@@ -138,7 +138,7 @@ file [stack.json](https://github.com/alexzhangs/aws-cfn-vpn).
138138* 1 nested ACM service stack if set ` EnableSSM=1 ` and ` SSMDomain ` is
139139used.
140140
141- It setup AWS Certificate Manager service on the manager stack, to automate certificates provision.
141+ It setup AWS Certificate Manager service on the manager stack, to automate certificates provision.
142142
143143 Following chart shows how it works.
144144
@@ -213,8 +213,8 @@ xsh load xsh-lib/aws
213213```
214214
215215Note: If you are proceeding without the tools, then you will have to manually
216- upload templates and Lambda function to S3, and handle the parameters
217- for each nested templates.
216+ edit config files and upload templates and Lambda function to S3, and handle
217+ the parameters for each nested templates.
218218
219219### Prepare AWS Accounts
220220
@@ -253,10 +253,16 @@ for each nested templates.
253253
2542541. Create a profile for each access key created in the last step.
255255
256- A region is needed to be set in this step.
256+ Following commands will create three profiles with names:
257+ ` profile-0` ` profile-1` ` profile-2` in
258+ the rest of this document.
259+
260+ A region is needed to be set in this step.
257261
258262 ` ` ` sh
259- $ aws configure --profile=< your_profile_name>
263+ $ aws configure --profile=profile-0
264+ $ aws configure --profile=profile-1
265+ $ aws configure --profile=profile-2
260266 ` ` `
261267
262268# ## Get the code
@@ -273,44 +279,32 @@ $ git clone https://github.com/alexzhangs/aws-cfn-vpn-lexbot
273279$ git clone https://github.com/alexzhangs/aws-cfn-acm
274280` ` `
275281
276- # ## Create the Manager Stack
277-
278- 1. Activate your AWS profile.
282+ # ## Create the aws-cfn-vpn config files
279283
280- ` ` ` bash
281- $ xsh aws/cfg/activate < your_profile >
282- ` ` `
284+ The config files are needed by ` aws-cfn-vpn ` to deploy the
285+ CloudFormation stacks. Review the options listed below and choose one from
286+ them:
283287
284- 1. Create an EC2 key pair in AWS and save it to ~ /.ssh.
285-
286- ` ` ` bash
287- $ xsh aws/ec2/key/create -f ~ /.ssh/< keyname> < keyname>
288- ` ` `
288+ 1. Basic: Create three config files, one is for the
289+ manager stack, the other two are for the node stacks.
289290
290- 1. Edit ` sample-ssm.conf`
291-
292- Replace the values wrapped by ' <>'
293-
294- ` ` ` ini
295- " KeyPairName=<your_aws_ec2_key_pair_name>"
291+ ` ` ` bash
292+ $ bash aws-cfn-vpn/config.sh -x 0-2
296293 ` ` `
297294
298- Optional:
295+ 1. Classic: Use domain and enable HTTPS.
296+ Add the domain ` example.com`
297+ admin web console, the l2tp service, and the Shadowsocks service.
298+ HTTPS will be enabled for the admin web console.
299299
300- ` ` ` ini
301- " Domain=<yourdomain.com>"
302- " SSMDomain=<admin.ss.yourdomain.com>"
303- " SSMAdminEmail=<[email protected] >" 304- " L2TPDomain=<vpn.yourdomain.com>"
300+ ` ` ` bash
301+ $ bash aws-cfn-vpn/config.sh -x 0-2 -d EXAMPLE.COM
305302 ` ` `
306- HTTPS will be enabled if ` SSMDomain`
307303
308- Enable DNS service API with additional settings(only ` name.com` for now):
304+ 1. Advanced: Enable DNS service API with additional settings(only ` name.com` for now):
309305
310- ` ` ` ini
311- " DomainNameServer=name.com"
312- " DomainNameServerUsername=<your_username_of_name.com>"
313- " DomainNameServerCredential=<your_api_token_of_name.com>"
306+ ` ` ` bash
307+ $ bash aws-cfn-vpn/config.sh -x 0-2 -d EXAMPLE.COM -N name.com -u DomainNameServerUsername -p DomainNameServerCredential
314308 ` ` `
315309
316310 With DNS service API enabled, DNS records can be automatically
@@ -321,85 +315,57 @@ $ git clone https://github.com/alexzhangs/aws-cfn-acm
321315 generated at your
322316 [name.com API settings](https://www.name.com/account/settings/api).
323317
324- Change any other settings as you wish.
325-
326- 1. Create the manager stack.
327-
328- Run below command at your local:
329-
330- ` ` ` bash
331- $ xsh aws/cfn/deploy -C ./aws-cfn-vpn -t stack.json -c sample-ssm.conf
332- ` ` `
333-
334- If HTTPS is enabled but the DNS service API is not, you need to
335- manually create DNS record to validate the new created ACM
336- certificate. Visit AWS ACM service console to obtain the DNS
337- record info. Once the ACM certificate is validated successfully,
338- you can proceed.
339-
340- Then wait for the stack creation complete.
341-
342- If the stack creation complete successfully, run below command to get the output of the stack. Replace ` < stack_name> `
318+ 1. Or see the help and figure it out yourself:
343319
344320 ` ` ` bash
345- $ xsh aws/ cfn/stack/desc < stack_name >
321+ $ bash aws- cfn-vpn/config.sh -h
346322 ` ` `
347323
348- 1. Verify the manager stack deployment.
324+ After the command is completed, following config files should be
325+ created:
349326
350- Open your browser, visit ` http://< PUBLIC_IP> /admin`
351-
352- Or visit ` https://< admin.ss.yourdomain.com> /admin`
353- must use the HTTPS protocol with using the domain, the HTTP protocol
354- won' t work with it.
355-
356- Log in with the default username and password if you didn' t change it in the sample conf file.
357-
358- ` ` ` ini
359- " SSMAdminUsername=admin"
360- " SSMAdminPassword=passw0rd"
361- ` ` `
362-
363- # ## Create the Node Stack
364-
365- 1. Activate another AWS profile and create an EC2 key pair.
366-
367- Refer to the steps in the last section.
368-
369- 1. Edit ` sample-ssn-1.conf`
327+ ` ` ` sh
328+ $ ls -1 aws-cfn-vpn/vpn-* .conf
329+ aws-cfn-vpn/vpn-0-sample.conf
330+ aws-cfn-vpn/vpn-1-sample.conf
331+ aws-cfn-vpn/vpn-2-sample.conf
332+ ` ` `
370333
371- Set below values by the output of the manager stack.
334+ # ## Create the manager stack and the node stacks
372335
373- ` ` ` ini
374- " SSMAccountId=<AccountId>"
375- " VpcPeerAccepterRegion=<VpcPeerAccepterRegion>"
376- " VpcPeerAccepterVpcId=<VpcId>"
377- " VpcPeerAccepterSqsQueueUrl=<VpcPeerAccepterSqsQueueUrl>"
378- " VpcPeerAccepterRoleArn=<IamPeerRoleArn>"
379- " SnsTopicArn=<SnsTopicArnForConfig>"
380- ` ` `
336+ Following command will create three CloudFormation stacks by using
337+ the three AWS CLI profiles and the three config files created in the
338+ earlier steps.
381339
382- Set below values with your preferred.
340+ ` ` ` bash
341+ $ bash aws-cfn-vpn/create.sh -x 0-2 -p " profile-0 profile-1 profile-2"
342+ ` ` `
383343
384- ` ` ` ini
385- " SSDomain=<ss.yourdomain.com>"
386- " KeyPairName=<your_aws_ec2_key_pair_name>"
387- ` ` `
344+ If HTTPS is enabled but the DNS service API is not, you need to
345+ manually create DNS record to validate the new created ACM
346+ certificate. Visit
347+ [AWS ACM service](https://console.aws.amazon.com/acm)
348+ console to obtain the DNS record info. Once the ACM certificate is
349+ validated successfully, you can proceed.
388350
389- Change any other settings as you wish.
351+ The command takes around 30 minutes to complete, and if everything
352+ goes smooth, the 3 stacks and all services should be ready after
353+ the command is completed. You can move to the next section.
390354
391- 1. Create the node stack.
355+ # ## Verify the manager stack deployment .
392356
393- Run below command at your local:
357+ Open your browser, visit ` http:// < PUBLIC_IP > /admin ` , a login screen should show up.
394358
395- ` ` ` bash
396- $ xsh aws/cfn/deploy -C ./aws-cfn-vpn -t stack.json -c sample-ssn-1.conf
397- ` ` `
359+ Or visit ` https://admin.ss.yourdomain.com/admin ` . Note that you
360+ must use the HTTPS protocol with using the domain, the HTTP protocol
361+ won ' t work with it.
398362
399- Then wait for the stack creation complete.
363+ Log in with the default username and password:
400364
401- 1. If everything goes fine, repeat the same steps with
402- ` sample-ssn-2.conf`
365+ ```ini
366+ "SSMAdminUsername=admin"
367+ "SSMAdminPassword=passw0rd"
368+ ```
403369
404370## Maintain DNS Records
405371
@@ -408,7 +374,7 @@ shadowsocks-manager should have taken care of the DNS records.
408374
409375If you are not in the case above, proceed with following steps:
410376
411- 1. Create a DNS ` A record` ` admin.ss`
377+ 1. Create a DNS `A record`, such as `admin.ss`.yourdomain.com,
412378pointing to the public IP of EC2 Instance of manager stack.
413379
414380 Use this domain to access the shadowsocks-manager.
@@ -426,12 +392,12 @@ the public IP of EC2 Instance of node stack.
426392## Configure shadowsocks-manager
427393
4283941. Log in the shadowsocks-manager web console back at
429- ` http ://admin.ss.yourdomain.com/admin`
395+ `https ://admin.ss.yourdomain.com/admin` after the DNS records get
430396effective.
431397
432- 1. Go to ` Home › Shadowsocks › Shadowsocks Nodes › Add Shadowsocks
433- Node ` , to check the node list, all node stacks you created should have been
434- registered as nodes automatically.
398+ 1. Go to `Home › Shadowsocks › Shadowsocks Nodes`, to check the node
399+ list, all node stacks you created should have been registered as nodes
400+ automatically.
435401
436402 Note: The registration relies on the AWS Config, SNS and Lambda services,
437403it takes up to around 15 minutes to capture and deliver the config changes.
@@ -485,7 +451,6 @@ level.
485451
486452# # TODO
487453
488- * Add the support for AMI Amazon Linux 2.
489454
490455# # Troubleshooting
491456
0 commit comments