gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-02-25 08:34:47 +08:00
Code Issues Projects Releases Packages Wiki Activity

fixing output of nm-quick

Browse source
This commit is contained in:
afeiszli 2021-10-28 17:31:29 -04:00
parent 52643551fd
commit 8f5ac05211
3 changed files with 29 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
README.md
View file

@ -19,9 +19,6 @@
<a href="https://github.com/gravitl/netmaker/graphs/contributors">
<img src="https://img.shields.io/github/commit-activity/m/gravitl/netmaker?color=blue" />
</a>
<a href="https://gravitl.com/resources">
<img src="https://img.shields.io/badge/learning-resources-9cf" />
</a>
<a href="https://twitter.com/intent/follow?screen_name=gravitlcorp">
<img src="https://img.shields.io/twitter/follow/gravitlcorp?style=social" />
</a>
@ -43,7 +40,7 @@
**For an HA install using helm on k8s, visit the [Helm Repo](https://github.com/gravitl/netmaker-helm/).**
1. Get a cloud VM with Ubuntu 20.04 and a public IP.
2. Open ports 443, 53, and 51821-51830/udp on the VM firewall and in cloud security settings.
3. Run the script (see below for extra options):
3. Run the script **(see below for optional configurations)**:
`sudo wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/nm-quick.sh | bash`
@ -57,15 +54,15 @@ After installing Netmaker, check out the [Walkthrough](https://itnext.io/getting
### Optional configurations
**Deploy a "Hub-And-Spoke VPN" on the server**
a. This will configure a standard VPN (non-meshed) for private internet access.
b. `sudo wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/nm-quick.sh | bash -s -v true`
**Deploy a "Hub-And-Spoke VPN" on the server**
a. This will configure a standard VPN (non-meshed) for private internet access, with 10 clients (-c).
b. `sudo wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/nm-quick.sh | bash -s -- -v true -c 7`
**Specify Domain sand Email**
a. Make sure your wildcard domain is pointing towards the server ip.
b. `sudo wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/nm-quick.sh | bash -s -d mynetmaker.domain.com -e example@email.com`
**Specify Domain sand Email**
a. Make sure your wildcard domain is pointing towards the server ip.
b. `sudo wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/nm-quick.sh | bash -s -- -d mynetmaker.domain.com -e example@email.com`
**Script Options**
**Script Options**
```
./nm-quick
-d domain.example.com # specify a wildcard domain for netmaker to use (DNS must point to this server)
@ -92,6 +89,8 @@ b. `sudo wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/develop/s
- [Business (Subscription)](https://gravitl.com/plans/business)
- [Learning Resources](https://gravitl.com/resources)
## Disclaimer
[WireGuard](https://wireguard.com/) is a registered trademark of Jason A. Donenfeld.

9
docs/server-installation.rst
View file

@ -159,7 +159,9 @@ DNS Mode Setup
If you plan on running the server in DNS Mode, know that a `CoreDNS Server <https://coredns.io/manual/toc/>`_ will be installed. CoreDNS is a light-weight, fast, and easy-to-configure DNS server. It is recommended to bind CoreDNS to port 53 of the host system, and it will do so by default. The clients will expect the nameserver to be on port 53, and many systems have issues resolving a different port.
However, on your host system (for Netmaker), this may conflict with an existing process. On linux systems running systemd-resolved, there is likely a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. Be warned that this may have consequences for any existing private DNS configuration. The following was tested on Ubuntu 20.04 and should be run prior to deploying the docker containers.
However, on your host system (for Netmaker), this may conflict with an existing process. On linux systems running systemd-resolved, there is likely a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. Be warned that this may have consequences for any existing private DNS configuration.
With the latest docker-compose, it is not necessary to perform these steps. But if you are running the install and find that port 53 is blocked, you can perform the following steps, which were tested on Ubuntu 20.04 (these should be run prior to deploying the docker containers).
.. code-block::
@ -199,6 +201,11 @@ Assuming you have Docker and Docker Compose installed, you can just run the foll
sed -i s/HOST_IP/< Insert your-host IP Address Here >/g docker-compose.yml
docker-compose up -d`
Traefik Proxy
------------------------
To install with Traefik, rather than Nginx or the default Caddy, check out this repo: https://github.com/bsherman/netmaker-traefik
No DNS - CoreDNS Disabled
----------------------------------------------

26
scripts/nm-quick.sh
View file

@ -6,7 +6,7 @@ echo "setting flags..."
while getopts d:e:m:v:c: flag
do
case "${flag}" in
d) domain=${OPTARG};;
d) domain=${OPTARG};;
e) email=${OPTARG};;
m) addmesh=${OPTARG};;
v) addvpn=${OPTARG};;
@ -150,19 +150,18 @@ cat << "EOF"
\ \ \-. \ \ \ __\ \/_/\ \/ \ \ \-./\ \ \ \ __ \ \ \ _"-. \ \ __\ \ \ __<
\ \_\\"\_\ \ \_____\ \ \_\ \ \_\ \ \_\ \ \_\ \_\ \ \_\ \_\ \ \_____\ \ \_\ \_\
\/_/ \/_/ \/_____/ \/_/ \/_/ \/_/ \/_/\/_/ \/_/\/_/ \/_____/ \/_/ /_/
EOF
echo "visit dashboard.$NETMAKER_BASE_DOMAIN to log in"
echo""
sleep 2
setup_mesh() {
echo "creating default network (10.101.0.0/16)"
curl -d '{"addressrange":"10.101.0.0/16","netid":"default"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"default"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
sleep 2
@ -178,36 +177,32 @@ echo "configuring netmaker server as ingress gateway"
curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default)
SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
curl -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default/$SERVER_ID/createingress
curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default/$SERVER_ID/createingress
echo "finished configuring server and network. You can now add clients."
echo ""
echo ""
echo "For Linux and Mac clients, install with the following command:"
echo " curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/netclient-install.sh | sudo KEY=$ACCESS_TOKEN sh -"
echo ""
echo ""
echo "For Windows clients, perform the following from powershell, as administrator:"
echo " 1. Make sure WireGuardNT is installed - https://download.wireguard.com/windows-client/wireguard-installer.exe"
echo " 2. Download netclient.exe - wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.exe"
echo " 3. Install Netclient - powershell.exe .\\netclient.exe join -t $ACCESS_TOKEN"
echo " 4. Whitelist C:\ProgramData\Netclient in Windows Defender"
echo ""
echo ""
echo "For Android and iOS clients, perform the following steps:"
echo " 1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN"
echo " 2. Navigate to \"EXTERNAL CLIENTS\" tab"
echo " 3. Select the gateway and create clients"
echo " 4. Scan the QR Code from WireGuard app in iOS or Android"
echo ""
echo ""
echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
}
setup_vpn() {
echo "creating vpn network (10.201.0.0/16)"
curl -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
sleep 2
@ -216,7 +211,7 @@ echo "configuring netmaker server as vpn inlet..."
curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
curl -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/createingress
curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/createingress
echo "waiting 10 seconds for server to apply configuration..."
@ -238,7 +233,7 @@ EGRESS_JSON=$( jq -n \
echo "egress json: $EGRESS_JSON"
curl -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/creategateway
curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/creategateway
echo "creating client configs..."
@ -248,13 +243,11 @@ do
--arg clientid "vpnclient-$a" \
'{clientid: $clientid}' )
echo "client json: $CLIENT_JSON"
curl -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/extclients/vpn/$SERVER_ID
curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/extclients/vpn/$SERVER_ID
done
echo "finished configuring vpn server."
echo ""
echo ""
echo "To configure clients, perform the following steps:"
echo " 1. log into dashboard.$NETMAKER_BASE_DOMAIN"
echo " 2. Navigate to \"EXTERNAL CLIENTS\" tab"
@ -271,3 +264,6 @@ fi
if [ "${VPN_SETUP}" == "true" ]; then
setup_vpn
fi
echo ""
echo "Netmaker setup is now complete. You are ready to begin using Netmaker."