Skip to content
/ nova Public

End-to-End High Throughput VPN Setup Automation

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xAFz/nova

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

152 Commits
ansible
ansible
 
 
terraform
terraform
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ansible.cfg
ansible.cfg
 
 
dns.py
dns.py
 
 
nova.sh
nova.sh
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Nova

Nova automates the setup of a VPN server using Terraform, Ansible, Bash, and Python3 on OpenStack, with optional DNS management via Cloudflare. The project simplifies VPN deployment and configuration through a unified automation script, handling everything from infrastructure provisioning to domain setup.

Table of Contents

  1. Prerequisites
  2. Setup Instructions
  3. Usage
  4. Verify Installation
  5. Environment Configuration
  6. Detailed Configuration Steps
  7. Troubleshooting

Prerequisites

Before you begin, ensure the following software is installed on your system:

  1. Terraform
  2. Ansible
  3. Bash
  4. Python3

You will also need accounts for:

  • OpenStack (for infrastructure)
  • Cloudflare (if using domain-based setup)

Setup Instructions

  1. Clone the repository to your local machine:

    git clone https://github.com/0xAFz/nova.git
cd nova/

  2. Copy the .env.example file to .env:

    cp .env.example .env

  3. Edit the .env file and replace the placeholders with actual values (refer to the Environment Configuration section).

  4. Make the nova.sh script executable:

    chmod +x nova.sh

  5. You are now ready to run the script and deploy the VPN server!

Usage

Nova supports two main operations: up and down.

  • To start and deploy the VPN server, run:

    ./nova.sh up

    This will:

    • Initialize Terraform and create the infrastructure.
    • Set up the server with VPN capabilities.
    • Optionally configure DNS records through Cloudflare (if a domain is provided).

  • To destroy the VPN server and associated resources, run:

    ./nova.sh down

Verify Installation

  1. Check 3x-ui service status
systemctl status x-ui
  1. Check Open ports
ss -ntlp
  1. Open 3x-UI panel in browser

Warning

For the security reasons, we blocked all public traffic to panel

How to access the panel?

You should open a SSH tunnel between local machine and server

# forwarding local port 8080 to server 127.0.0.1:2053
ssh -L 8080:127.0.0.1:2053 user@ip
# now you can open this url in your browser
http://localhost:8080

Note

To be able to do SSH port forwarding, you must allow tcp forwarding AllowTcpForwarding yes in /etc/ssh/sshd_config
By default we enabled it in the preparing tasks

Environment Configuration

Populating the .env File

The .env file contains crucial environment variables needed for the project. You must update the placeholder values with your actual credentials and information.

The variables in .env are used across the Terraform, Ansible, and Python scripts to automate the setup. Ensure that all values are accurate before running the automation.

Steps to Replace .env Values

  1. XUI Panel Credentials:

    • Set the username and password you want for the XUI panel.
    • Specify the port for the XUI panel (e.g., 2053).

  2. Domain and Cloudflare Setup (Optional):

    • If you are using a domain with Cloudflare, fill in your Cloudflare email, API key, and Zone ID. Leave DOMAIN empty if you’re not using DNS.

  3. OpenStack Configuration:

    • Replace the placeholders with your OpenStack credentials, which can be obtained from the OpenStack dashboard or the OpenRC file.

  4. SSH and VM Configuration:

    • Ensure the path to your SSH public key is correct (usually ~/.ssh/id_rsa.pub).
    • Specify the name, image, flavor, and network for the VM that will be created.

Detailed Configuration Steps

Cloudflare Credentials

To use DNS management via Cloudflare:

  1. Log into your Cloudflare account.
  2. Go to My Profile > API Tokens.
  3. Create a new API token with DNS edit permissions.
  4. Copy the API key, email, and Zone ID into the .env file.

Reference: Cloudflare API Documentation

OpenStack Credentials

To obtain OpenStack credentials:

  1. Log into the OpenStack dashboard.
  2. Go to Access & Security > API Access and download the OpenRC file.
  3. Source the OpenRC file and copy the values into your .env file.

Alternatively, use the OpenStack CLI:

openstack credentials show

Reference: OpenStack CLI Documentation

SSH Key Pair Generation

If you don’t already have an SSH key pair:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This will generate id_rsa (private key) and id_rsa.pub (public key) in your ~/.ssh/ directory.

Troubleshooting

  • General Failures: Check the error messages and logs to understand the cause of the failure.
  • Environment Variables: Ensure all values in the .env file are correct.
  • SSH Issues: Verify that your SSH key pair is generated correctly and located in the right directory (~/.ssh/id_rsa.pub).
  • Cloudflare DNS: If using a domain, confirm that your DNS records are correctly set up in Cloudflare.
  • Permissions: Ensure that your OpenStack and Cloudflare accounts have the necessary permissions.

About

End-to-End High Throughput VPN Setup Automation

Topics

python bash nginx ansible terraform openstack cloudflare

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages