mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
f5c1b5a78e
With this patch, the relay exposes a `--json` and `JSON_LOG` env variable that will activate logs in JSON format the way it is expected by google cloud: https://cloud.google.com/logging/docs/structured-logging In addition, we make use of spans to record contextual information as first-class variables that are available in the context of every message. An example output here is: ``` {"time":"2023-07-06T19:54:42.643694430Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"156"},"severity":"INFO","message":"Seeding RNG from '0'"} {"time":"2023-07-06T19:54:42.644408014Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"130"},"severity":"INFO","message":"Listening for incoming traffic on UDP port 3478"} {"time":"2023-07-06T19:54:42.843247996Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"417"},"span":{"lifetime":"600","name":"allocate"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"0531a911a24d1e5297b94cb2","name":"client"},{"lifetime":"600","name":"allocate"}],"severity":"INFO","ip4RelayAddress":"127.0.0.1:65460","message":"Created new allocation"} {"time":"2023-07-06T19:54:42.851623041Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"569"},"span":{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"e99e07e482789cdc30bd2b50","name":"client"},{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"}],"severity":"INFO","message":"Successfully bound channel"} {"time":"2023-07-06T19:54:42.852889208Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"288"},"span":{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"},"spans":[{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"}],"severity":"DEBUG","message":"Relaying 32 bytes"} {"time":"2023-07-06T19:54:42.854625857Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"619"},"span":{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"},"spans":[{"sender":"127.0.0.1:46406","name":"client"},{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"}],"severity":"DEBUG","message":"Relaying 32 bytes"} ``` For some reason, the current `span` is always duplicated but I don't think that is a big issue. When run using the regular log formatter, it looks like this: ``` 2023-07-06T20:02:33.939273Z INFO relay: Seeding RNG from '0' 2023-07-06T20:02:33.940153Z INFO relay: Listening for incoming traffic on UDP port 3478 2023-07-06T20:02:34.135801Z INFO client{sender=127.0.0.1:33919 transaction_id="7092a2363377709cd18b9d98"}:allocate{lifetime=600}: relay: Created new allocation ip4_relay_address=127.0.0.1:65460 2023-07-06T20:02:34.144833Z INFO client{sender=127.0.0.1:33919 transaction_id="4e1a18e58953242c92a075a3"}:channel_bind{requested_channel=16384 peer_address=127.0.0.1:47859 allocation="AID-1"}: relay: Successfully bound channel 2023-07-06T20:02:34.145501Z DEBUG peer{sender=127.0.0.1:47859 allocation_id=AID-1 recipient=127.0.0.1:33919 channel=16384}: relay: Relaying 32 bytes 2023-07-06T20:02:34.146863Z DEBUG client{sender=127.0.0.1:33919}:channel_data{channel=16384 recipient=127.0.0.1:47859}: relay: Relaying 32 bytes ``` This provides lots of contextual information in a DRY and easily parse-able way. --------- Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Firezone is a self-hosted VPN server and Linux firewall
- Manage remote access through an intuitive web interface and CLI utility.
- Deploy on your own infrastructure to keep control of your network traffic.
- Built on WireGuard® to be stable, performant, and lightweight.
Get Started
Follow our deploy guide to install your self-hosted instance of Firezone.
Or, if you're on a supported platform, try our auto-install script.
Using Firezone in production at your organization? Take a look at our Enterprise Plan.
Features
- Fast: Uses WireGuard® to be 3-4 times faster than OpenVPN.
- SSO Integration: Authenticate using any identity provider with an OpenID Connect (OIDC) connector.
- Containerized: All dependencies are bundled via Docker.
- Simple: Takes minutes to set up. Manage via a simple CLI.
- Secure: Runs unprivileged. HTTPS enforced. Encrypted cookies.
- Firewall included: Uses Linux nftables to block unwanted egress traffic.
Anti-features
Firezone is not:
- An inbound firewall
- A tool for creating mesh networks
- A full-featured router
- An IPSec or OpenVPN server
Documentation
Additional documentation on general usage, troubleshooting, and configuration can be found at https://docs.firezone.dev.
Get Help
If you're looking for help installing, configuring, or using Firezone, check our community support options:
- Discussion Forums: Ask questions, report bugs, and suggest features.
- Public Slack Group: Join live discussions, meet other users, and get to know the contributors.
- Open a PR: Contribute a bugfix or make a contribution to Firezone.
If you need help deploying or maintaining Firezone for your business, consider contacting us about our paid support plan.
Star History
Package Repository
Package repository hosting is graciously provided by Cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.
Developing and Contributing
See CONTRIBUTING.md.
Security
See SECURITY.md.
License
See LICENSE.
WireGuard® is a registered trademark of Jason A. Donenfeld.