Important: Ensure you’ve satisfied the prerequisites before following this guide.
Assuming you’re running a supported Linux kernel on one of the supported platforms, use one of the methods below to get started:
The easiest way to get started using Firezone is via the automatic installation script:
bash <(curl -Ls https://github.com/firezone/firezone/raw/master/scripts/install.sh)
This will ask you a few questions regarding your install, download the latest release for your platform, then create an administrator user and print to the console instructions for logging in to the web UI.
If that fails, try the manual installation method below.
If the Automatic Install fails, try these steps to install Firezone manually.
- Install WireGuard for your distro. If using Linux kernel 5.6 or higher, skip this step.
- Download the relevant package for your distribution from the releases page.
- Install with
sudo rpm -i firezone*.rpmor
sudo dpkg -i firezone*.debdepending on your distro.
- Bootstrap the application with
sudo firezone-ctl reconfigure. This will initialize config files, set up needed services and generate the default configuration.
Edit the default configuration located at
/etc/firezone/firezone.rb. We’ve chosen sensible defaults that should be a good starting point for most installations. For production installations, you’ll want to specify your FQDN and SSL certificate paths:
# Auto-generated based on the server's hostname. # Set this to the URL used to access the Firezone Web UI. default['firezone']['external_url'] = 'https://firezone.example.com' # Specify the path to your SSL cert and private key. # If set to nil (default), a self-signed cert will be generated for you. default['firezone']['ssl']['certificate'] = '/path/to/cert.pem' default['firezone']['ssl']['certificate_key'] = '/path/to/key.pem'
See the complete configuration file reference for more details.
- Reconfigure the application to pick up the new changes:
sudo firezone-ctl reconfigure.
- Finally, create an admin user with
sudo firezone-ctl create-or-reset-admin. The login credentials will be printed to the console output.
- Now you should be able to sign in to the web UI at the URL you specified in step 5 above, e.g.
Find solutions to common issues during deployment in Troubleshoot.