version: '3.3'
services:
pritunl:
container_name: pritunlnew
image: ghcr.io/jippi/docker-pritunl
restart: unless-stopped
privileged: true
environment:
TZ: 'Asia/Shanghai'
dns:
- 127.0.0.1
volumes:
- './data/pritunl.conf:/etc/pritunl.conf'
- './data/pritunl:/var/lib/pritunl'
- './data/mongodb:/var/lib/mongodb'
ports:
- '10445:10445/tcp'
- '10445:10445/udp'
- '10444:80/tcp'
- '10443:443/tcp'
启动时需要提前新建
touch ./data/pritunl.conf
ECS 白名单添加 10443/10445 TCP
ECSfirewall 添加
firewall-cmd --zone=public --add-port=10445/tcp --permanent
firewall-cmd --zone=public --add-port=10444/tcp --permanent
firewall-cmd --zone=public --add-port=10443/tcp --permanent
firewall-cmd --reload
docker exec pritunlnew pritunl default-password
1:改密码、填写服务器地址
2:添加组
3:新建server 修改TCP 10445
选择高级 勾选复选前两个 100 100 256 256
删除0.0.0.0 添加内网 网段/16
4:新建用户
5:下载用户
6:登录测试
[root@pritunlnew]# firewall-cmd --list-all
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'docker' (see --get-active-zones)
You most likely need to use --zone=docker option.
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 10445/udp 10445/tcp 10444/tcp 10443/tcp 22/tcp 80/tcp 443/tcp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
vm.swappiness = 0
kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_forward = 1
fs.file-max = 6553500
vm.overcommit_memory = 1
net.ipv4.tcp_mem = 786432 2097152 3145728
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216
firewall-cmd --list-all
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
yum remove iptables-services
udp 不稳定 切换tcp
评论区