侧边栏壁纸
博主头像
laoliyun

生活总是这样,不能叫人处处都满意,但我们还要热情地活下去,人活一生值得爱的东西很多,不要因为一个不满意就灰心。

  • 累计撰写 133 篇文章
  • 累计创建 44 个标签
  • 累计收到 0 条评论
标签搜索

目 录CONTENT

文章目录

2024-03-11-09-26-24

laoliyun
laoliyun
2024-03-11 / 0 评论 / 0 点赞 / 318 阅读 / 451 字
温馨提示:
本文最后更新于 2024-03-11,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。 
version: '3.3'
services:
    pritunl:
        container_name: pritunlnew
        image: ghcr.io/jippi/docker-pritunl
        restart: unless-stopped
        privileged: true
        environment:
          TZ: 'Asia/Shanghai'
        dns:
            - 127.0.0.1
        volumes:
            - './data/pritunl.conf:/etc/pritunl.conf'
            - './data/pritunl:/var/lib/pritunl'
            - './data/mongodb:/var/lib/mongodb'
        ports:
            - '10445:10445/tcp'
            - '10445:10445/udp'
            - '10444:80/tcp'
            - '10443:443/tcp'

启动时需要提前新建
touch ./data/pritunl.conf

ECS 白名单添加 10443/10445 TCP

ECSfirewall 添加 
firewall-cmd --zone=public --add-port=10445/tcp --permanent
firewall-cmd --zone=public --add-port=10444/tcp --permanent
firewall-cmd --zone=public --add-port=10443/tcp --permanent
firewall-cmd --reload

docker exec pritunlnew pritunl default-password

1:改密码、填写服务器地址
2:添加组
3:新建server 修改TCP 10445
选择高级 勾选复选前两个 100 100 256 256
删除0.0.0.0 添加内网 网段/16
4:新建用户
5:下载用户
6:登录测试

[root@pritunlnew]# firewall-cmd --list-all
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'docker' (see --get-active-zones)
You most likely need to use --zone=docker option.

public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 10445/udp 10445/tcp 10444/tcp 10443/tcp 22/tcp 80/tcp 443/tcp 
  protocols: 
  masquerade: yes
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 


vm.swappiness = 0
kernel.sysrq = 1

net.ipv4.neigh.default.gc_stale_time = 120

# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2

# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0

net.ipv4.ip_forward = 1
fs.file-max = 6553500
vm.overcommit_memory = 1
net.ipv4.tcp_mem = 786432 2097152 3145728
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216


firewall-cmd --list-all
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload


yum remove iptables-services

udp 不稳定 切换tcp

0
  1. qrcode alipay
  2. qrcode weixin
版权归属: laoliyun
本文链接: https://www.laoliyun.com/archives/2024-03-11-09-26-24
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权

评论区