We have a simple architect for management and performance.
FerrumGate stores all its configuration in Redis as encrypted, and writes all logs to ElasticSearch.
We have a management ui and api as data layer, a customized ssh server, wireguard server, ssl vpn server, we call them gateway for creating secure tunnels. You can create multiple gateways to create multiple virtual networks in a single host.
Everything works in docker containers.
Opened ports on each gateway.
|ui and api, if you want to use Let's encrypt, open this port to public
|ui and api
|tunnel server (udp first, tcp fallback)(not OpenVPN)
Using an external ElasticSearch in production is a good choice for performance.
Redis must have a long length password, 64 is a good choice
Make a replicated database for High Availability.
Redis version must be redis:7 and above
ElasticSearch must have a password
ElasticSearch version must be 8.5.0
If something goes wrong, all running processes are docker containers. Just type docker ps and get running containers and follow logs with docker logs -f $Container_Id
All files are under /etc/ferrumgate, take a look, easy configuration