leonardobiffi/docker-pritunl

Ubuntu Xenial + Pritunl

Pritunl as a Docker container

Pritunl is the best open source alternative to proprietary commercial vpn products such as Aviatrix and Pulse Secure. Create larger cloud vpn networks supporting thousands of concurrent users and get more control over your vpn server without any per-user pricing.

Images

All images are published to the following registries

• 🥇 GitHub as ghcr.io/jippi/docker-pritunl ⬅️ Recommended
• 🥈 AWS as public.ecr.aws/i2s8u4z7/pritunl ⬅️ Great alternative
• ⚠️ Docker Hub as jippi/docker-pritunl ⬅️ Only use :latest as tags might disappear

Image tags with software specifications and version information can be found in the table below

Tag	Version	OS (Ubuntu)	MongoDB	Wireguard	Size
latest	latest †	Bionic (18.04)	✅ (4.4)	✅	~390 MB
latest-minimal	latest †	Bionic (18.04)	❌	✅	~190 MB
latest-focal	latest †	Focal (20.04)	✅ (5.x)	✅	~390 MB
latest-focal-minimal	latest †	Focal (20.04)	❌	✅	~190 MB
$version	$version	Bionic (18.04)	✅ (4.4)	✅	~390 MB
$version-minimal	$version	Bionic (18.04)	❌	✅	~190 MB
$version-focal	$version	Focal (20.04)	✅ (5.x)	✅	~390 MB
$version-focal-minimal	$version	Focal (20.04)	❌	✅	~190 MB

† Automation checks for new Pritunl releases nightly (CEST, ~3am), so there might be a day or two latency for most recent release

Default user and password

• User: pritunl
• Password: pritunl

Config

Configuration settings that can be used via --env / -e CLI flag in docker run.

• PRITUNL_DONT_WRITE_CONFIG if set, /etc/pritunl.conf will not be auto-written on container start. Any value will stop modifying the configuration file.
• PRITUNL_DEBUG must be true or false - controls the debug config key.
• PRITUNL_BIND_ADDR must be a valid IP on the host - defaults to 0.0.0.0 - controls the bind_addr config key.
• PRITUNL_MONGODB_URI URI to mongodb instance, default is starting a local MongoDB instance inside the container. Any value will stop this behavior.

Usage with embedded MongoDB

I would recommend using a Docker volume or bind mount for persistent data like shown in the examples below

docker run (with mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl $(data_dir)/mongodb
touch $(data_dir)/pritunl.conf

docker run \
    --name pritunl \
    --privileged \
    --network=host \
    --dns 127.0.0.1 \
    --restart=unless-stopped \
    --detach \
    --volume $(data_dir)/pritunl.conf:/etc/pritunl.conf \
    --volume $(data_dir)/pritunl:/var/lib/pritunl \
    --volume $(data_dir)/mongodb:/var/lib/mongodb \
    ghcr.io/jippi/docker-pritunl

docker-compose (with mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl $(data_dir)/mongodb
touch $(data_dir)/pritunl.conf

and then the following docker-compose.yaml file in $(pwd) followed by docker-compose up -d

version: '3.3'
services:
    pritunl:
        container_name: pritunl
        image: ghcr.io/jippi/docker-pritunl
        restart: unless-stopped
        privileged: true
        network_mode: host
        dns:
            - 127.0.0.1
        volumes:
            - './data/pritunl.conf:/etc/pritunl.conf'
            - './data/pritunl:/var/lib/pritunl'
            - './data/mongodb:/var/lib/mongodb'

Usage without embedded MongoDB

I would recommend using a Docker volume or bind mount for persistent data like shown in the examples below

If you have MongoDB running somewhere else you'd like to use, you can do so through the PRITUNL_MONGODB_URI env var like shown below

docker run (without mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl
touch $(data_dir)/pritunl.conf

docker run \
    --name pritunl \
    --privileged \
    --network=host \
    --dns 127.0.0.1 \
    --restart=unless-stopped \
    --detach \
    --volume $(data_dir)/pritunl.conf:/etc/pritunl.conf \
    --volume $(data_dir)/pritunl:/var/lib/pritunl \
    --env PRITUNL_MONGODB_URI=mongodb://some-mongo-host:27017/pritunl \
    ghcr.io/jippi/docker-pritunl

docker-compose (without mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl
touch $(data_dir)/pritunl.conf

and then the following docker-compose.yaml file in $(pwd) followed by docker-compose up -d

version: '3.3'
services:
    pritunl:
        container_name: pritunl
        image: ghcr.io/jippi/docker-pritunl
        restart: unless-stopped
        privileged: true
        network_mode: host
        dns:
            - 127.0.0.1
        environment:
            - PRITUNL_MONGODB_URI=mongodb://some-mongo-host:27017/pritunl
        volumes:
            - './data/pritunl.conf:/etc/pritunl.conf'
            - './data/pritunl:/var/lib/pritunl'

Network mode

If you don't want to use network=host, then replace the --network=host CLI flag with the following ports + any ports you need for your configured Pritunl servers.

    --publish 80:80 \
    --publish 443:443 \
    --publish 1194:1194 \
    --publish 1194:1194/udp \

or for docker-compose

         ports:
            - '80:80'
            - '443:443'
            - '1194:1194'
            - '1194:1194/udp'

Upgrading MongoDB

IMPORTANT: Stop your pritunl docker container (docker stop pritunl) before doing these steps

The pattern for upgrading are basically the same, with the only variance being the MongoDB version number, the docs can be found here:

• Upgrade from 3.2 to 3.6
• Upgrade from 3.6 to 4.0
• Upgrade from 4.0 to 4.2
• Upgrade from 4.2 to 4.4 <- stop here if you use Bionic (18.04)
• Upgrade from 4.4 to 5.0 <- stop here if you use Focal (20.04)

Automated script

I've made a small script called mongo-upgrade.sh that you can download to your server and run. It will make an best-effort to guide you through the steps needed to upgrade.

# fetch the script
wget -O mongo-upgrade.sh https://raw.githubusercontent.com/jippi/docker-pritunl/master/mongo-upgrade.sh
# make it executable
chmod +x mongo-upgrade.sh
# edit settings
vi mongo-upgrade.sh
# run
./mongo-upgrade.sh

Manual upgrade

Assuming you are coming from 3.2, your next version is 3.6 so you need to set $NEXT_VERSION_TO_UPGRADE_TO=3.6 and run these commands.

You can see the list of versions you would need to run with the script above.

Example path from 3.2 to 4.4 would mean running the script once per NEXT_VERSION_TO_UPGRADE_TO with the values below

• NEXT_VERSION_TO_UPGRADE_TO=3.2
• NEXT_VERSION_TO_UPGRADE_TO=3.6
• NEXT_VERSION_TO_UPGRADE_TO=4.0
• NEXT_VERSION_TO_UPGRADE_TO=4.2
• NEXT_VERSION_TO_UPGRADE_TO=4.4

NEXT_VERSION_TO_UPGRADE_TO=
MONGODB_DATA_PATH=$PATH_TO_YOUR_MONGODB_DB_FOLDER # must point to the directory where files like `mongod.lock` and `journal/` are on disk.

# Start MongoDB server
docker run -d --name temp-mongo-server --rm -it -v ${MONGODB_DATA_PATH}:/data/db mongo:${NEXT_VERSION_TO_UPGRADE_TO}

# Wait for server to start
sleep 5

# change setFeatureCompatibilityVersion to current version
docker exec temp-mongo-server mongo admin --quiet --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"${NEXT_VERSION_TO_UPGRADE_TO}\" } );"

# stop the server gracefully
docker exec -it temp-mongo-server mongo admin --quiet --eval "db.shutdownServer()"

# Wait for the server to stop
sleep 5

# make sure container is stopped
docker stop temp-mongo-server

# remove container
docker rm -f temp-mongo-server

# repair / upgrade data
docker run --rm --volume ${MONGODB_DATA_PATH}:/data/db mongo:${NEXT_VERSION_TO_UPGRADE_TO} --repair

Further help and docs

For any help specific to Pritunl please have a look at http://pritunl.com and https://github.com/pritunl/pritunl