Nebula: Build your own secure, global overlay network.

Nebula is an open-source global overlay networking tool originally created and battle-tested by Slack. It allows you to connect any number of computers, from a few to tens of thousands, into a single, secure private network. This tool creates a dedicated virtual network on top of any existing internet connection, enabling devices to communicate as if they were on the same local network, regardless of their physical location.

It operates on a peer-to-peer model, where each host establishes a direct, encrypted tunnel to others. Security is managed through a robust Public Key Infrastructure (PKI). Each host has a unique certificate that defines its identity, IP address, and group memberships, ensuring that only authorized devices can join and communicate.

Key capabilities include:

Built-in Firewall: A powerful, group-based firewall lets you define traffic rules based on certificate properties, not just IP addresses.
NAT Traversal: "Lighthouse" nodes help peers find each other and punch through firewalls and NATs, making connections seamless.
Broad Compatibility: A single binary runs on Linux, macOS, Windows, iOS, Android, and more, across various hardware architectures.
Proven Scalability: It powers Slack's production infrastructure, connecting over 50,000 hosts globally.

This approach provides a simple, fast, and highly secure way to manage connectivity between hosts in different data centers, cloud providers, or remote locations.

Directory Structure

nebula

config

.env

docker-compose.yml

services:
  nebula:
    image: nebulaoss/nebula:latest
    container_name: nebula
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - "4242:4242/udp"
    volumes:
      - ./config:/etc/nebula
    command: -config /etc/nebula/config.yml
    restart: unless-stopped

.env

# Nebula does not require environment variables for this basic Docker Compose setup.
# All configuration, including secrets like certificates and keys, should be placed in the ./config directory and referenced in your config.yml.

Categories:

Mesh Networking

GitHub Repository

Stars

17,168

Forks

1,117

Last commit

about 7 hours ago

Repository age

over 6 years

License

MIT

View Repository

Auto-fetched about 1 hour ago

Container Image

Pulls

211.2K

Last week pulls

148

Last updated

about 1 month ago

Image age

over 2 years

Image size

15.52 MB

View on Docker Hub

Auto-fetched about 1 hour ago

Similar to Nebula

View all tools

Firezone

Secure your resources with simple, scalable access policies.

Mesh Networking

8.5k

Replace your VPN with a fast, zero-trust solution built on WireGuard. Create simple access policies and sync users from your identity provider for easy management.

Headscale

Your private, self-hosted Tailscale control server.

Mesh Networking

36.3k

2.2M

Create and manage your own private network with this open-source Tailscale control server. Ideal for self-hosters, hobbyists, and small organizations.

NetBird

Secure remote access with open-source Zero Trust networking

Mesh Networking

23.5k

2.1M

Replace legacy VPNs with an open-source, WireGuard-based overlay network. Enforce Zero Trust access, manage SSO and MFA, and secure remote connectivity.