scottk/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-03-20 17:41:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
330cafbbe540cb3f2666fcff667712fe92603879
firezone/docs/docs/deploy/README.mdx
Jason G 5f6685c5aa General Docs Improvements (#1194) 
* docs: add logs and update troubleshooting

Updates the troubleshooting doc for Docker based deployments and adds a general logs doc with more info on what Firezone logs.

Also added a mention of Audit logs in beta to source more convos.

* docs: further Docker clarifications

Clarifying some troubleshooting guides that refer to firezone-ctl.

Not everyone arrives at the env-vars or config file through the deploy/configure guide. Some load these pages directly via search. Adding a more prominent note that it's for Omnibus based deploy.

* docs: add troubleshooting docs on locked out state

Adding a section on reseting admin passwords for both docker and omnibus deployments. I realize we removed the omnibus firezone-ctl reference. I won't add it back since I have no idea where to put it.

* docs: update split tunnel doc

Was originally going to write more about other ways you can achieve split tunneling with wireguard, but will leave that for now

* fix whitespace

* update split tunnel doc

* docs: add DNS considerations to split tunnel doc

https://github.com/firezone/product/issues/527

* update split tunnel doc

* further clarify split tunnel doc

* add note about on-demand feature

* Docs - Improve titles and descriptions (#1187)

* docs: update titles, descriptions

Changes:
- set more descriptive titles (better for readers and SEO)
- add meta descriptions
- convert titles to sentence case for consistency

* docs: small fixes

* fix trailing whitespaces

* fix spelling

* Apply suggestions from code review

Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>

* add descriptions to client instructions

Signed-off-by: Jason G <jason@firez.one>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>

* chore: update logs doc

* chore: apply suggestions from code review

Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>

* chore: line length and log description

* chore: rename debug logs

* chore: apply suggestions from code review

Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>

* Docs - Add draft whitelist sso doc (#1185)

* doc: adding whitelist sso doc

redo of https://github.com/firezone/firezone/pull/995

* docs: add seo titles

* docs: improve titles

* grammar fixes

* fix trailing whitespace

apparently my vscode plugin does not find trailing whitespace in front matter

* put doc in draftmode

* add note on wireguard client apps

* Revert "add note on wireguard client apps"

This reverts commit 9013ce1c3b1bcb8b825f0fcbb1c5fe7e050cae82.

* Apply suggestions from code review

Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>

Signed-off-by: Jason G <jason@firez.one>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>

* chore: apply suggestions from code review

Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>

* chore: Update docs/docs/user-guides/client-instructions.mdx

Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jason G <jason@firez.one>

* chore: update title capitalization and other small fixes

* Apply suggestions from code review

Signed-off-by: Jamil <jamilbk@users.noreply.github.com>

Signed-off-by: Jason G <jason@firez.one>
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
2022-12-18 21:07:11 -06:00

108 lines
3.8 KiB
Plaintext
Raw Blame History

---
title: Deploy
sidebar_position: 2
description:
Install Firezone's WireGuard®-based secure access platform on a support
host using our Docker (recommended) or Omnibus deployment methods.
---
# Deploy Firezone
Firezone can be deployed on most Docker-supported platforms in about a minute.
Read more below to get started.
## Deployment methods
You have two options for deploying Firezone:
1. [Docker](docker) (recommended)
1. [Omnibus](omnibus)
Docker is the easiest way to install, manage, and upgrade Firezone and is the
preferred method of deployment.
:::note
Chef Infra Client, the configuration system Chef Omnibus relies on, has been
[scheduled for End-of-Life in 2024](https://docs.chef.io/versions/). As such,
support for Omnibus-based deployments will be removed in a future version of
Firezone. To transition to Docker from Omnibus today, follow our [migration guide
](../administer/migrate).
:::
## Prepare to deploy
Regardless of which deployment method you choose, you'll need to follow the
preparation steps below before deploying Firezone to production.
1. [Create a DNS record](#create-a-dns-record)
1. [Set up SSL](#set-up-ssl)
1. [Open required firewall ports](#open-required-firewall-ports)
### Create a DNS record
Firezone requires a fully-qualified domain name (e.g. `firezone.company.com`)
for production use. You'll need to create the appropriate DNS record at your
registrar to achieve this. Typically this is either an A, CNAME, or AAAA record
depending on your requirements.
### Set up SSL
You'll need a valid SSL certificate to use Firezone in a production capacity.
Firezone supports ACME for automatic provisioning of SSL certificates for both
Docker-based and Omnibus-based installations. This is recommended in most cases.
<Tabs>
<TabItem value="docker" label="Docker" default>
#### Setting up ACME for Docker-based deployments
For Docker-based deployments, the simplest way to provision an SSL
certificate is to use our Caddy service example in docker-compose.yml.
Caddy uses ACME to automatically provision SSL certificates as long as
it's available on port 80/tcp and the DNS record for the server is valid.
See the [Docker deployment guide](docker) for more info.
</TabItem>
<TabItem value="omnibus" label="Omnibus">
For Omnibus-based deployments, ACME is disabled by default to maintain
compatibility with existing installations.
To enable ACME, ensure the following conditions are met:
* `80/tcp` is allow inbound
* The bundled Firezone `nginx` service is enabled and functioning
* You have a valid DNS record assigned to this instance's public IP
* The following 3 settings are configured in the [configuration file](../reference/configuration-file):
* `default['firezone']['external_url']`: The FQDN for the server.
* `default['firezone']['ssl']['email_address']`: The email that will be used
for the issued certificates.
* `default['firezone']['ssl']['acme']['enabled']`: Set this to true to enable it.
</TabItem>
</Tabs>
### Open required firewall ports
By default, Firezone requires ports `443/tcp` and `51820/udp` to be
accessible for HTTPS and WireGuard traffic respectively.
These ports can change based on what you've configured in the configuration file.
See the
[configuration file reference](../reference/configuration-file)
for details.
### Resource requirements
We recommend **starting with 1 vCPU and 1 GB of RAM and scaling up** as the
number of users and devices grows.
For Omnibus-based deployments on servers with less than 1GB of memory, we
recommend turning on swap to prevent the Linux kernel from killing
Firezone processes unexpectedly. When this happens, it's often difficult to
debug and results in strange, unpredictable failure modes.
For the VPN tunnels themselves, Firezone uses in-kernel WireGuard, so its
performance should be very good. 1 vCPU should be more than enough to saturate
a 1 Gbps link.
Reference in New Issue View Git Blame Copy Permalink