Submit
Favicon of Firezone

Firezone

Replace your VPN with a fast, zero-trust solution built on WireGuard. Create simple access policies and sync users from your identity provider for easy management.

Visit FirezoneConfiguration

Transition from a traditional VPN to a modern zero-trust access solution. Built on the high-performance WireGuard® protocol, this tool provides fast and secure connections to your resources without complex configurations. It simplifies network security by replacing tedious ACLs with access policies that are easy for anyone to manage.

Key benefits include:

  • Identity Provider Sync: Automatically sync users and groups from your IdP, making onboarding and offboarding effortless and enforcing multi-factor authentication.
  • Built to Scale: Handle an unlimited number of connections with automatic load balancing and failover across multiple lightweight Gateways.
  • Reduced Attack Surface: Hole-punching technology keeps your resources hidden from the public internet, securing them from attackers.
  • Granular Control: Restrict access based on real-time conditions like device location or time of day, and audit every authorized connection.

As a fully open-source solution, it offers complete transparency and trust. Clients are available for every major platform, ensuring your team stays securely connected everywhere.

Directory Structure

firezone
firezone-data
postgres-data
.env
docker-compose.yml

docker-compose.yml

services:
  firezone:
    image: ghcr.io/firezone/portal:latest
    ports:
      - 80:80
      - 443:443
      - 51820:51820/udp
    environment:
      - EXTERNAL_URL=${EXTERNAL_URL}
      - ADMIN_EMAIL=${ADMIN_EMAIL}
      - ADMIN_PASSWORD=${ADMIN_PASSWORD}
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}
      - SECRET_KEY_BASE=${SECRET_KEY_BASE}
      - LIVE_VIEW_SIGNING_SALT=${LIVE_VIEW_SIGNING_SALT}
      - GUARDIAN_SECRET_KEY=${GUARDIAN_SECRET_KEY}
    volumes:
      - ./firezone-data:/var/firezone
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
    depends_on:
      - postgres
    restart: unless-stopped

  postgres:
    image: postgres:15
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
    volumes:
      - ./postgres-data:/var/lib/postgresql/data
    restart: unless-stopped

.env

EXTERNAL_URL=https://firezone.example.com
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=your_super_secret_password
POSTGRES_USER=firezone
POSTGRES_PASSWORD=your_super_secret_db_password
POSTGRES_DB=firezone
SECRET_KEY_BASE=your_super_secret_key_base_64_chars_minimum
LIVE_VIEW_SIGNING_SALT=your_super_secret_salt_32_chars_minimum
GUARDIAN_SECRET_KEY=your_super_secret_guardian_key_64_chars_minimum
Categories:
Mesh Networking

Tags:

aclclouddevsecopselixirelixir-langfirewallliveviewnetworknetwork-securitynetworkingphoenixprivacyremote-accessrustrust-langsecurityself-hostedssotypescriptvirtual-networkvpnvpn-serverwireguardwireguard-uiwireguard-vpn

Share:

Ad
Favicon

 

  
 

Similar to Firezone

Favicon

 

  
  
Favicon

 

  
  
Favicon