Skip to content

Internal design

Internal design

We have a simple architect for management and performance.

FerrumGate stores all its configuration in Redis as encrypted, and writes all logs to ElasticSearch.

We have a management ui and api as data layer, a customized ssh server, wireguard server, ssl vpn server, we call them gateway for creating secure tunnels. You can create multiple gateways to create multiple virtual networks in a single host.

Everything works in docker containers.

Opened Ports

Opened ports on each gateway.

Application Port
http/tcp 80 ui and api, if you want to use Let's encrypt, open this port to public
https/tcp 443 ui and api
tunnel/tcp,udp 9999(default port) tunnel server (udp first, tcp fallback)(not OpenVPN)

Performance Considerations

Using an external ElasticSearch in production is a good choice for performance.

Security Considerations

  • Redis must have a long length password, 64 is a good choice

    Make a replicated database for High Availability.

    Redis version must be redis:7 and above

  • ElasticSearch must have a password

    ElasticSearch version must be 8.5.0

Troubleshoot

If something goes wrong, all running processes are docker containers. Just type docker ps and get running containers and follow logs with docker logs -f $Container_Id

or

    ferrumgate --all-logs
    ferrumgate --logs rest
    ferrumgate --logs admin
    ferrumgate --logs task
    ferrumgate --logs log
    ferrumgate --logs quic

Configuration

All files are under /etc/ferrumgate, take a look, easy configuration