I haven’t been able to find much information on this but from what I’ve found it looks like you have to pay in order to install a custom SSL certificate for the Pritunl web interface. You get a self signed certificate when you install Pritunl but I’m sure most people that do that want a valid certificate, even if it’s just for a small server running in a closet.
I’m using Pritunl just to access my internal network when I’m outside of my apartment, so I have one user and one server setup. Not a huge operation that could justify to pay what they are asking. But I still would like to use the web interface without SSL warnings. So I setup a reverse proxy in front of Pritunl and here is how I did it.
I’m going to assume some basic knowledge so I won’t go very deep on each step. If there is a step that you think needs clarification please leave a comment below.
I used Centos 7 when I wrote this guide.
- First you need to change which port Pritunl web listens on, you can do that by editing the following file:
/etc/pritunl.conf
- Change
bind_addr
tolocalhost
. - Change
port
to a port number of your choosing and save the file. I’m going to use the port number 1234 as an example in this guide but you should replace it with whatever port you chose. - Next restart Pritunl:
systemctl restart pritunl
- You should now not be able to access the web interface anymore using your web browser. Even if you go to
https://domain.name:1234
- But you should be able to access it using curl directly on the server with the following command:
curl -k https://localhost:1234/login
- Install Nginx but don’t start it yet.
- When the installation is done add the following file (replace domain.name with your domain name):
/etc/nginx/conf.d/domain.name.conf
- Add the following to the file and replace
domain.name
with your domain name.server { listen 80; server_name domain.name; return 301 https://$host$request_uri; } server { listen 443; server_name domain.name; ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; access_log /var/log/nginx/domain.name.access.log; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://localhost:1234; proxy_read_timeout 90; } }
- After
proxy_pass
replace1234
with the port you chose for the Pritunl web interface. - Create the directory:
/etc/nginx/ssl
- Create the
cert.crt
andcert.key
files in/etc/nginx/ssl
and add the certificate and key for your domain name. - Now start Nginx:
systemctl start nginx
- And enable it so it will start when the server starts:
systemctl enable nginx
- You should now be able to navigate to the Pritunl web interface again and this time with a valid SSL certificate!