Create a bastion server. Requirements:
- Currently, this script assumes the host is running the "Ubuntu" distribution of Linux.
- Publicly accessible IP
- Firewall configured to allow incoming connections from ELT&CDC IPs on ports 51820 and 22.
- The private database must be reachable from the bastion server
- The database must have a DNS name (we don’t support connections via IP address when using tunneling)
- nslookup must be installed
- iptables must be installed - it is required to create local port forwarding
- ubuntu system user with SSH enabled (key authentication). Please create ubuntu user if it doesn’t exist.
- ubuntu user must be allowed to run
sudo iptables
andsudo wg
Setup tunneling:
- Transfer the downloaded installation script
.sh file
to the tunnel host. We recommend using the scp
command.
- Change the file permissions to executable, for example, using
chmod +x test_install.sh
- Execute the script:
- The script will save an SSH key provided by Integrate.io to complete the setup of the tunnel on our side.
- It will install the Wireguard library on the host and create a new directory at
/etc/wireguard/
to save the tunnel configuration.
- It will enable port forwarding on the host.
- It will send an update to Integrate.io with the host's public IP address.
- It will create and enable a cron job that keeps the tunnel connection open.