Turul can only be used with a redirector, as it operates behind a mesh VPN. As such serverless redirectors, nginx deployments and other solutions therefore need to be able to implement the specific mesh VPN protocol that we use in order to relay traffic to the actual server C2 which for compliance and other reasons is never hosted in the cloud.

When discussing a redirector, we are referring to a system that proxies select traffic to the C2 server. Below, we provide a guide on setting up a redirector with Nginx. However, it's worth noting that this is just one (easy) method, and there are several others that can be used, as long as tailscale VPN can be installed on the system or implemented programmatically.

Redirector Example Using Nginx

To set up a redirector using Nginx, we recommend using a simple Ubuntu server, which you can easily and quickly set up, for example, on Azure. Once you have successfully set up the server and SSH into it, use the following command to install Nginx:

sudo apt update

sudo apt install nginx

For the redirector, you will need three certificates: turul_chain.pem, your domain's fullchain.pem, and privkey.pem.

The turul_chain.pem file can be obtained from the server.

The fullchain.pem and privkey.pem files are your certificates for your domain, which you can easily generate using certbot with the following command (DNS challenge):

sudo certbot certonly --manual -d "YOUR_DOMAIN" --agree-tos --email YOUR_EMAIL --preferred-challenges dns

Once you have obtained the mentioned certificates, navigate to /etc/nginx/sites-enabled and create a file that will contain the configuration for the HTTPS traffic.

cd /etc/nginx/sites-enabled

sudo nano https_config.conf

server {
   listen 443 ssl;

   location / {
      proxy_pass https://SOME_DOMAIN$request_uri;

   ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
   server_tokens off;

   location URI_FOR_GET {
      proxy_pass https://TURUL_SERVER_IP:TURUL_LISTENER_PORT/checkin;
      proxy_ssl_trusted_certificate /home/redirector_admin/turul-chain.pem;
      proxy_ssl_verify off;

   location URI_FOR_POST {
      proxy_pass https://TURUL_SERVER_IP:TURUL_LISTENER_PORT/result;
      proxy_ssl_trusted_certificate /home/redirector_admin/turul-chain.pem;
      proxy_ssl_verify off;

   location ~ /\.ht {
       deny all;

Now, you just need to install the Tailscale VPN on the server and then the traffic will be forwarded through Tailscale to the on prem C2 server backend and also the backend will relay over Tailscale the data for implant generation. Setting up Ubuntu and Tailscale is easy with the below link.

As discussed Turul will have implementations of automated redirector deployment available in the UI, leveraging traditional VPS based infrastructure, but also Content Delivery Networks such as Azure, Netlify, and also the ability to deploy serverless Javascript based endpoints that progammitcally push through Trailscale and do redirector actions. Stay tuned for more.

Last updated