- I want to use FireZone in production on a vm without cloud providers and IaC tools
- Here's a variant of how to deploy self-hosted FireZone 1.x
- where deployed
- portal via docker
- gateway via systemd
- relay via systemd (+ extracted from docker image :sad:)
- where deployed
- Use official FireZone clients for connect:
https://www.firezone.dev/kb/user-guides- Don't forget to change the
Auth Base URLandAPI URLin the settings!
- Don't forget to change the
- Use
docker compose -f docker-compose.postgres.yml pulland restart all containers
- Two ways:
- Remove file "/usr/local/bin/firezone-gateway" and restart systemd service
- Service automatically redownload it
- Update it manually via download it from FireZone Changelog and put file to "/usr/local/bin/firezone-gateway"
- Remove file "/usr/local/bin/firezone-gateway" and restart systemd service
- You need manually reobtain file "/usr/local/bin/firezone-relay" from docker-image
- If you got something like below in the output of "systemctl status firezone-gateway" and install the gateway before the relay, try to restart the gateway.
INFO accept_connection{id=<id>}: snownet::node: Created new connection
INFO handle_timeout{id=<id>}: snownet::node: Connection failed (ICE timeout)
- FireZone uses relay to communicate with the portal, because of this it needs at least 2 relays
- Previously only one relay was installed, you need at least two relays to work properly after partial restart
- upstream issue: firezone/firezone#6648
- You can run the command below to migrate (if you have installed FireZone through this repository before)
bash <(curl -fsSL https://raw.githubusercontent.com/DoctorFTB/firezone-1.x-self-hosted/main/relay/two-relay-migrate.sh)
- add info about emails