#9 Started installation docs
parent
2fa0afd8f1
commit
279a461659
|
@ -0,0 +1,96 @@
|
|||
# Installing wagon
|
||||
|
||||
Before installing wagon, the server needs to be set up with the following basic services:
|
||||
|
||||
- wireguard
|
||||
- bind9
|
||||
- openssl ca
|
||||
|
||||
Theoretically, wireguard, bind9, and wagon could all live in docker containers, or none of them. If wagon is in docker but either wireguard or bind9 *aren't*, then the wagon container has to use `host` network mode.
|
||||
|
||||
Almost all commands in this guide need to be run as root/admin.
|
||||
|
||||
|
||||
## 1. Wireguard
|
||||
|
||||
On the server, [install wireguard](https://www.wireguard.com/install/). Then modify and run these commands to set some variables:
|
||||
|
||||
```sh
|
||||
# Choose a short lowercase name for the network
|
||||
net_name=mynet
|
||||
# Choose a number (between 2 and 254) for the network
|
||||
net_num=99
|
||||
# Find an unused UDP port between 1024 and 65535
|
||||
srv_listenport=58395
|
||||
```
|
||||
|
||||
Create the wireguard interface
|
||||
|
||||
```sh
|
||||
srv_privkey="$(wg genkey)"
|
||||
psk="$(wg genpsk)"
|
||||
ip link add dev "${net_name}" type wireguard
|
||||
ip addr add dev "${net_name}" "10.${net_num}.0.1/8"
|
||||
echo "${srv_privkey}" | wg set "${net_name}" listen-port "${srv_listenport}" private-key /dev/stdin
|
||||
ip link set up dev "${net_name}"
|
||||
```
|
||||
|
||||
Get the server's public key and psk (copy the output of these command)
|
||||
|
||||
```sh
|
||||
wg pubkey <<<"${srv_privkey}"
|
||||
XXXXXXXXXXXXXX
|
||||
echo "${psk}"
|
||||
YYYYYYYYYYYYYY
|
||||
```
|
||||
|
||||
Now on your first client, install wireguard and set these variables:
|
||||
|
||||
```sh
|
||||
net_name=mynet # Match what's on the server
|
||||
net_num=99 # Match what's on the server
|
||||
srv_listenport=58395 # Match what's on the server
|
||||
srv_pubkey='XXXXXXXXXXXXXX' # The public key we copied above
|
||||
psk='YYYYYYYYYYYYYY' # The psk we copied above
|
||||
srv_endpoint='1.2.3.4' # The server's public IP address
|
||||
```
|
||||
|
||||
Create the interface on the client and add the server as a peer:
|
||||
|
||||
```sh
|
||||
our_privkey="$(wg genkey)"
|
||||
ip link add dev "${net_name}" type wireguard
|
||||
ip addr add dev "${net_name}" "10.${net_num}.1.1/8"
|
||||
echo "${our_privkey}" | wg set "${net_name}" private-key /dev/stdin \
|
||||
peer "${srv_pubkey}" allowed-ips "10.0.0.0/8" endpoint "${srv_endpoint}:${srv_listenport}" persistent-keepalive 25
|
||||
ip link set up dev "${net_name}"
|
||||
```
|
||||
|
||||
Now grab the client's pubkey:
|
||||
|
||||
```sh
|
||||
wg pubkey <<<"${our_privkey}"
|
||||
ZZZZZZZZZZZZZZ
|
||||
```
|
||||
|
||||
Go back to the server and add the client as a peer:
|
||||
|
||||
```sh
|
||||
our_pubkey='ZZZZZZZZZZZZZZ' # From the client
|
||||
wg set "${net_name}" peer "${our_pubkey}" allowed-ips "10.${net_num}.1.1/32"
|
||||
```
|
||||
|
||||
Make sure the client can ping the server with `ping 10.${net_num}.0.1` and the server can ping the client with `ping 10.${net_num}.1.1`. If that's working, proceed to the next section.
|
||||
|
||||
|
||||
## 2. bind9
|
||||
|
||||
TODO
|
||||
|
||||
## 3. Certificate authority
|
||||
|
||||
TODO
|
||||
|
||||
## 4. Wagon
|
||||
|
||||
TODO
|
|
@ -116,6 +116,10 @@ The wireguard dashboard and admin are in a working alpha state. I have it implem
|
|||
|
||||
*binaries compiled from languages like c/rust/go/haskell, as long as SDKs are available.
|
||||
|
||||
## Installation
|
||||
|
||||
You want to use this half-built product on your server at your own risk? Fine, go right ahead! Take a look at [INSTALL.md](INSTALL.md). If you have trouble, ask for help in the matrix room below.
|
||||
|
||||
## Contributing
|
||||
|
||||
If you think you can help with any of these bulletpoints, come by [#wagon:gf4.pw](https://matrix.to/#/#wagon:gf4.pw) on matrix.
|
||||
|
|
Loading…
Reference in New Issue