Pritunl VPN server Thanh Nguyen

Setup - Link: https://docs.pritunl.com/docs/installation#aws-install\ - Setup mongodb with authentication - Setup pritunl server - Setup nginx - Setup https with letsencrypt (certbot)

Setup mongodb with authentication - Link: https://docs.pritunl.com/docs/securing-mongodb - https://docs.pritunl.com/docs/securing-mongodb#create-pritunl- user - https://docs.pritunl.com/docs/securing-mongodb#connecting-to- mongodb - Using `history` command to watch how to set up - Backup mongodb: mongodump --username --password -d pritunl -o - Restore mongodb: mongorestore -d pritunl

Setup pritunl server - Link: https://docs.pritunl.com/docs/configuration-5 - Mongodb connection string: mongodb://:@localhost:27017/pritunl - If using certbot nginx, you must to change port: sudo pritunl set app.redirect_server false sudo pritunl set app.reverse_proxy true sudo pritunl set app.server_ssl false sudo pritunl set app.server_port 8080

Setup nginx and https - Link: https://www.nginx.com/blog/using-free-ssltls-certificates-from- lets-encrypt-with-nginx/ - See at `/etc/nginx/nginx.conf` sudo certbot --nginx -d sudo crontab -e Add a new line: `0 12 * * * /usr/bin/certbot renew --quiet`

Nginx.conf location / { proxy_pass https://localhost:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; }

Fix reverse https At /usr/lib/pritunl/lib/python3.8/site-packages/pritunl/app.py server_cert_path = '/etc/letsencrypt/live/vpn.util4dev.xyz/cert.pem' server_key_path = '/etc/letsencrypt/live/vpn.util4dev.xyz/privkey.pem'

Practices - Add a new user, organization - Create a server in pritunl admin -> open udp port in security group - Failure server or extend -> create a new server from AMI - Trace logs to fix errors about connectivity