Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana

gilangvperdana/README.md

Last active October 12, 2023 08:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save gilangvperdana/f73b9ab6c9f99e9e18735e142b77ef9f to your computer and use it in GitHub Desktop.
Save gilangvperdana/f73b9ab6c9f99e9e18735e142b77ef9f to your computer and use it in GitHub Desktop.
Download ZIP
Pritunl behind Nginx Reverse Proxy
Raw
README.md

Install Pritunl

sudo apt-get update
sudo apt-get -y upgrade

echo "deb http://repo.pritunl.com/stable/apt focal main" | sudo tee /etc/apt/sources.list.d/pritunl.list
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
sudo apt update

sudo apt --assume-yes install pritunl mongodb-server
sudo systemctl start pritunl mongodb
sudo systemctl enable pritunl mongodb

sudo pritunl setup-key 
sudo pritunl default-password

git clone https://github.com/jippi/docker-pritunl
cd docker-pritunl
docker-compose up -d

Reverse UDP Connection with Nginx Reverse Proxy

Goals

  • Can reverse an UDP connection with Nginx
  • Can access UDP with port 19658 to localhost:19658

Configure

  • Install Nginx

    apt install -y nginx
apt-get install -y libnginx-mod-stream

  • Configure Stream Blocks

    nano /etc/nginx/conf.d/udp.conf.ssh

    stream {
 server {
     listen 19658 udp;
     proxy_pass 10.8.0.5:19658;
 }
}

  • Configure nginx.conf

    nano /etc/nginx/nginx.conf

    include /etc/nginx/conf.d/*.conf.ssh;

  • Restart Nginx

    service nginx reload

You can access 19658 UDP with localhost:19658

Reset Password

pritunl reset-password

Tweak UDP Linux Limit

$ sudo sysctl -w net.core.rmem_max=26214400
net.core.rmem_max = 26214400
$ sudo sysctl -w net.core.rmem_default=26214400
net.core.rmem_default = 26214400
  • Make it persistent
nano /etc/sysctl.conf 

net.core.rmem_max=26214400
net.core.rmem_default=26214400

Disable Some Service

mikrotik is for server name example. You can turn off your VPN Server before do this :

  • Turn off TLS Auth
mongo pritunl
db.servers.update({"name" : "mikrotik"}, {$set: { "tls_auth" : false}})
  • Turn off lzo compression
mongo pritunl
db.servers.update({"name" : "mikrotik"}, {$set: { "lzo_compression" : "adaptive"}})

Then, restart server > re-generate user profile. Enjoy!

Custom Certificate Console Pritunl

# Set new SSL server cert:
pritunl set app.server_cert "$(cat /path/to/cert.pem)"

# Set new SSL server key:
pritunl set app.server_key "$(cat /path/to/privkey.pem)"

# Reset
pritunl reset-ssl-cert
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment