← 返回命令列表

Linux command

nebula 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Generate CA certificate

nebula-cert ca -name "[My Organization]"

Sign a host certificate

nebula-cert sign -name "[server1]" -ip "[10.0.0.1/24]"

Sign with groups

nebula-cert sign -name "[web1]" -ip "[10.0.0.2/24]" -groups "[servers,web]"

Start Nebula

nebula -config [/etc/nebula/config.yaml]

Print certificate details

nebula-cert print -path [host.crt]

Verify certificate

nebula-cert verify -ca [ca.crt] -crt [host.crt]

Generate example config

nebula -print-default

说明

nebula is a scalable overlay networking tool for connecting hosts across networks. It uses certificate-based authentication and peer-to-peer connectivity. Each Nebula network has a CA that signs host certificates. Certificates define the host's Nebula IP address and group memberships for access control. Lighthouses are known nodes that help other nodes discover each other. At least one lighthouse with a public IP is needed. Other nodes connect peer-to-peer once discovered. Configuration (YAML) defines the CA, host cert/key, lighthouses, firewall rules, and network settings. Firewall rules use groups from certificates for access control. Nebula punches through NAT using UDP hole punching. Nodes behind NAT can communicate directly without routing through central servers.

FAQ

What is the nebula command used for?

nebula is a scalable overlay networking tool for connecting hosts across networks. It uses certificate-based authentication and peer-to-peer connectivity. Each Nebula network has a CA that signs host certificates. Certificates define the host's Nebula IP address and group memberships for access control. Lighthouses are known nodes that help other nodes discover each other. At least one lighthouse with a public IP is needed. Other nodes connect peer-to-peer once discovered. Configuration (YAML) defines the CA, host cert/key, lighthouses, firewall rules, and network settings. Firewall rules use groups from certificates for access control. Nebula punches through NAT using UDP hole punching. Nodes behind NAT can communicate directly without routing through central servers.

How do I run a basic nebula example?

Run `nebula-cert ca -name "[My Organization]"` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

Where can I find more nebula examples?

This page includes 7 examples for nebula, plus related commands for nearby Linux tasks.