Enrolling a Lighthouse

In a Managed Nebula network, hosts discover each other via lighthouses. To create a lighthouse, you will need a lightweight server on a persistent public IPv4 address. Additionally, you'll want to use a machine that is always-on rather than a serverless platform, since the lighthouse is a stateful process.

To start enrolling a lighthouse, visit the lighthouses page of the admin panel and click the "add" button.

The 'add a lighthouse' form in the admin panel. Requires a name, public IP, port and role selected from a dropdown list.

Give the lighthouse a name and enter the machine's public IPv4 address and the port you opened to allow UDP inputs (default 4242). Choose the pre-created “Lighthouse” role, which only accepts ping requests from other hosts. You'll be able to edit the Lighthouse role's firewall rules later if desired.

info

You’ll need to open the machine's firewall for UDP port 4242 (or some other configured port) in order for any host to be able to query the lighthouse, on both IPv4 and IPv6 ports to allow hosts on all types of networks to communicate.

Now that you have created your lighthouse, follow the instructions in the admin panel to install dnclient, start it as a startup service, and enroll the machine into the Managed Nebula network.

Enroll page for a new lighthouse named 'My First Lighthouse'. It shows 3 steps, with more pas the edge of the screen: Download dnclient, Make dnclient executable, Install dnclient service.

Once you’ve enrolled a lighthouse, you can start setting up other hosts and using ping with their Managed Nebula IP addresses to verify that they are able to communicate with each other via the lighthouse over your Managed Nebula network.