Provides enterprises with a centralized Gateway interface for internal management. Through this interface, administrators can easily add and manage proxy addresses for external servers, establishing a secure connection framework between internal and external networks. With Mavis, enterprises can ensure compliance and data security.
Use Case:
Mavis is deployed internally within the company, with an Ubuntu machine configured on AWS and installed with the Mavis Gateway as the Gateway Server. Users connect securely to the Gateway Server via Mavis to access internal resources within the same VPC.
For further information, refer to: Gateway Management and Tunnel Features.
1. Environment Preparation
1.Gateway Server Hardware Requirements
Server Type | CPU Requirement | Memory Requirement | Storage Requirement | OS Requirement |
---|---|---|---|---|
Gateway Server | 2 Core | 4 GB | 20 GB or more (/) | Ubuntu 16.04, 18.04, 20.04, 22.04, 23.10, 24.04 (sudo access required) |
2. SSL Certificate with Domain Name
Prepare an SSL certificate containing a domain name and configure the corresponding DNS subdomain.
The connection between the Mavis server and the Gateway server uses HTTPS, requiring a fully qualified domain name (FQDN) with appropriate configuration.
Example Domain: aws-tunnel01.mavisdemo.com
Subdomain | Record Type | Target Content | Description |
---|---|---|---|
taws-tunnel01 | A | Gateway Server IP | For connection between Mavis and Gateway servers |
3 Network Environment Configuration
The Gateway server must have internet access to download and install necessary components while supporting connections to the Mavis server.
No. | Source | Destination | Protocol/Port | Rule | Description |
---|---|---|---|---|---|
1 | Gateway Server IP | 0.0.0.0/0 (Internet) | ALL | Allow | Allows proxy server platform to access the Internet for downloading components. |
2 | Mavis Server IP | Gateway Server IP | HTTPS/443 | Allow | Allows connection between Mavis and Gateway servers. |
二、Gateway Management Setup
Administrator privileges are required to perform the setup from the "Management Interface."
1.Navigate to the Management Interface. 2. Select Gateway Management. 3. Click Create Gateway. |
4 Enter a custom Gateway Section Name. |
9. Select the created gateway section, download the configuration file, and upload it to the Gateway server. |
二、Installing the Gateway Service
Log in to the Gateway server, switch to a mode with sudo privileges, and execute the installation command.
Prerequisites:
Verify the uploaded Gateway configuration file and certificates.
Rename the .crt and .key files to tls.crt and tls.key respectively.
1. After logging in to the Gateway server, switch to a user with sudo privileges. 2. Ensure the Gateway configuration file is available. 3. Confirm the presence of certificates with the correct filenames (tls.crt and tls.key). |
-
Install Command:
ReplacePROXY_CONFIG
with your Gateway configuration file name.
1. Install Command: curl -sSL https://pentium-repo.s3.ap-northeast-1.amazonaws.com/mavis/latest/install.sh |INSTALL_PROXY_CLUSTER=true PROXY_CONFIG=gateway-aws-aws-tunnel01-config.yaml bash |
-
After successful installation, the system generates a Public Key.
-
Copy the generated Public Key and paste it into Gateway Management:
1.Navigate to Gateway Management. 2.Select the relevant Gateway Section. 3.Select Edit. |
4. Paste the Public Key into the designated field. 5. Save the configuration. |
三、Connecting to Machines in the Same VPC Through the Gateway Server
- Copy Gateway Segment Information
1. Navigate to Gateway Management. 2. Select the desired Gateway segment and click the copy icon to copy the Gateway Segment Name. |
-
Add the Gateway Segment Tag to Devices
4. Go to Devices. 5. Select the devices you want to connect through the Gateway server. 6. In Actions, choose Add Tag. |
7. Add the tag by entering the Gateway Segment Name. 8. Click Add. |
-
Connection
Devices tagged with the Gateway Segment will now connect through the Gateway server.
四、Removing Gateway Server Services and Settings
-
Log in to the Gateway server and execute the uninstall command:
sh /usr/local/bin/k3s-uninstall.sh |
-
Remove Gateway Management Configuration
(Note: Removing the configuration from the management interface does not delete the physical Gateway server or its internal proxy settings. Ensure the previous step to uninstall the Gateway server service is completed first.)
1. Navigate to Gateway Management. 2. Select the Gateway Segment. 3. Click Delete. |
-
Remove Gateway Segment Tags from Devices
1. Go to Devices. 2. Select the device(s). 3. Choose Remove Tag. |
4. Select the Gateway Segment tag to remove. 5. Click Remove. |