vault backup: 2024-09-19 00:04:19

.obsidian/workspace.json

@@ -4,19 +4,31 @@
     "type": "split",
     "children": [
       {
-        "id": "64a96c0c67857e4f",
+        "id": "33549a9e94d01066",
         "type": "tabs",
         "children": [
           {
-            "id": "9b32a86dad773267",
+            "id": "d2eabc498303ffdb",
             "type": "leaf",
             "state": {
               "type": "diff-view",
               "state": {
-                "file": "Home Server/Gitea.md",
+                "file": "Home Server/Network/nginx.md",
                 "staged": false
               }
             }
+          },
+          {
+            "id": "65b3c9572918b876",
+            "type": "leaf",
+            "state": {
+              "type": "markdown",
+              "state": {
+                "file": "Home Server/Network/nginx.md",
+                "mode": "source",
+                "source": true
+              }
+            }
           }
         ]
       }
@@ -151,8 +163,9 @@
       "command-palette:명령어 팔레트 열기": false
     }
   },
-  "active": "9b32a86dad773267",
+  "active": "d2eabc498303ffdb",
   "lastOpenFiles": [
+    "Home Server/Network/Wireguard.md",
     "Home Server/Network/nginx.md",
     "_흥미로운 것/개인 도메인.md",
     "Home Server/Network/DNS/CoreDNS.md",
@@ -178,7 +191,6 @@
     "SBC(Single-Board Computer)/ODROID H4+.md",
     "SBC(Single-Board Computer)/ODROID.md",
     "Home Server/Samba.md",
-    "Home Server/Network/DNS/Domain.md",
     "Home Server/Network/DNS",
     "Home Server/Network",
     "POE/3.25/resources/07.접두접미완성1-1.png",

Home Server/Network/Wireguard.md

@@ -0,0 +1,80 @@
+# 1. Install
+## 1.1. Directory structure
+
+```dirtree
+- /mnt/md0/infra
+    - /nginx
+        - /conf.d
+            - wg-easy.conf
+        - /etc.d
+            - ...
+    - /wg-easy
+    - .env
+    - compose.yml
+```
+
+## 1.2. Docker compose
+
+```yml
+name: infrastructure
+service:
+  nginx:
+      # ...
+
+  wg-easy:
+    image: ghcr.io/wg-easy/wg-easy
+    container_name: wg-easy
+    restart: always
+    environment:
+      - WG_HOST=wg.tuska298.dev # Server hostname
+      - PASSWORD_HASH=$$2a$$12$$xHJZ2bWZ7adZNYTDAWdJFuwEAhN3qzQY.ADTb3MLUubkjen9JMs9e # Web UI Password
+      # Generate Password hash : https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
+      - WG_PORT=51820
+      - PORT=51821
+      - LANG=ko
+      - WG_DEFAULT_DNS=192.168.200.10,1.1.1.1
+    volumes:
+      - ${BASE_PATH}/wg-easy:/etc/wireguard:rw
+    ports:
+      - "51820:51820/udp"
+      - "51821:51821/tcp"
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv4.ip_forward=1
+    networks:
+      - infra
+
+networks:
+  infra:
+    driver: bridge
+```
+
+## 1.3. /nginx/conf.d/wg-easy.conf
+
+```nginx
+server {
+    server_name wg.home.server;
+    
+    include /etc/nginx/etc.d/deny.lan.conf;
+    
+    location / {
+        proxy_pass http://wg-easy:51821/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+    }
+}
+```
+
+## 1.4. 공유기 포트포워딩
+udp 51820 포트 개방
+
+## 1.5. Cloudflare DNS 프록시 해제
+- Cloudflare Domain 구매 시 DNS 기능을 제공
+- 이 떄 DNS에 등록한 IP를 가리고 Cloudflare 서버 IP를 응답하는 프록시 기능을 자동으로 설정함
+- 하지만 Wireguard는 DNS의 응답 결과로 얻은 IP에 80/443 포트가 아닌 다른 포트로 접근하므로 프록시 기능이 정상 작동하지 않음
+- 따라서 Cloudflare DNS의 Wireguard용 subdomain은 프록시 기능을 해제해야 함

Home Server/Network/nginx.md

@@ -12,6 +12,7 @@
 ```
 
 ## 1.2. /.env
+
 ```
 BASE_PATH=/mnt/md0/infra
 ```