isle/docs/operator/contributing-a-public-address.md

50 lines
1.8 KiB
Markdown

# Contributing a Public Address
Isle provides a VPN component which allows hosts in the network to connect to
each other directly and securely. This VPN forms the base layer on which all
other Isle functionality is based.
Every Isle network requires at least one host which provides a publicly
accessible address. These publicly accessible hosts do _not_ route traffic
between hosts on the Isle network. Rather, they coordinate hosts to talk
directly to each other, and handle the details of punching through any NATs that
hosts might be behind. As such providing a public address is very lightweight
and requires no storage.
If your host machine has a public static IP, or a dynamic public IP with
[dDNS][ddns] set up, then it can contribute a public address.
[nebula]: https://github.com/slackhq/nebula
[ddns]: https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/
## Setup networking
The first step is to pick a UDP port you will expose. It doesn't really matter
which port you pick, but a number over 1024 is recommended.
If your host is behind a NAT, ensure that the gateway is setup to forward UDP
traffic on that port to your host.
Configure your host's firewall to allow all UDP traffic on that port.
## Configure Isle
See the [Configuring Networks](./configuring-networks.md) document for notes on
how to configure Isle networks. This guide assumes configuration using the CLI.
The `isle vpn public-address` sub-commands can be used to inspect and manage
the public address provided by the host.
```bash
# isle vpn public-address get
No public address configured
# isle vpn public-address set --to some-host.mydomain.com:5678
# isle vpn public-address get
some-host.mydomain.com:5678
```
Once set the public address will be automatically used by other hosts on the
network.