Revisión de tailscale-vps-firewall.md

tiffmin revisó este gist 1745197643. Ir a la revisión

1 file changed, 1 insertion, 6 deletions

tailscale-vps-firewall.md

			@@ -102,9 +102,4 @@ ___
102	102
103	103		- Enable MagicDNS in the Tailscale admin panel for easier hostname-based access.
104	104
105		-	- You can add ACLs and device tags if you want to control access to certain machines.
106		-
107		-
108		-	___
109		-
110		-	Want me to help write a script to install Tailscale + firewall rules in one go?
	105	+	- You can add ACLs and device tags if you want to control access to certain machines.

tiffmin revisó este gist 1745197602. Ir a la revisión

1 file changed, 110 insertions

tailscale-vps-firewall.md(archivo creado)

		@@ -0,0 +1,110 @@
1	+	> Taken from ChatGPT
2	+
3	+
4	+	---
5	+	Perfect — Ubuntu 24.04 makes things really smooth. Here’s a more tailored version for you:
6	+
7	+	___
8	+
9	+	## 🧰 How to Set Up Tailscale + Secure Tunnel on Ubuntu 24.04 VPS
10	+
11	+	### 1. ✅ Install Tailscale on Your VPS
12	+
13	+	SSH into your VPS and run:
14	+
15	+	```bash
16	+	curl -fsSL https://tailscale.com/install.sh \| sh
17	+	sudo tailscale up
18	+	```
19	+
20	+	This will:
21	+
22	+	- Install Tailscale
23	+
24	+	- Prompt you to sign in via a browser (you can copy the link and open it locally)
25	+
26	+
27	+	After that, your VPS is in your Tailscale network.
28	+
29	+	___
30	+
31	+	### 2. 🧑💻 Install Tailscale on Your Local Machine
32	+
33	+	Do the same on your personal computer:
34	+
35	+	- Download Tailscale
36	+
37	+	- Sign in with the same account
38	+
39	+	- Run `tailscale up`
40	+
41	+
42	+	___
43	+
44	+	### 3. 🔎 Find Your VPS Tailscale IP or Name
45	+
46	+	After connecting both devices:
47	+
48	+	You’ll see something like:
49	+
50	+	```sql
51	+	vps-name 100.101.102.103 linux idle
52	+	```
53	+
54	+	You can now SSH into your VPS like:
55	+
56	+	```bash
57	+	ssh username@100.101.102.103
58	+	# Or
59	+	ssh username@vps-name.tailnet-name.ts.net
60	+	```
61	+
62	+	___
63	+
64	+	### 4. 🛡️ Lock Down Public SSH Access with UFW
65	+
66	+	This is the key part for keeping it secure while using a VPN:
67	+
68	+	#### Enable UFW and set it up:
69	+
70	+	```bash
71	+	sudo ufw default deny incoming
72	+	sudo ufw default allow outgoing
73	+	```
74	+
75	+	#### Allow SSH only from Tailscale IP range:
76	+
77	+	```bash
78	+	sudo ufw allow from 100.64.0.0/10 to any port 22 proto tcp
79	+	```
80	+
81	+	> `100.64.0.0/10` is the range used by Tailscale devices.
82	+
83	+	#### Enable UFW:
84	+
85	+	```bash
86	+	sudo ufw enable
87	+	sudo ufw status
88	+	```
89	+
90	+	Your VPS now:
91	+
92	+	- Rejects all public SSH access
93	+
94	+	- Accepts SSH only from your Tailscale-connected devices
95	+
96	+	- Doesn’t care if your IP changes via your main VPN
97	+
98	+
99	+	___
100	+
101	+	### 🧠 Pro Tips
102	+
103	+	- Enable MagicDNS in the Tailscale admin panel for easier hostname-based access.
104	+
105	+	- You can add ACLs and device tags if you want to control access to certain machines.
106	+
107	+
108	+	___
109	+
110	+	Want me to help write a script to install Tailscale + firewall rules in one go?

Siguiente Anterior