tiffmin gist felülvizsgálása . Revízióhoz ugrás
1 file changed, 1 insertion, 6 deletions
tailscale-vps-firewall.md
| @@ -102,9 +102,4 @@ ___ | |||
| 102 | 102 | ||
| 103 | 103 | - Enable MagicDNS in the Tailscale admin panel for easier hostname-based access. | |
| 104 | 104 | ||
| 105 | - | - You can add ACLs and device tags if you want to control access to certain machines. | |
| 106 | - | ||
| 107 | - | ||
| 108 | - | ___ | |
| 109 | - | ||
| 110 | - | Want me to help write a script to install Tailscale + firewall rules in one go? | |
| 105 | + | - You can add ACLs and device tags if you want to control access to certain machines. | |
tiffmin gist felülvizsgálása . Revízióhoz ugrás
1 file changed, 110 insertions
tailscale-vps-firewall.md(fájl létrehozva)
| @@ -0,0 +1,110 @@ | |||
| 1 | + | > Taken from ChatGPT | |
| 2 | + | ||
| 3 | + | ||
| 4 | + | --- | |
| 5 | + | Perfect — Ubuntu 24.04 makes things really smooth. Here’s a more tailored version for you: | |
| 6 | + | ||
| 7 | + | ___ | |
| 8 | + | ||
| 9 | + | ## 🧰 How to Set Up Tailscale + Secure Tunnel on Ubuntu 24.04 VPS | |
| 10 | + | ||
| 11 | + | ### 1. ✅ **Install Tailscale on Your VPS** | |
| 12 | + | ||
| 13 | + | SSH into your VPS and run: | |
| 14 | + | ||
| 15 | + | ```bash | |
| 16 | + | curl -fsSL https://tailscale.com/install.sh | sh | |
| 17 | + | sudo tailscale up | |
| 18 | + | ``` | |
| 19 | + | ||
| 20 | + | This will: | |
| 21 | + | ||
| 22 | + | - Install Tailscale | |
| 23 | + | ||
| 24 | + | - Prompt you to sign in via a browser (you can copy the link and open it locally) | |
| 25 | + | ||
| 26 | + | ||
| 27 | + | After that, your VPS is in your Tailscale network. | |
| 28 | + | ||
| 29 | + | ___ | |
| 30 | + | ||
| 31 | + | ### 2. 🧑💻 **Install Tailscale on Your Local Machine** | |
| 32 | + | ||
| 33 | + | Do the same on your personal computer: | |
| 34 | + | ||
| 35 | + | - Download Tailscale | |
| 36 | + | ||
| 37 | + | - Sign in with the same account | |
| 38 | + | ||
| 39 | + | - Run `tailscale up` | |
| 40 | + | ||
| 41 | + | ||
| 42 | + | ___ | |
| 43 | + | ||
| 44 | + | ### 3. 🔎 **Find Your VPS Tailscale IP or Name** | |
| 45 | + | ||
| 46 | + | After connecting both devices: | |
| 47 | + | ||
| 48 | + | You’ll see something like: | |
| 49 | + | ||
| 50 | + | ```sql | |
| 51 | + | vps-name 100.101.102.103 linux idle | |
| 52 | + | ``` | |
| 53 | + | ||
| 54 | + | You can now SSH into your VPS like: | |
| 55 | + | ||
| 56 | + | ```bash | |
| 57 | + | ssh username@100.101.102.103 | |
| 58 | + | # Or | |
| 59 | + | ssh username@vps-name.tailnet-name.ts.net | |
| 60 | + | ``` | |
| 61 | + | ||
| 62 | + | ___ | |
| 63 | + | ||
| 64 | + | ### 4. 🛡️ **Lock Down Public SSH Access with UFW** | |
| 65 | + | ||
| 66 | + | This is the key part for keeping it secure while using a VPN: | |
| 67 | + | ||
| 68 | + | #### Enable UFW and set it up: | |
| 69 | + | ||
| 70 | + | ```bash | |
| 71 | + | sudo ufw default deny incoming | |
| 72 | + | sudo ufw default allow outgoing | |
| 73 | + | ``` | |
| 74 | + | ||
| 75 | + | #### Allow SSH **only** from Tailscale IP range: | |
| 76 | + | ||
| 77 | + | ```bash | |
| 78 | + | sudo ufw allow from 100.64.0.0/10 to any port 22 proto tcp | |
| 79 | + | ``` | |
| 80 | + | ||
| 81 | + | > `100.64.0.0/10` is the range used by Tailscale devices. | |
| 82 | + | ||
| 83 | + | #### Enable UFW: | |
| 84 | + | ||
| 85 | + | ```bash | |
| 86 | + | sudo ufw enable | |
| 87 | + | sudo ufw status | |
| 88 | + | ``` | |
| 89 | + | ||
| 90 | + | Your VPS now: | |
| 91 | + | ||
| 92 | + | - Rejects all public SSH access | |
| 93 | + | ||
| 94 | + | - Accepts SSH only from your Tailscale-connected devices | |
| 95 | + | ||
| 96 | + | - Doesn’t care if your IP changes via your main VPN | |
| 97 | + | ||
| 98 | + | ||
| 99 | + | ___ | |
| 100 | + | ||
| 101 | + | ### 🧠 Pro Tips | |
| 102 | + | ||
| 103 | + | - Enable MagicDNS in the Tailscale admin panel for easier hostname-based access. | |
| 104 | + | ||
| 105 | + | - You can add ACLs and device tags if you want to control access to certain machines. | |
| 106 | + | ||
| 107 | + | ||
| 108 | + | ___ | |
| 109 | + | ||
| 110 | + | Want me to help write a script to install Tailscale + firewall rules in one go? | |
Újabb
Régebbi