# Physical Host

## Install AlmaLinux 10 with Pritunl Boot

**\[Optional]** [**Pritunl Boot**](https://boot.pritunl.com/) **is an iPXE based tool allowing interactive RHEL based distribution installations through a web application. This is convenient for servers that do not have easy physical access or for doing fast installs to multiple hosts. Alternatively the distribution can be installed with a traditional iso then skip to the next section.**

First download the iPXE iso, some systems include iPXE support but this is often missing HTTPS support. The Pritunl provided iPXE is compiled with UEFI and HTTPS support. Using the commands below write the iPXE iso to a USB device.

```shellscript
wget https://pxe.pritunl.com/ipxe.iso
echo "65c60cffe1f578ffa7ce909e3e1ac57fe7eae241cf274194b45d19c89f7391de  ipxe.iso" | sha256sum -c -
sudo dd bs=4M status=progress oflag=direct if=ipxe.iso of=/dev/usb0
```

Secure Boot will need to be disabled to boot iPXE, it can be enabled after the distribution installation is complete. Boot the USB with UEFI and continue press `ctrl+b` until the command prompt is shown. It will iterate through network devices attempting to configure a network boot. This can be skipped by pressing `ctrl+c` once for each network interface follow immediately by `ctrl+b`. Once in the command prompt run `ifstat` then `ifopen <iface>` for the interface that will be used. If the correct interface can't be determined run the command for all the interfaces then run `dhcp` otherwise run `dhcp <iface>` to assign an IP to the interface.

<figure><img src="/files/OfcPA1z0OQ1B9SS2KLTN" alt="" width="563"><figcaption></figcaption></figure>

Open [**Pritunl Boot**](https://boot.pritunl.com/) and select an operating system. For this example AlmaLinux 10 will be used. Then enable the *iPXE HTTPS Support* and paste SSH keys into the field. The install will only allow SSH authentication under the username `cloud` the root account will be disabled.

<figure><img src="/files/0htrnI64eb8nw3SdqQ81" alt="" width="339"><figcaption></figcaption></figure>

Once done click *Generate iPXE Install* this will then display a *iPXE Chain URL*. This will be used in the next step.

<figure><img src="/files/LJj48tBJBhICDVAbiLyh" alt="" width="339"><figcaption></figcaption></figure>

Back on the system enter `chain <ipxe_url>` into the prompt. This will load the iPXE configuration and start the installation.

<figure><img src="/files/SKEbgoo7RB1f4DADX0v7" alt="" width="563"><figcaption></figcaption></figure>

The system will then download the distributions kernel images to boot into the installer, this can take several minutes to complete. The Kickstart install script will then send the system information back to Pritunl Boot and it will be displayed on the page to configure the installation. Once this has loaded select the install disks and partition size. Both a public and private network configuration can be included, if the system is only running on a private LAN this configuration should go in the public network. The correct interface should be selected based on the interface displayed with an IP address assigned. When the configuration is completed click *Start Install*. **If this does not load refer to the readme in the** [**Pritunl Boot Repository**](https://github.com/pritunl/pritunl-boot) **for more information on debugging.**

<figure><img src="/files/QCxuFzEYOfNZe2sEY10n" alt="" width="338"><figcaption></figcaption></figure>

This will then send the configuration to the installer and the installation will begin.

<figure><img src="/files/Dz5GCWw2PNuHUZK5hEjB" alt="" width="563"><figcaption></figcaption></figure>

The Pritunl Boot page will display the current installation stage the system is on until it completes and the message below is shown.&#x20;

<figure><img src="/files/bFVLdbt2Rf3WoOb5S8Wb" alt="" width="339"><figcaption></figcaption></figure>

## Install MongoDB

This configuration will run MongoDB inside a Podman Quadlet container using [**pritunl/toolbox/mongodb-container**](https://github.com/pritunl/toolbox/tree/master/mongodb-container). This is helpful for isolating the database and controlling resource consumption. Multi host production systems should consider using a replica set. Although the software is designed to keep all virtual machines functioning even if the primary `pritunl-cloud` process is stopped or connection to the database is lost. Any changes made to the system state will be applied when connectivity is restored.

```sh
sudo dnf -y install git-core podman

git clone https://github.com/pritunl/toolbox.git
cd toolbox/mongodb-container
sudo podman build --rm --no-cache --pull -t mongo .
cd

sudo mkdir /var/lib/mongo
sudo chown 277:277 /var/lib/mongo
sudo tee /etc/containers/systemd/mongodb-podman.container << EOF
[Unit]
Description=MongoDB Podman Service

[Container]
Image=localhost/mongo
ContainerName=mongodb
Environment=DB_NAME=pritunl-cloud
Environment=CACHE_SIZE=1
User=mongodb
Volume=/var/lib/mongo:/data/db:Z
PublishPort=127.0.0.1:27017:27017
PodmanArgs=--cpus=1 --memory=2g

[Service]
Restart=always

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl start mongodb-podman.service

sleep 3
sudo cat /var/lib/mongo/credentials.txt
```

Wait for the database to start and for the credentials to be shown in the `/var/lib/mongo/credentials.txt` file. Then use the commands below to install Pritunl Cloud. On the first run Pritunl Cloud will read from the credentials file if it exists otherwise the database can be configured in `/etc/pritunl-cloud.json`.

## Install Pritunl Cloud

```shell
sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/oraclelinux/10/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF

sudo dnf -y update

sudo dnf -y remove iptables-services
sudo systemctl stop firewalld.service || true
sudo systemctl disable firewalld.service || true

sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
sudo setenforce 0

sudo dnf -y install iptables net-tools ipset ipvsadm xorriso qemu-kvm qemu-img swtpm swtpm-tools
sudo dnf -y install pritunl-cloud
sudo systemctl enable --now pritunl-cloud
```

### Access Web Console

After the installation is complete run the command below to get the default password and use this to login to the web console on the HTTPS port of the server.

```sh
sudo pritunl-cloud default-password
```

Use the provided password to login to the web console at the server public IP.&#x20;

### DHCP Network

**This section is for DHCP networks if the network will use static IP addresses skip to the next section.**

Open the *Nodes* tab. Set both the *Network IPv4 Mode* and if available the *Network IPv6 Mode* to *DHCP*. Remove `pritunlhost0` from the *Internal Interfaces* then add the network interface configured earlier to both the *External Interfaces* and *Internal Interfaces*. The correct interface should show the IP address in the drop down selection. Once done leave all other options unchanged and click *Save*.

<figure><img src="/files/Qrdxibjd4wzho8etyl3t" alt="" width="340"><figcaption></figcaption></figure>

### Static Network

**This section is for static networks if the network will use DHCP IP addresses skip to the next section.**

Open the Blocks tab. Then click *New* and fill in the *Netmask* and *Gateway* for the network. Then add CIDR blocks to the *IP Addresses*. If the CIDR blocks contain the gateway or IP of the Pritunl Cloud server these must be added to *IP Excludes*. Then click *Create*.

<figure><img src="/files/bCcO9d0hagUwcYNDgGRx" alt=""><figcaption></figcaption></figure>

Then in the *Nodes* tab. Set the *Network IPv4 Mode* to *Static*. Remove `pritunlhost0` from the *Internal Interfaces* then add the network interface configured earlier to both the *Internal Interfaces*. Then select the interface and block created earlier in the *External IPv4 Block Attachments*. The correct interface should show the IP address in the drop down selection. Once done leave all other options unchanged and click *Save*.

<figure><img src="/files/NUOrtTmFqYUmiu2Rhn1P" alt="" width="419"><figcaption></figcaption></figure>

### SSH Keys

Then open the *Authorities* tab. These store SSH credentials that will be applied to instances based on matched roles. If an instance has a role that matches the authority role that SSH key will be added to the instance under the `cloud` username. The name of the authority does not change the username it will always be the `cloud` user. Select the pre-created authority and paste your public SSH key in the *SSH Key* field and click *Save*. When creating an instance or pod add the `instance` role to include this SSH key to allow for SSH access.

<figure><img src="/files/zGq1mM4N4p7J7r7Q5031" alt=""><figcaption></figcaption></figure>

### Server Maintenance

The container will automatically configure the database with authentication and store the data in `/var/lib/mongo` The MongoDB shell can be accessed using the command below with the admin password stored in the credentials file. The container also includes an upgrade script that can update the packages in place using the command below.

```sh
# MongoDB Shell
sudo cat /var/lib/mongo/credentials.txt
sudo podman exec -it mongodb bash
mongosh -u admin --authenticationDatabase admin

# MongoDB Upgrade
sudo podman exec -u root mongodb update
sudo podman restart mongodb
```

This completes the configuration for a Pritunl Cloud server on a physical host. The section linked below will explain creating a pod. These sections assumes instance public IPv4 addresses are not available although with this configuration each instance will receive a public IPv4 address.

<table data-view="cards"><thead><tr><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><strong>Simple Web Server Pod</strong></td><td></td><td></td><td><a href="/pages/IRjMJ8dvXq57WrLRk0wT">/pages/IRjMJ8dvXq57WrLRk0wT</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pritunl.com/kb/cloud/platforms/other.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.