wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-11 11:47:08 +02:00
Code Issues Projects Releases Wiki Activity
algo/docs/deploy-from-script-or-cloud-init-to-localhost.md
Jack Ivanov 8bdd99c05d Refactor to support Ansible 2.8 (#1549) 
* bump ansible to 2.8.3

* DigitalOcean: move to the latest modules

* Add Hetzner Cloud

* Scaleway and Lightsail fixes

* lint missing roles

* Update roles/cloud-hetzner/tasks/main.yml

Add api_token

Co-Authored-By: phaer <phaer@phaer.org>

* Update roles/cloud-hetzner/tasks/main.yml

Add api_token

Co-Authored-By: phaer <phaer@phaer.org>

* Try to run apt until succeeded

* Scaleway modules upgrade

* GCP: Refactoring, remove deprecated modules

* Doc updates (#1552)

* Update README.md

Adding links and mentions of Exoscale aka CloudStack and Hetzner Cloud.

* Update index.md

Add the Hetzner Cloud to the docs index

* Remove link to Win 10 IPsec instructions

* Delete client-windows.md

Unnecessary since the deprecation of IPsec for Win10.

* Update deploy-from-ansible.md

Added sections and required variables for CloudStack and Hetzner Cloud.

* Update deploy-from-ansible.md

Added sections for CloudStack and Hetzner, added req variables and examples, mentioned environment variables, and added links to the provider role section.

* Update deploy-from-ansible.md

Cosmetic changes to links, fix typo.

* Update GCE variables

* Update deploy-from-script-or-cloud-init-to-localhost.md

Fix a finer point, and make variables list more readable.

* update azure requirements

* Python3 draft

* set LANG=c to the p12 password generation task

* Update README

* Install cloud requirements to the existing venv

* FreeBSD fix

* env->.env fixes

* lightsail_region_facts fix

* yaml syntax fix

* Update README for Python 3 (#1564)

* Update README for Python 3

* Remove tabs and tweak instructions

* Remove cosmetic command indentation

* Update README.md

* Update README for Python 3 (#1565)

* DO fix for "found unpermitted parameters: id"

* Verify Python version

* Remove ubuntu 16.04 from readme

* Revert back DigitalOcean module

* Update deploy-from-script-or-cloud-init-to-localhost.md

* env to .env
2019-09-28 08:10:20 +08:00

3.9 KiB
Raw Blame History

Deploy from script or cloud-init

You can use install.sh to prepare the environment and deploy AlgoVPN on the local Ubuntu server in one shot using cloud-init, or run the script directly on the server after it's been created.

The script doesn't configure any parameters in your cloud, so it's on your own to configure related firewall rules, a floating ip address and other resources you may need. The output of the install script (including the p12 and CA passwords) and user config files will be installed into the /opt/algo directory.

Cloud init deployment

You can copy-paste the snippet below to the user data (cloud-init or startup script) field when creating a new server.

For now this has only been successfully tested on DigitalOcean, Amazon EC2 and Lightsail, Google Cloud, Azure and Vultr, although Vultr doesn't officially support cloud-init.

#!/bin/bash
curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x

The command will prepare the environment and install AlgoVPN with the default parameters below. If you want to modify the behavior you may define additional variables.

Variables

  • METHOD: which method of the deployment to use. Possible values are local and cloud. Default: cloud. The cloud method is intended to use in cloud-init deployments only. If you are not using cloud-init to deploy the server you have to use the local method.

  • ONDEMAND_CELLULAR: "Connect On Demand" when connected to cellular networks. Boolean. Default: false.

  • ONDEMAND_WIFI: "Connect On Demand" when connected to Wi-Fi. Default: false.

  • ONDEMAND_WIFI_EXCLUDE: List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand". Comma-separated list.

  • STORE_PKI: To retain the PKI. (required to add users in the future, but less secure). Default: false.

  • DNS_ADBLOCKING: To install an ad blocking DNS resolver. Default: false.

  • SSH_TUNNELING: Enable SSH tunneling for each user. Default: false.

  • ENDPOINT: The public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate). It will be gathered automatically for DigitalOcean, AWS, GCE, Azure or Vultr if the METHOD is cloud. Otherwise you need to define this variable according to your public IP address.

  • USERS: list of VPN users. Comma-separated list. Default: user1.

  • REPO_SLUG: Owner and repository that used to get the installation scripts from. Default: trailofbits/algo.

  • REPO_BRANCH: Branch for REPO_SLUG. Default: master.

  • EXTRA_VARS: Additional extra variables.

  • ANSIBLE_EXTRA_ARGS: Any available ansible parameters. ie: --skip-tags apparmor.

Examples

How to customise a cloud-init deployment by variables
#!/bin/bash
export ONDEMAND_CELLULAR=true
export SSH_TUNNELING=true
curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x
How to deploy locally without using cloud-init
export METHOD=local
export ONDEMAND_CELLULAR=true
export ENDPOINT=[your server's IP here]
curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x
How to deploy a server using arguments

The arguments order as per variables above

curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x -s local true false _null true true true true myvpnserver.com phone,laptop,desktop