jippi / docker-pritunl Goto Github PK

View Code? Open in Web Editor NEW

175.0 6.0 59.0 129 KB

Pritunl on Docker

Home Page: https://hub.docker.com/r/jippi/pritunl/

Shell 89.11% Dockerfile 10.89%

docker vpn pritunl vpn-server

docker-pritunl's Introduction

English ｜中文

Pritunl as a Docker container

Pritunl is the best open source alternative to proprietary commercial vpn products such as Aviatrix and Pulse Secure. Create larger cloud vpn networks supporting thousands of concurrent users and get more control over your vpn server without any per-user pricing.

Images

All images are published to the following registries

🥇 GitHub as ghcr.io/jippi/docker-pritunl ⬅️ Recommended
🥈 AWS as public.ecr.aws/jippi/pritunl ⬅️ Great alternative
⚠️ Docker Hub as jippi/docker-pritunl ⬅️ Only use :latest as tags might disappear

Image tags with software specifications and version information can be found in the table below

Tag	Version	OS (Ubuntu)	MongoDB	Wireguard
`latest`	latest †	Jammy (22.04)	✅ (6.x)	✅
`latest-minimal`	latest †	Jammy (22.04)	❌	✅
`latest-focal`	latest †	Focal (20.04)	✅ (5.x)	✅
`latest-focal-minimal`	latest †	Focal (20.04)	❌	✅
`$version`	`$version`	Jammy (22.04)	✅ (6.x)	✅
`$version-minimal`	`$version`	Jammy (22.04)	❌	✅
`$version-focal`	`$version`	Focal (20.04)	✅ (5.x)	✅
`$version-focal-minimal`	`$version`	Focal (20.04)	❌	✅

† Automation checks for new Pritunl releases nightly (CEST, ~3am), so there might be a day or two latency for most recent release

Default user and password

Run the following command to obtain the default login username and password:

docker exec -it [container_name] pritunl default-password

Ex:

docker exec -it pritunl pritunl default-password

Config

Configuration settings that can be used via --env / -e CLI flag in docker run.

PRITUNL_DONT_WRITE_CONFIG if set, /etc/pritunl.conf will not be auto-written on container start. Any value will stop modifying the configuration file.
PRITUNL_DEBUG must be true or false - controls the debug config key.
PRITUNL_BIND_ADDR must be a valid IP on the host - defaults to 0.0.0.0 - controls the bind_addr config key.
PRITUNL_MONGODB_URI URI to mongodb instance, default is starting a local MongoDB instance inside the container. Any value will stop this behavior.

Usage with embedded MongoDB

I would recommend using a Docker volume or bind mount for persistent data like shown in the examples below

docker run (with mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl $(data_dir)/mongodb
touch $(data_dir)/pritunl.conf

docker run \
    --name pritunl \
    --privileged \
    --network=host \
    --dns 127.0.0.1 \
    --restart=unless-stopped \
    --detach \
    --volume $(data_dir)/pritunl.conf:/etc/pritunl.conf \
    --volume $(data_dir)/pritunl:/var/lib/pritunl \
    --volume $(data_dir)/mongodb:/var/lib/mongodb \
    ghcr.io/jippi/docker-pritunl

docker-compose (with mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl $(data_dir)/mongodb
touch $(data_dir)/pritunl.conf

and then the following docker-compose.yaml file in $(pwd) followed by docker-compose up -d

version: '3.3'
services:
    pritunl:
        container_name: pritunl
        image: ghcr.io/jippi/docker-pritunl
        restart: unless-stopped
        privileged: true
        network_mode: host
        dns:
            - 127.0.0.1
        volumes:
            - './data/pritunl.conf:/etc/pritunl.conf'
            - './data/pritunl:/var/lib/pritunl'
            - './data/mongodb:/var/lib/mongodb'

Usage without embedded MongoDB

I would recommend using a Docker volume or bind mount for persistent data like shown in the examples below

If you have MongoDB running somewhere else you'd like to use, you can do so through the PRITUNL_MONGODB_URI env var like shown below

docker run (without mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl
touch $(data_dir)/pritunl.conf

docker run \
    --name pritunl \
    --privileged \
    --network=host \
    --dns 127.0.0.1 \
    --restart=unless-stopped \
    --detach \
    --volume $(data_dir)/pritunl.conf:/etc/pritunl.conf \
    --volume $(data_dir)/pritunl:/var/lib/pritunl \
    --env PRITUNL_MONGODB_URI=mongodb://some-mongo-host:27017/pritunl \
    ghcr.io/jippi/docker-pritunl

docker-compose (without mongo)

data_dir=$(pwd)/data

mkdir -p $(data_dir)/pritunl
touch $(data_dir)/pritunl.conf

and then the following docker-compose.yaml file in $(pwd) followed by docker-compose up -d

version: '3.3'
services:
    pritunl:
        container_name: pritunl
        image: ghcr.io/jippi/docker-pritunl
        restart: unless-stopped
        privileged: true
        network_mode: host
        dns:
            - 127.0.0.1
        environment:
            - PRITUNL_MONGODB_URI=mongodb://some-mongo-host:27017/pritunl
        volumes:
            - './data/pritunl.conf:/etc/pritunl.conf'
            - './data/pritunl:/var/lib/pritunl'

Network mode

If you don't want to use network=host, then replace the --network=host CLI flag with the following ports + any ports you need for your configured Pritunl servers.

    --publish 80:80 \
    --publish 443:443 \
    --publish 1194:1194 \
    --publish 1194:1194/udp \

or for docker-compose

         ports:
            - '80:80'
            - '443:443'
            - '1194:1194'
            - '1194:1194/udp'

Upgrading MongoDB

IMPORTANT: Stop your pritunl docker container (docker stop pritunl) before doing these steps

The pattern for upgrading are basically the same, with the only variance being the MongoDB version number, the docs can be found here:

Upgrade from 3.2 to 3.6
Upgrade from 3.6 to 4.0
Upgrade from 4.0 to 4.2
Upgrade from 4.2 to 4.4 <- stop here if you use Bionic (18.04)
Upgrade from 4.4 to 5.0 <- stop here if you use Focal (20.04)

Automated script

I've made a small script called mongo-upgrade.sh that you can download to your server and run. It will make an best-effort to guide you through the steps needed to upgrade.

# fetch the script
wget -O mongo-upgrade.sh https://raw.githubusercontent.com/jippi/docker-pritunl/master/mongo-upgrade.sh
# make it executable
chmod +x mongo-upgrade.sh
# edit settings
vi mongo-upgrade.sh
# run
./mongo-upgrade.sh

Manual upgrade

Assuming you are coming from 3.2, your next version is 3.6 so you need to set $NEXT_VERSION_TO_UPGRADE_TO=3.6 and run these commands.

You can see the list of versions you would need to run with the script above.

Example path from 3.2 to 4.4 would mean running the script once per NEXT_VERSION_TO_UPGRADE_TO with the values below

NEXT_VERSION_TO_UPGRADE_TO=3.2
NEXT_VERSION_TO_UPGRADE_TO=3.6
NEXT_VERSION_TO_UPGRADE_TO=4.0
NEXT_VERSION_TO_UPGRADE_TO=4.2
NEXT_VERSION_TO_UPGRADE_TO=4.4

NEXT_VERSION_TO_UPGRADE_TO=
MONGODB_DATA_PATH=$PATH_TO_YOUR_MONGODB_DB_FOLDER # must point to the directory where files like `mongod.lock` and `journal/` are on disk.

# Start MongoDB server
docker run -d --name temp-mongo-server --rm -it -v ${MONGODB_DATA_PATH}:/data/db mongo:${NEXT_VERSION_TO_UPGRADE_TO}

# Wait for server to start
sleep 5

# change setFeatureCompatibilityVersion to current version
docker exec temp-mongo-server mongo admin --quiet --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"${NEXT_VERSION_TO_UPGRADE_TO}\" } );"

# stop the server gracefully
docker exec -it temp-mongo-server mongo admin --quiet --eval "db.shutdownServer()"

# Wait for the server to stop
sleep 5

# make sure container is stopped
docker stop temp-mongo-server

# remove container
docker rm -f temp-mongo-server

# repair / upgrade data
docker run --rm --volume ${MONGODB_DATA_PATH}:/data/db mongo:${NEXT_VERSION_TO_UPGRADE_TO} --repair

Further help and docs

For any help specific to Pritunl please have a look at http://pritunl.com and https://github.com/pritunl/pritunl

docker-pritunl's People

Contributors

Stargazers

Watchers

docker-pritunl's Issues

Lets Encrypt cert generation fails

When I try to generate a SSL certificate for a new install, I get the following error:

File "/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/acme_tiny.py", line 111, in get_crt

ValueError: Error registering: 400 { 
"type": "urn:acme:error:malformed",
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
"status": 400

Missing info in documentation on why privileged mode is needed

Possibility to provide arm64 compatible docker image?

I was wondering if it would be possible to provide a Docker image that would be compatible for servers using the arm64 architecture?

I am not an expert in this field, so I am not sure if this would be technically possible.

openvpn fails: key too small

finally managed to upgrade mongodb, unfortunately openvpn seems to fail with the latest-focal image, seeing this repeating in the server output:

[thawing-plains-2188] 2022-09-12 13:47:02 ERROR Management socket exception
[thawing-plains-2188] Mon Sep 12 13:47:02 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
[thawing-plains-2188] Mon Sep 12 13:47:02 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
[thawing-plains-2188] Mon Sep 12 13:47:02 2022 OpenSSL: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
[thawing-plains-2188] Mon Sep 12 13:47:02 2022 SSL_CTX_set_tmp_dh
[thawing-plains-2188] Mon Sep 12 13:47:02 2022 Exiting due to fatal error

does that suggest that letsencrypt can't do its thing or the missing /var/lib/pritunl/pritunl.key and /var/lib/pritunl/pritunl.crt could be to blame?

ps: can you set pritunl to only use wireguard?

Cant start server

I followed your docker compose.yaml file and I get this in the logs.. seems I cant get away from this error docker install or not::

mknod: /dev/net/tun: Operation not permitted

Removing the need to create pritunl.conf before running the container for the first time

Is it not possible to move the pritunl.conf file to its own directory so that it doesn't have to be manually created before running this container for the first time? Since Docker doesn't (yet?) allow container single files to be copied to the host, this is necessary since pritunl.conf is in /etc/ with a bunch of other files that we're not interested in making persistent.

wireguard cannot work by docker

logs:

[patient-thunder-4691][2023-02-28 14:42:05,478][ERROR] Failed to check notifications
Traceback (most recent call last):
File "/usr/lib/python3.8/urllib/request.py", line 1354, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/lib/python3.8/http/client.py", line 1256, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1302, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1251, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1011, in _send_output
self.send(msg)
File "/usr/lib/python3.8/http/client.py", line 951, in send
self.connect()
File "/usr/lib/python3.8/http/client.py", line 1418, in connect
super().connect()
File "/usr/lib/python3.8/http/client.py", line 922, in connect
self.sock = self._create_connection(
File "/usr/lib/python3.8/socket.py", line 787, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/runners/updates.py", line 25, in _check_updates
response = urllib.request.urlopen(request, timeout=60)
File "/usr/lib/python3.8/urllib/request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.8/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/usr/lib/python3.8/urllib/request.py", line 542, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/lib/python3.8/urllib/request.py", line 1397, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/lib/python3.8/urllib/request.py", line 1357, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno -3] Temporary failure in name resolution>
[patient-thunder-4691][2023-02-28 14:42:05,484][WARNING] Failed to get public ip address
[patient-thunder-4691][2023-02-28 14:42:05,703][INFO] Starting server
selinux_context = "none"
[patient-thunder-4691][2023-02-28 14:42:05,703][INFO] Generating server certificate...
[patient-thunder-4691][2023-02-28 14:42:07,222][INFO] Retrying get public ip address
[patient-thunder-4691][2023-02-28 14:42:10,227][INFO] Retrying get public ip address
[patient-thunder-4691][2023-02-28 14:42:13,231][INFO] Retrying get public ip address
[patient-thunder-4691][2023-02-28 14:42:16,233][INFO] Retrying get public ip address
[patient-thunder-4691][2023-02-28 14:42:16,235][WARNING] Failed to get public ip address
[patient-thunder-4691][2023-02-28 14:44:41,007][INFO] Starting vpn server
server_id = "63fda2cd63b1bd184972bd12"
instance_id = "63fda2d963b1bd184972bd27"
instances = []
instances_count = 0
route_count = 1
network = "10.8.0.0/24"
network6 = "fd00:a080::/64"
dynamic_firewall = false
host_id = "add784af049f44bc9a79768b56049f0b"
host_address = "192.168.0.10"
host_address6 = "fe80::c9e5:d139:ca9f:7b83"
host_networks = ["192.168.0.0/22", "172.17.0.0/16"]
cur_timestamp = "2023-02-28 06:44:41.007481"
libipt = false
[patient-thunder-4691][2023-02-28 14:44:41,594][ERROR] Failed to add wg interface
Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1306, in start_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 223, in check_output_logged
raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['ip', 'link', 'add', 'dev', 'wg0', 'type', 'wireguard']' returned non-zero exit status 2.
server_id = "63fda2cd63b1bd184972bd12"
[patient-thunder-4691][2023-02-28 14:44:41,595][ERROR] Popen returned error exit code
cmd = ["ip", "link", "add", "dev", "wg0", "type", "wireguard"]
return_code = 2
Process stderr:
RTNETLINK answers: Operation not supported
Traceback (most recent call last):
File "/usr/lib/python3.8/threading.py", line 890, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1650, in _run_thread
self.start_wg()
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1306, in start_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 216, in check_output_logged
logger.error('Popen returned error exit code', 'utils',
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/logger/init.py", line 55, in error
kwargs['traceback'] = traceback.format_stack()
[patient-thunder-4691][2023-02-28 14:44:41,613][ERROR] Server error occurred while running
Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1650, in _run_thread
self.start_wg()
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1306, in start_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 223, in check_output_logged
raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['ip', 'link', 'add', 'dev', 'wg0', 'type', 'wireguard']' returned non-zero exit status 2.
server_id = "63fda2cd63b1bd184972bd12"
instance_id = "63fda2d963b1bd184972bd27"
[patient-thunder-4691][2023-02-28 14:44:41,984][ERROR] Failed to stop wg interface
Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1385, in stop_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 223, in check_output_logged
raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['ip', 'link', 'set', 'wg0', 'down']' returned non-zero exit status 1.
server_id = "63fda2cd63b1bd184972bd12"
[patient-thunder-4691][2023-02-28 14:44:41,985][ERROR] Popen returned error exit code
cmd = ["ip", "link", "set", "wg0", "down"]
return_code = 1
Process stderr:
Cannot find device "wg0"
Traceback (most recent call last):
File "/usr/lib/python3.8/threading.py", line 890, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1831, in _run_thread
self.stop_wg()
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1385, in stop_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 216, in check_output_logged
logger.error('Popen returned error exit code', 'utils',
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/logger/init.py", line 55, in error
kwargs['traceback'] = traceback.format_stack()
[patient-thunder-4691][2023-02-28 14:44:42,000][ERROR] Failed to del wg interface
Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1395, in stop_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 223, in check_output_logged
raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['ip', 'link', 'del', 'dev', 'wg0']' returned non-zero exit status 1.
server_id = "63fda2cd63b1bd184972bd12"
[patient-thunder-4691][2023-02-28 14:44:42,001][ERROR] Popen returned error exit code
cmd = ["ip", "link", "del", "dev", "wg0"]
return_code = 1
Process stderr:
Cannot find device "wg0"
Traceback (most recent call last):
File "/usr/lib/python3.8/threading.py", line 890, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1831, in _run_thread
self.stop_wg()
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1395, in stop_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 216, in check_output_logged
logger.error('Popen returned error exit code', 'utils',
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/logger/init.py", line 55, in error
kwargs['traceback'] = traceback.format_stack()
[patient-thunder-4691][2023-02-28 14:45:00,592][INFO] Starting vpn server
server_id = "63fda2cd63b1bd184972bd12"
instance_id = "63fda2ec63b1bd184972bd44"
instances = []
instances_count = 0
route_count = 1
network = "10.8.0.0/24"
network6 = "fd00:a080::/64"
dynamic_firewall = false
host_id = "add784af049f44bc9a79768b56049f0b"
host_address = "192.168.0.10"
host_address6 = "fe80::c9e5:d139:ca9f:7b83"
host_networks = ["192.168.0.0/22", "172.17.0.0/16"]
cur_timestamp = "2023-02-28 06:45:00.591786"
libipt = false
[patient-thunder-4691][2023-02-28 14:45:01,210][ERROR] Failed to add wg interface
Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1306, in start_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 223, in check_output_logged
raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['ip', 'link', 'add', 'dev', 'wg1', 'type', 'wireguard']' returned non-zero exit status 2.
server_id = "63fda2cd63b1bd184972bd12"
[patient-thunder-4691][2023-02-28 14:45:01,211][ERROR] Popen returned error exit code
cmd = ["ip", "link", "add", "dev", "wg1", "type", "wireguard"]
return_code = 2
Process stderr:
RTNETLINK answers: Operation not supported
Traceback (most recent call last):
File "/usr/lib/python3.8/threading.py", line 890, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1650, in _run_thread
self.start_wg()
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1306, in start_wg
utils.check_output_logged([
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 216, in check_output_logged
logger.error('Popen returned error exit code', 'utils',
File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/logger/init.py", line 55, in error
kwargs['traceback'] = traceback.format_stack()

pritunl default password was not exist

This yaml file only i deployed in my machine which is working fine but i can't see an option with "default-password"
I think it's due to version issue

Configurable config file location

It would be really helpful if it would be possible to control where the configuration file is located. That way you could mount a volume at /etc/pritunl without interfering with the entire /etc folder. Mounting a volume instead of the config file directly would make it easier to use this image in a docker-compose stack.

recommended mongodb migration

what is a recommended way to upgrade to the latest tag? noticed mongodb has changed versions and it currently does not start using old volume files

Mongo version

Hi! Hello! Could you update the mongo version in your project? Now version - 3.2 .
I need to learn how to backup Mongo Atlas via docker-compose .
Ty

EXPOSE 1194/udp missing

I couldn't get UDP working on 1194 despite forwarding 1194/udp, but it works after exposing 1194/udp. I am guessing that because it has EXPOSE 1194 it doesn't automatically expose 1194/udp.

Do we need to pass pritunl volume?

I am facing certain problems when I didn't pass pritunl volume(/var/lib/pritunl) while recovering after a server crash.
Does pritunl need persistent file system?

Failing build

Noticed recent builds on dockerhub are failing, tried it myself and saw the same thing. Here's why:

Step 3/9 : RUN locale-gen en_US en_US.UTF-8     && dpkg-reconfigure locales     && ln -sf /usr/share/zoneinfo/UTC /etc/localtime     && echo 'deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse' > /etc/apt/sources.list.d/mongodb-org-3.2.list     && echo 'deb http://repo.pritunl.com/stable/apt xenial main' > /etc/apt/sources.list.d/pritunl.list     && apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 42F3E95A2C4F08279C4960ADD68FA50FEA312927     && apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A     && apt-get update -q     && apt-get upgrade -y -q     && apt-get dist-upgrade -y -q     && apt-get -y install pritunl mongodb-org iptables     && apt-get clean     && apt-get -y -q autoclean     && apt-get -y -q autoremove     && rm -rf /tmp/*
 ---> Running in e01856bda59b
/bin/sh: 1: locale-gen: not found

I'll look into it, just wanted to capture the issue first.

`docker logs ..` not working

[ERROR] Popen returned error exit code

Hello, I am getting this error after i have upgraded to image a9aa1d2a63efc7f58340d78547086b7fd1a1c445b09b0d3fa772276f2465a8e7 since upgrade i could not make pritunl work i have tried delete my volumes and pull the image but i have ended up with same results. i am running Alpine Linux v3.18 with kernel 6.1.32-0-lts docker version 24.0.2 and docker compose v2.18.1. the whole error looks like this:

[undefined][2023-06-12 09:34:20,858][INFO] Starting setup server
[undefined][2023-06-12 09:34:20,875][INFO] Generating setup server ssl cert
[ancient-plateau-4428][2023-06-12 09:34:26,484][INFO] Starting server
  selinux_context = "none"
[ancient-plateau-4428][2023-06-12 09:34:26,485][INFO] Generating server certificate...
[ancient-plateau-4428][2023-06-12 09:37:39,803][INFO] Starting vpn server
  server_id        = "6486e75b41761be5a0330eaf"
  instance_id      = "6486e76341761be5a0330ebf"
  instances        = []
  instances_count  = 0
  route_count      = 1
  network          = "192.168.237.0/24"
  network6         = "fd00:c0a8:ed00::/64"
  dynamic_firewall = false
  host_id          = "4e1aa29eab8b497eaa243f66b02f7e35"
  host_address     = "192.168.48.2"
  host_address6    = null
  host_networks    = ["192.168.48.0/20"]
  cur_timestamp    = "2023-06-12 09:37:39.802316"
  libipt           = false
[ancient-plateau-4428][2023-06-12 09:37:40,683][ERROR] Popen returned error exit code
  cmd         = ["iptables", "-I", "INPUT", "-i", "tun0", "-j", "ACCEPT", "-m", "comment", "--comment", "pritunl-6486e75b41761be5a0330eaf"]
  timeout     = 15
  return_code = 3
Process stderr:
  modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.1.32-0-lts
  iptables v1.6.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
  Perhaps iptables or your kernel needs to be upgraded.
Traceback (most recent call last):
  File "/usr/lib/python3.6/threading.py", line 884, in _bootstrap
    self._bootstrap_inner()
  File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/server/instance.py", line 1582, in _run_thread
    self.iptables.upsert_rules()
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1411, in upsert_rules
    self._insert_iptables_rule(rule, tables=tables)
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1229, in _insert_iptables_rule
    return self._insert_iptables_rule_cmd(rule, ipv6)
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1213, in _insert_iptables_rule_cmd
    ).run(15)
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/utils/proc.py", line 85, in run
    stderr=self._stderrdata,
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/logger/__init__.py", line 55, in error
    kwargs['traceback'] = traceback.format_stack()
[ancient-plateau-4428][2023-06-12 09:37:40,686][ERROR] Failed to insert iptables rule, retrying...
  rule = ["INPUT", "-i", "tun0", "-j", "ACCEPT", "-m", "comment", "--comment", "pritunl-6486e75b41761be5a0330eaf"]
Traceback (most recent call last):
  File "/usr/lib/python3.6/threading.py", line 884, in _bootstrap
    self._bootstrap_inner()
  File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/server/instance.py", line 1582, in _run_thread
    self.iptables.upsert_rules()
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1411, in upsert_rules
    self._insert_iptables_rule(rule, tables=tables)
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1229, in _insert_iptables_rule
    return self._insert_iptables_rule_cmd(rule, ipv6)
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1221, in _insert_iptables_rule_cmd
    rule=rule,
  File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/logger/__init__.py", line 55, in error
    kwargs['traceback'] = traceback.format_stack()
[ancient-plateau-4428][2023-06-12 09:37:41,216][ERROR] Popen returned error exit code
  cmd         = ["iptables", "-I", "INPUT", "-i", "tun0", "-j", "ACCEPT", "-m", "comment", "--comment", "pritunl-6486e75b41761be5a0330eaf"]
  timeout     = 15
  return_code = 3

and then it is stuck in a loop

my docker compose file looks like this:

version: '3.4'
services:
  pritunl:
    container_name: pritunl
    image: ghcr.io/jippi/docker-pritunl
    restart: unless-stopped
    privileged: true
    ports:
      - '420:443'
      - '1194:1194'
      - '1194:1194/udp'
    dns:
      - 1.1.1.1
    volumes:
      - 'conf:/etc/'
      - 'data:/var/lib/pritunl'
      - 'db:/var/lib/mongodb'

volumes:
  conf:
  data:
  db:

please help i can provide additional related information just ask.

Update to recent version

Can we upgrade the Dockerfile such that it installs a recent version?

Focal builds do not install mongodb

Then using the embedded mongodb, the volume does not populate with mongodb files.
By just switching to latest from latest-focal mongodb files are populated.

wireguard support

pritunl now add wireguard option but your image does not implement that.
update it please.

Clarify privileged requirement

Could you please clarify in the documentation why it's required to run this container privileged? I just tried running it without and it seems to work up to the point where you start the server. At that point it looks like nothing happens (although no error message is shown). I'd prefer to keep the number of privileged containers to a minimum so I'd like to know why this is a requirement and if there's any way around it.

Cannot Start after Deployment

Hello. I deployed via docker compose. The container created successfully but only one line of log is showing:
No log line matching the '' filter

Files in the volumes looks correct.
│   ├── index-55-7996217468716057611.wt
│   ├── index-57-7996217468716057611.wt
│   ├── index-5-7996217468716057611.wt
│   ├── index-58-7996217468716057611.wt
│   ├── index-59-7996217468716057611.wt
│   ├── index-60-7996217468716057611.wt
│   ├── index-61-7996217468716057611.wt
│   ├── index-62-7996217468716057611.wt
│   ├── index-64-7996217468716057611.wt
│   ├── index-65-7996217468716057611.wt
│   ├── index-66-7996217468716057611.wt
│   ├── index-67-7996217468716057611.wt
│   ├── index-6-7996217468716057611.wt
│   ├── index-69-7996217468716057611.wt
│   ├── index-70-7996217468716057611.wt
│   ├── index-71-7996217468716057611.wt
│   ├── index-73-7996217468716057611.wt
│   ├── index-74-7996217468716057611.wt
│   ├── index-76-7996217468716057611.wt
│   ├── index-77-7996217468716057611.wt
│   ├── index-79-7996217468716057611.wt
│   ├── index-80-7996217468716057611.wt
│   ├── index-81-7996217468716057611.wt
│   ├── index-83-7996217468716057611.wt
│   ├── index-84-7996217468716057611.wt
│   ├── index-86-7996217468716057611.wt
│   ├── index-87-7996217468716057611.wt
│   ├── index-8-7996217468716057611.wt
│   ├── index-89-7996217468716057611.wt
│   ├── index-90-7996217468716057611.wt
│   ├── index-92-7996217468716057611.wt
│   ├── index-93-7996217468716057611.wt
│   ├── index-94-7996217468716057611.wt
│   ├── index-95-7996217468716057611.wt
│   ├── index-97-7996217468716057611.wt
│   ├── index-98-7996217468716057611.wt
│   ├── index-99-7996217468716057611.wt
│   ├── journal [error opening dir]
│   ├── _mdb_catalog.wt
│   ├── mongod.lock
│   ├── sizeStorer.wt
│   ├── storage.bson
│   ├── WiredTiger
│   ├── WiredTigerHS.wt
│   ├── WiredTiger.lock
│   ├── WiredTiger.turtle
│   └── WiredTiger.wt
├── pritunl
│   ├── pritunl.uuid
│   └── setup_key
└── pritunl.conf

version: '3.3'
services:
pritunl:
container_name: pritunl
image: ghcr.io/jippi/docker-pritunl
restart: unless-stopped
privileged: true
ports:
- '1080:80'
- '1443:443'
- '1194:1194'
- '1194:1194/udp'
dns:
- 127.0.0.1
volumes:
- '/home/administrator/pritunl/data/pritunl.conf:/etc/pritunl.conf'
- '/home/administrator/pritunl/data/pritunl:/var/lib/pritunl'
- '/home/administrator/pritunl/data/mongodb:/var/lib/mongodb'

Please help!

MongoDB upgrade 5.0 -> 6.0

If I want to switch from latest-focal tag to latest tag do I need to upgrade the existing Mongo DB from 5.0 -> 6.0 manually? The readme only specifies upgrades up to 5.0

Thanks

访问web报错ERR_CONNECTION_REFUSED

访问443