hhf/cloudpanel-tailscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
7 commits 1 branch 0 tags 35 KiB
Shell 100%
Find a file
hhf 442ed95fb3 Update setup-tailscale.sh
2025-01-30 15:45:26 +05:30
README.md Update README.md 2024-12-07 23:43:17 +05:30
setup-tailscale.sh Update setup-tailscale.sh 2025-01-30 15:45:26 +05:30

README.md

Let me explain each step of this script and what it does:

  1. Script Setup

    • The set -e command makes the script exit if any command fails
    • We create a helper function check_status to show clear success/failure messages

  2. System Update (Lines 16-19)

    • Updates the package list and upgrades all installed packages
    • This ensures your system is up-to-date before installing new software

  3. Installing Tailscale (Lines 21-24)

    • Downloads and runs the official Tailscale installation script
    • Tailscale is a VPN service that makes your devices act like they're on the same private network

  4. Starting Tailscale (Lines 26-29)

    • Runs tailscale up which starts the Tailscale service
    • This will show a login URL you need to visit to authenticate your device
    • After authentication, your device joins your Tailscale network

  5. Getting Tailscale IP (Lines 31-32)

    • Gets your device's Tailscale IP address
    • This IP will be used to restrict services to only listen on the Tailscale network

  6. SSH Configuration (Lines 34-52)

    • Backs up your original SSH configuration
    • Creates a new SSH config that only listens on your Tailscale IP
    • This means SSH will only be accessible through Tailscale
    • SFTP uses the same port as SSH (22), so it's also restricted

  7. CloudPanel Configuration (Lines 59-65)

    • Backs up the original CloudPanel nginx configuration
    • Updates the configuration to only listen on the Tailscale IP
    • This restricts the CloudPanel web interface (port 8443) to Tailscale access only

  8. Firewall Configuration (Lines 68-73)

    • Sets up UFW (Uncomplicated Firewall) rules
    • Denies all incoming traffic by default
    • Allows all outgoing traffic
    • Only allows incoming traffic on the Tailscale interface

  9. Final Summary (Lines 75-88)

    • Shows a summary of what was configured
    • Displays the new addresses for accessing your services
    • Reminds you where to find backup files

Important Notes for Users:

  1. Run this script as root or with sudo
  2. When you run tailscale up, you'll need to authenticate via a web browser
  3. Make sure you can still access your server through Tailscale before logging out
  4. Keep the backup files in case you need to restore the original configuration
  5. The script assumes you're using Ubuntu/Debian - some modifications might be needed for other distributions

To use this script:

  1. Save it to a file (e.g., setup-tailscale.sh)
  2. Make it executable: chmod +x setup-tailscale.sh
  3. Run it: sudo ./setup-tailscale.sh

After running the script, you'll only be able to access:

  • SSH/SFTP through your Tailscale IP on port 22
  • CloudPanel through your Tailscale IP on port 8443 (https)
  • No other external access will be allowed

You dont have to alter your VPS or any other Firewall

Once you test it throughly you can remove your firewall port holes for the respective 22 and 8443 ports

 _____     _ _ ____            _        ____  _             _    
|_   _|_ _(_) / ___|  ___ __ _| | ___  / ___|| |_ __ _  ___| | __
  | |/ _` | | \___ \ / __/ _` | |/ _ \ \___ \| __/ _` |/ __| |/ /
  | | (_| | | |___) | (_| (_| | |  __/  ___) | || (_| | (__|   < 
  |_|\__,_|_|_|____/ \___\__,_|_|\___| |____/ \__\__,_|\___|_|\_\