Skip to content

Internal design

Internal design

We have a simple architect for management and performance.

FerrumGate stores all its configuration in Redis as encrypted, and writes all logs to ElasticSearch.

We have a management ui and api as data layer, a customized ssh server, wireguard server, ssl vpn server, we call them gateway for creating secure tunnels. You can create multiple gateways to create multiple virtual networks in a single host.

Everything works in docker containers.

Opened Ports

Opened ports on each gateway.

Application Port
http/tcp 80 ui and api, if you want to use Let's encrypt, open this port to public
https/tcp 443 ui and api
tunnel/tcp,udp 9999(default port) tunnel server (udp first, tcp fallback)(not OpenVPN)

Performance Considerations

Using an external ElasticSearch in production is a good choice for performance.

Security Considerations

  • Redis must have a long length password, 64 is a good choice

    Make a replicated database for High Availability.

    Redis version must be redis:7 and above

  • ElasticSearch must have a password

    ElasticSearch version must be 8.5.0


If something goes wrong, all running processes are docker containers. Just type docker ps and get running containers and follow logs with docker logs -f $Container_Id


    ferrumgate --all-logs
    ferrumgate --logs rest
    ferrumgate --logs admin
    ferrumgate --logs task
    ferrumgate --logs log
    ferrumgate --logs ssh


All files are under /etc/ferrumgate, take a look, easy configuration