Add README.md
This commit is contained in:
parent
6723ed92d6
commit
ac1e8a1a24
1 changed files with 63 additions and 0 deletions
63
README.md
Normal file
63
README.md
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
Let me explain each step of this script and what it does:
|
||||
|
||||
1. **Script Setup**
|
||||
- The `set -e` command makes the script exit if any command fails
|
||||
- We create a helper function `check_status` to show clear success/failure messages
|
||||
|
||||
2. **System Update (Lines 16-19)**
|
||||
- Updates the package list and upgrades all installed packages
|
||||
- This ensures your system is up-to-date before installing new software
|
||||
|
||||
3. **Installing Tailscale (Lines 21-24)**
|
||||
- Downloads and runs the official Tailscale installation script
|
||||
- Tailscale is a VPN service that makes your devices act like they're on the same private network
|
||||
|
||||
4. **Starting Tailscale (Lines 26-29)**
|
||||
- Runs `tailscale up` which starts the Tailscale service
|
||||
- This will show a login URL you need to visit to authenticate your device
|
||||
- After authentication, your device joins your Tailscale network
|
||||
|
||||
5. **Getting Tailscale IP (Lines 31-32)**
|
||||
- Gets your device's Tailscale IP address
|
||||
- This IP will be used to restrict services to only listen on the Tailscale network
|
||||
|
||||
6. **SSH Configuration (Lines 34-52)**
|
||||
- Backs up your original SSH configuration
|
||||
- Creates a new SSH config that only listens on your Tailscale IP
|
||||
- This means SSH will only be accessible through Tailscale
|
||||
- SFTP uses the same port as SSH (22), so it's also restricted
|
||||
|
||||
7. **CloudPanel Configuration (Lines 59-65)**
|
||||
- Backs up the original CloudPanel nginx configuration
|
||||
- Updates the configuration to only listen on the Tailscale IP
|
||||
- This restricts the CloudPanel web interface (port 8443) to Tailscale access only
|
||||
|
||||
8. **Firewall Configuration (Lines 68-73)**
|
||||
- Sets up UFW (Uncomplicated Firewall) rules
|
||||
- Denies all incoming traffic by default
|
||||
- Allows all outgoing traffic
|
||||
- Only allows incoming traffic on the Tailscale interface
|
||||
|
||||
9. **Final Summary (Lines 75-88)**
|
||||
- Shows a summary of what was configured
|
||||
- Displays the new addresses for accessing your services
|
||||
- Reminds you where to find backup files
|
||||
|
||||
Important Notes for Users:
|
||||
1. Run this script as root or with sudo
|
||||
2. When you run `tailscale up`, you'll need to authenticate via a web browser
|
||||
3. Make sure you can still access your server through Tailscale before logging out
|
||||
4. Keep the backup files in case you need to restore the original configuration
|
||||
5. The script assumes you're using Ubuntu/Debian - some modifications might be needed for other distributions
|
||||
|
||||
To use this script:
|
||||
1. Save it to a file (e.g., `setup-tailscale.sh`)
|
||||
2. Make it executable: `chmod +x setup-tailscale.sh`
|
||||
3. Run it: `sudo ./setup-tailscale.sh`
|
||||
|
||||
After running the script, you'll only be able to access:
|
||||
- SSH/SFTP through your Tailscale IP on port 22
|
||||
- CloudPanel through your Tailscale IP on port 8443 (https)
|
||||
- No other external access will be allowed
|
||||
|
||||
# You dont have to alter you VPS or any other Firewall
|
||||
Loading…
Reference in a new issue