diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 6351dec..ef2ac89 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -4,19 +4,31 @@ "type": "split", "children": [ { - "id": "64a96c0c67857e4f", + "id": "33549a9e94d01066", "type": "tabs", "children": [ { - "id": "9b32a86dad773267", + "id": "d2eabc498303ffdb", "type": "leaf", "state": { "type": "diff-view", "state": { - "file": "Home Server/Gitea.md", + "file": "Home Server/Network/nginx.md", "staged": false } } + }, + { + "id": "65b3c9572918b876", + "type": "leaf", + "state": { + "type": "markdown", + "state": { + "file": "Home Server/Network/nginx.md", + "mode": "source", + "source": true + } + } } ] } @@ -151,8 +163,9 @@ "command-palette:명령어 팔레트 열기": false } }, - "active": "9b32a86dad773267", + "active": "d2eabc498303ffdb", "lastOpenFiles": [ + "Home Server/Network/Wireguard.md", "Home Server/Network/nginx.md", "_흥미로운 것/개인 도메인.md", "Home Server/Network/DNS/CoreDNS.md", @@ -178,7 +191,6 @@ "SBC(Single-Board Computer)/ODROID H4+.md", "SBC(Single-Board Computer)/ODROID.md", "Home Server/Samba.md", - "Home Server/Network/DNS/Domain.md", "Home Server/Network/DNS", "Home Server/Network", "POE/3.25/resources/07.접두접미완성1-1.png", diff --git a/Home Server/Network/Wireguard.md b/Home Server/Network/Wireguard.md new file mode 100644 index 0000000..a7204d2 --- /dev/null +++ b/Home Server/Network/Wireguard.md @@ -0,0 +1,80 @@ +# 1. Install +## 1.1. Directory structure + +```dirtree +- /mnt/md0/infra + - /nginx + - /conf.d + - wg-easy.conf + - /etc.d + - ... + - /wg-easy + - .env + - compose.yml +``` + +## 1.2. Docker compose + +```yml +name: infrastructure +service: + nginx: + # ... + + wg-easy: + image: ghcr.io/wg-easy/wg-easy + container_name: wg-easy + restart: always + environment: + - WG_HOST=wg.tuska298.dev # Server hostname + - PASSWORD_HASH=$$2a$$12$$xHJZ2bWZ7adZNYTDAWdJFuwEAhN3qzQY.ADTb3MLUubkjen9JMs9e # Web UI Password + # Generate Password hash : https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md + - WG_PORT=51820 + - PORT=51821 + - LANG=ko + - WG_DEFAULT_DNS=192.168.200.10,1.1.1.1 + volumes: + - ${BASE_PATH}/wg-easy:/etc/wireguard:rw + ports: + - "51820:51820/udp" + - "51821:51821/tcp" + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv4.ip_forward=1 + networks: + - infra + +networks: + infra: + driver: bridge +``` + +## 1.3. /nginx/conf.d/wg-easy.conf + +```nginx +server { + server_name wg.home.server; + + include /etc/nginx/etc.d/deny.lan.conf; + + location / { + proxy_pass http://wg-easy:51821/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } +} +``` + +## 1.4. 공유기 포트포워딩 +udp 51820 포트 개방 + +## 1.5. Cloudflare DNS 프록시 해제 +- Cloudflare Domain 구매 시 DNS 기능을 제공 +- 이 떄 DNS에 등록한 IP를 가리고 Cloudflare 서버 IP를 응답하는 프록시 기능을 자동으로 설정함 +- 하지만 Wireguard는 DNS의 응답 결과로 얻은 IP에 80/443 포트가 아닌 다른 포트로 접근하므로 프록시 기능이 정상 작동하지 않음 +- 따라서 Cloudflare DNS의 Wireguard용 subdomain은 프록시 기능을 해제해야 함 \ No newline at end of file diff --git a/Home Server/Network/nginx.md b/Home Server/Network/nginx.md index 45a3a22..fb796d6 100644 --- a/Home Server/Network/nginx.md +++ b/Home Server/Network/nginx.md @@ -12,6 +12,7 @@ ``` ## 1.2. /.env + ``` BASE_PATH=/mnt/md0/infra ```