Firezone is a web application firewall designed to protect your websites and applications from various cyber threats including SQL injection, cross-site scripting, and brute-force attacks. In this tutorial, we will guide you through the process of installing Firezone on NixOS.
Before we start the installation process, make sure you have the following prerequisites:
To install Firezone on NixOS, we need to install some required packages. To do so, run the following command:
sudo nix-env -iA firez.one
This command will install the Firezone package from the Nix package manager.
After installing the package, we need to configure the firewall to allow incoming traffic on port 80 and port 443. To do so, edit the /etc/nixos/configuration.nix
file using your favorite text editor with sudo privileges:
sudo vim /etc/nixos/configuration.nix
Then add the following configuration to the file:
networking.firewall.allowTcpPorts = [ 80 443 ];
Save the file and exit the text editor.
Firezone relies on Nginx as a reverse proxy. Therefore, we need to configure Nginx to route traffic to the Firezone service.
To do so, create a new file called /etc/nixos/nginx.conf
with sudo privileges:
sudo vim /etc/nixos/nginx.conf
Then add the following configuration to the file:
http {
server {
listen 80;
server_name yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
Make sure to replace yourdomain.com
with your actual domain name. Also, create a self-signed SSL certificate by following the instructions in this tutorial.
Save the file and exit the text editor.
After configuring the firewall and Nginx, we need to start the Firezone service.
To do so, run the following command:
sudo systemctl start firezone
This command will start the Firezone service and enable it to start automatically on boot.
To verify that Firezone is working correctly, open a web browser and navigate to https://yourdomain.com
. You should see the Firezone login page.
Enter your credentials and log in to the Firezone dashboard. From there, you can configure and manage your web application firewall.
Congratulations! You have successfully installed Firezone on NixOS.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!