-quick.sh -v true -m false -e name@domain42.dom -c 5 -d nm.192-168-10-100.nip.io

Also I removed the dpkg section as I was getting this to work on Fedora.. 

--- nm-quick.sh-orig    2021-12-14 14:50:25.253017551 -0500
+++ nm-quick.sh 2021-12-14 14:51:04.500842012 -0500
@@ -50,31 +50,9 @@
        dnf update
 fi

-dependencies=("docker.io" "docker-compose" "wireguard" "jq")

-for dependency in ${dependencies[@]}; do
-    is_installed=$(dpkg-query -W --showformat='${Status}\n' ${dependency} | grep "install ok installed")
-
-    if [ "${is_installed}" == "install ok installed" ]; then
-        echo "    " ${dependency} is installed
-    else
-            echo "    " ${dependency} is not installed. Attempting install.
-            ${install_cmd} ${dependency}
-            sleep 5
-            is_installed=$(dpkg-query -W --showformat='${Status}\n' ${dependency} | grep "install ok installed")
-            if [ "${is_installed}" == "install ok installed" ]; then
-                echo "    " ${dependency} is installed
-            elif [ -x "$(command -v ${dependency})" ]; then
-                echo "    " ${dependency} is installed
-            else
-                echo "    " failed to install ${dependency}. Exiting.
-                exit 1
-            fi
-    fi
-done
-
 set -e

 NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
afeiszli commented 2 years ago

Hi @bcookatpcsd, main thing to keep in mind when running server internally is that UDP Hole Punching will not work (known issue). This should not be necessary for internal networks anyway, so just leave that off. Look through the env vars in the docker-compose.yml and make sure they're all pointed towards the internal addresses.

bcookatpcsd commented 2 years ago

That is for mesh network-to-network specific correct? If I was doing hub and spoke or traditional vpn concentrator.. that doesn't apply right? (I'm still working on getting wg going.. )

https://dashboard.nm.192-168-10-100.nip.io/networks/vpn/edit and then default here is 51821..

Then I'm trying to nat that to gravitl/netmaker:v0.9.2 on the docker host..

RIght?

afeiszli commented 2 years ago

Hmmm...you're trying to do a hub-and-spoke network (traditional VPN) with the server on your home network? Not sure I understand the use case for that...since it will still use your home IP...you'd usually want a cloud VPS for this.

afeiszli commented 2 years ago

@bcookatpcsd closing as there has not been an update