Internal design

We have a simple architect for management and performance.

FerrumGate stores all its configuration in Redis as encrypted, and writes all logs to ElasticSearch.

We have a management ui and api as data layer, a customized ssh server, wireguard server, ssl vpn server, we call them gateway for creating secure tunnels. You can create multiple gateways to create multiple virtual networks in a single host.

Everything works in docker containers.

Opened Ports

Opened ports on each gateway.

Application	Port
http/tcp	80	ui and api, if you want to use Let's encrypt, open this port to public
https/tcp	443	ui and api
tunnel/tcp,udp	9999(default port)	tunnel server (udp first, tcp fallback)(not OpenVPN)

Performance Considerations

Using an external ElasticSearch in production is a good choice for performance.

Security Considerations

Redis must have a long length password, 64 is a good choice

Make a replicated database for High Availability.

Redis version must be redis:7 and above
ElasticSearch must have a password

ElasticSearch version must be 8.5.0

Troubleshoot

If something goes wrong, all running processes are docker containers. Just type docker ps and get running containers and follow logs with docker logs -f $Container_Id

or

    ferrumgate --all-logs

    ferrumgate --logs rest

    ferrumgate --logs admin

    ferrumgate --logs task

    ferrumgate --logs log

    ferrumgate --logs ssh

Configuration

All files are under /etc/ferrumgate, take a look, easy configuration