Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a60d49f5fc'
${ noResults }
algo/docs/deploy-from-script-or-cloud...

3.6 KiB
Raw Blame History

Deploy from script or cloud-init

You can use install.sh to prepare the environment and deploy AlgoVPN on the local Ubuntu server in one shot using cloud-init or run the script directly on the server. The script doesn't configure any parameters in your cloud, so it's on your own to configure related firewall rules, a floating ip address and other resources you may need.

Cloud init deployment

You can copy-paste the snippet below to the user data (cloud-init or startup script) field when creating a new server. For now it is only possible for DigitalOcean, Amazon EC2 and Lightsail, Google Cloud and Azure.

#!/bin/bash
curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x

The command will prepare the environment and install AlgoVPN with default parameters. If you want to modify the behaviour you may define additional variables.

Variables

METHOD - which method of the deployment to use. Possible values are local and cloud. Default: cloud. The cloud method is intended to use in cloud-init deployments only. If you are not using cloud-init to deploy the server you have to use the local method
ONDEMAND_CELLULAR - "Connect On Demand" when connected to cellular networks. Bollean. Default: false
ONDEMAND_WIFI - "Connect On Demand" when connected to Wi-Fi. Default: false
ONDEMAND_WIFI_EXCLUDE - List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand". Comma-separated list.
WINDOWS - To support Windows 10 or Linux Desktop clients. Default: false
STORE_CAKEY - To retain the CA key. (required to add users in the future, but less secure). Default: false.
LOCAL_DNS - To install an ad blocking DNS resolver. Default: false.
SSH_TUNNELING - Enable SSH tunneling for each user. Default: false
ENDPOINT - The public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate). It will be gathered automatically for DigitalOcean, AWS, GCE or Azure if the METHOD is cloud. Otherwise you need to define this variable according to your public IP address.
USERS - list of VPN users. Comma-separated list.
REPO_SLUG - Owner and repository that used to get the installation scripts from. Default: trailofbits/algo.
REPO_BRANCH - Branch for REPO_SLUG. Default: master.
EXTRA_VARS - Additional extra variables.
ANSIBLE_EXTRA_ARGS - Any available ansible parameters. ie: --skip-tags apparmor.

Examples

How to customise a cloud-init deployment by variables
#!/bin/bash
export ONDEMAND_CELLULAR=true
export WINDOWS=true
export SSH_TUNNELING=true
curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x
How to deploy locally without using cloud-init
export METHOD=local
export ONDEMAND_CELLULAR=true
curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x
How to deploy a server using arguments

The arguments order as per variables above

curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x -s local true false _null true true true true myvpnserver.com