Feat improv (#1702)

* add insecure option, link readme to docs * improve docs
5 months ago · 56b3ed1032
11 changed files with 42 additions and 14 deletions
--- a/1
+++ b/1
@ -46,6 +46,7 @@ RUN update-alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tab
 ENV DEBUG=Server,WireGuard,Database,CMD
 ENV PORT=51821
 ENV HOST=0.0.0.0
+ENV INSECURE=false

 LABEL org.opencontainers.image.source=https://github.com/wg-easy/wg-easy

--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -26,6 +26,7 @@ RUN update-alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tab
 ENV DEBUG=Server,WireGuard,Database,CMD
 ENV PORT=51821
 ENV HOST=0.0.0.0
+ENV INSECURE=false

 # Install Dependencies
 COPY src/package.json src/pnpm-lock.yaml ./
--- a/README.md
+++ b/README.md
@ -27,13 +27,18 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
 - Gravatar support.
 - Automatic Light / Dark Mode
 - Multilanguage Support
- Traffic Stats
 - One Time Links
 - Client Expiration
 - Prometheus metrics support
 - IPv6 support
 - CIDR support

+> [!NOTE]
+> To better manage documentation for this project, it has its own site here: [https://wg-easy.github.io/wg-easy/latest](https://wg-easy.github.io/wg-easy/latest)
+
+- [Getting Started](https://wg-easy.github.io/wg-easy/latest/getting-started/)
+- [Basic Installation](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/basic-installation/)
+
 ## Requirements

 - A host with a kernel that supports WireGuard (all modern kernels).
@ -58,11 +63,10 @@ We offer multiple Docker image tags to suit your needs. The table below is in a

 ### 1. Install Docker

-If you haven't installed Docker yet, install it by running:
+If you haven't installed Docker yet, install it by running as root:

 ```shell
 curl -sSL https://get.docker.com | sh
-sudo usermod -aG docker $(whoami)
 exit
 ```

@ -73,9 +77,11 @@ And log in again.
 The easiest way to run WireGuard Easy is with Docker Compose.

 Just download [`docker-compose.yml`](docker-compose.yml), make necessary adjustments and
-execute `docker compose up -d`.
+execute `sudo docker compose up -d`.

-The Web UI will now be available on `http://0.0.0.0:51821`.
+Now setup a reverse proxy to be able to access the Web UI from the internet.
+
+If you want to access the Web UI over HTTP, change the env var `INSECURE` to `true`. This is not recommended. Only use this for testing

 <!-- TOOD: add to docs: Grafana dashboard [21733](https://grafana.com/grafana/dashboards/21733-wireguard/) -->

@ -136,10 +142,11 @@ Maintainer: [Buy kaaax0815 a coffee!](https://github.com/sponsors/kaaax0815) ☕

 These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command.

-| Env    | Default   | Example     | Description                 |
-| ------ | --------- | ----------- | --------------------------- |
-| `PORT` | `51821`   | `6789`      | TCP port for Web UI.        |
-| `HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to. |
+| Env        | Default   | Example     | Description                    |
+| ---------- | --------- | ----------- | ------------------------------ |
+| `PORT`.    | `51821`   | `6789`      | TCP port for Web UI.           |
+| `HOST`     | `0.0.0.0` | `localhost` | IP address web UI binds to.    |
+| `INSECURE` | `false`   | `true`      | If access over http is allowed |

 ## Updating

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -7,6 +7,7 @@ services:
    #  Optional:
    #  - PORT=51821
    #  - HOST=0.0.0.0
+    #  - INSECURE=false

    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
--- a/docs/content/advanced/api.md
+++ b/docs/content/advanced/api.md
@ -0,0 +1,5 @@
+---
+title: API
+---
+
+TODO
--- a/docs/content/advanced/config/optional-config.md
+++ b/docs/content/advanced/config/optional-config.md
--- a/docs/content/advanced/migrate/from-14-to-15.md
+++ b/docs/content/advanced/migrate/from-14-to-15.md
--- a/docs/content/examples/tutorials/basic-installation.md
+++ b/docs/content/examples/tutorials/basic-installation.md
@ -45,6 +45,10 @@ If you are using a firewall, you need to open the following ports:

 These ports can be changed, so if you change them you have to update your firewall rules accordingly.

+## Setup Reverse Proxy
+
+TODO
+
 ## Access the Web UI

 Open your browser and navigate to `https://<your-domain>:51821` or `https://<your-ip>:51821`.
--- a/docs/content/getting-started.md
+++ b/docs/content/getting-started.md
@ -1,5 +1,5 @@
 ---
-title: Usage
+title: Getting Started
 hide:
  - navigation
 ---
@ -86,3 +86,7 @@ sudo docker compose down
 ///

 **That's it! It really is that easy**.
+
+If you need more help you can read the [Basic Installation Tutorial][basic-installation].
+
+[basic-installation]: ./examples/tutorials/basic-installation.md
--- a/src/server/utils/config.ts
+++ b/src/server/utils/config.ts
@ -11,3 +11,10 @@ export const OLD_ENV = {
  /** @deprecated Only for migration purposes */
  PASSWORD_HASH: process.env.PASSWORD_HASH,
 };
+
+export const WG_ENV = {
+  /** UI is hosted on HTTP instead of HTTPS */
+  INSECURE: process.env.INSECURE === 'true',
+};
+
+console.log(WG_ENV);
--- a/src/server/utils/session.ts
+++ b/src/server/utils/session.ts
@ -7,8 +7,6 @@ export type WGSession = Partial<{

 const name = 'wg-easy';

-// TODO: don't set secure to false by default
-
 export async function useWGSession(event: H3Event, rememberMe = false) {
  const sessionConfig = await Database.general.getSessionConfig();
  return useSession<WGSession>(event, {
@ -18,7 +16,7 @@ export async function useWGSession(event: H3Event, rememberMe = false) {
    // maxAge: undefined
    cookie: {
      maxAge: rememberMe ? sessionConfig.sessionTimeout : undefined,
-      secure: false,
+      secure: !WG_ENV.INSECURE,
    },
  });
 }
@ -29,7 +27,7 @@ export async function getWGSession(event: H3Event) {
    password: sessionConfig.sessionPassword,
    name,
    cookie: {
-      secure: false,
+      secure: !WG_ENV.INSECURE,
    },
  });
 }