mirror of https://github.com/wg-easy/wg-easy
Browse Source
* Improve documentation on password hash * Change branch name * Add single quote docker run info * Tag versions, docker run version * separate docker run and compose --------- Co-authored-by: Bernd Storath <32197462+kaaax0815@users.noreply.github.com>v14 v14.0.0
Lucas Rattz
2 months ago
committed by
GitHub
GitHub
2 changed files with 35 additions and 18 deletions
@ -1,28 +1,45 @@ |
|||
# wg-password |
|||
# Generating bcrypt-hashed password |
|||
|
|||
`wg-password` (wgpw) is a script that generates bcrypt password hashes for use with `wg-easy`, enhancing security by requiring passwords. |
|||
With version 14 of wg-easy, a password hashed with bcrypt is needed instead of the plain-text password string. This doc explains how to generate the hash based on a plain-text password. |
|||
|
|||
## Features |
|||
## Using Docker + node |
|||
|
|||
- Generate bcrypt password hashes. |
|||
- Easily integrate with `wg-easy` to enforce password requirements. |
|||
- You are using docker compose |
|||
|
|||
## Usage with Docker |
|||
The easiest way to generate a bcrypt password hash with wgpw is using docker and node: |
|||
|
|||
To generate a bcrypt password hash using docker, run the following command : |
|||
```sh |
|||
docker run ghcr.io/wg-easy/wg-easy:14 node -e 'const bcrypt = require("bcryptjs"); const hash = bcrypt.hashSync("YOUR_PASSWORD", 10); console.log(hash.replace(/\$/g, "$$$$"));' |
|||
``` |
|||
|
|||
The hashed password will get printed on your terminal. Copy it and use on the `PASSWORD_HASH` environment variable in your docker compose. |
|||
|
|||
- You are using `docker run` |
|||
|
|||
If you are using `docker run` for running wg-easy, you must enclose the hash string in single quotes (`'...'`). You can use this command: |
|||
|
|||
```sh |
|||
docker run --rm ghcr.io/wg-easy/wg-easy:14 node -e "const bcrypt = require('bcryptjs'); const hash = bcrypt.hashSync('YOUR_PASSWORD', 10); console.log('\'' + hash + '\'');" |
|||
``` |
|||
|
|||
The hashed password will get printed on your terminal. Copy it and use on the `PASSWORD_HASH` environment variable in your docker run command. |
|||
|
|||
## Using Docker + wgpw |
|||
|
|||
`wg-password` (wgpw) is a script that generates bcrypt password hashes. You can use it with docker: |
|||
|
|||
```sh |
|||
docker run ghcr.io/wg-easy/wg-easy:14 wgpw YOUR_PASSWORD |
|||
``` |
|||
|
|||
You will see an output similar to this: |
|||
|
|||
```sh |
|||
docker run ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD |
|||
PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD |
|||
PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' |
|||
``` |
|||
|
|||
*Important* : make sure to enclose your password in single quotes when you run `docker run` command : |
|||
In this example, the `$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW` string is your hashed password. For using it with docker-compose, you need to escape each `$` characters by adding another `$` before them, or they will get interpreted as variables. The final password you can use in docker-compose will look like this: |
|||
|
|||
```bash |
|||
$ echo $2b$12$coPqCsPtcF |
|||
b2 |
|||
$ echo "$2b$12$coPqCsPtcF" |
|||
b2 |
|||
$ echo '$2b$12$coPqCsPtcF' |
|||
$2b$12$coPqCsPtcF |
|||
```sh |
|||
$$2b$$12$$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW |
|||
``` |
|||
|
|||
Loading…
Reference in new issue