From 56b3ed10328c0a06c3bc3e92b03770bf1e8623eb Mon Sep 17 00:00:00 2001 From: Bernd Storath <32197462+kaaax0815@users.noreply.github.com> Date: Wed, 5 Mar 2025 12:54:08 +0100 Subject: [PATCH] Feat improv (#1702) * add insecure option, link readme to docs * improve docs --- Dockerfile | 1 + Dockerfile.dev | 1 + README.md | 25 ++++++++++++------- docker-compose.yml | 1 + docs/content/advanced/api.md | 5 ++++ .../config}/optional-config.md | 0 .../migrate/from-14-to-15.md | 0 .../examples/tutorials/basic-installation.md | 4 +++ docs/content/{usage.md => getting-started.md} | 6 ++++- src/server/utils/config.ts | 7 ++++++ src/server/utils/session.ts | 6 ++--- 11 files changed, 42 insertions(+), 14 deletions(-) create mode 100644 docs/content/advanced/api.md rename docs/content/{config/advanced => advanced/config}/optional-config.md (100%) rename docs/content/{config => advanced}/migrate/from-14-to-15.md (100%) rename docs/content/{usage.md => getting-started.md} (94%) diff --git a/Dockerfile b/Dockerfile index 50d60b93..65d96358 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,6 +46,7 @@ RUN update-alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tab ENV DEBUG=Server,WireGuard,Database,CMD ENV PORT=51821 ENV HOST=0.0.0.0 +ENV INSECURE=false LABEL org.opencontainers.image.source=https://github.com/wg-easy/wg-easy diff --git a/Dockerfile.dev b/Dockerfile.dev index c3987112..b0c3a0dd 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -26,6 +26,7 @@ RUN update-alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tab ENV DEBUG=Server,WireGuard,Database,CMD ENV PORT=51821 ENV HOST=0.0.0.0 +ENV INSECURE=false # Install Dependencies COPY src/package.json src/pnpm-lock.yaml ./ diff --git a/README.md b/README.md index 9c5c29dd..80bc9dc4 100644 --- a/README.md +++ b/README.md @@ -27,13 +27,18 @@ You have found the easiest way to install & manage WireGuard on any Linux host! - Gravatar support. - Automatic Light / Dark Mode - Multilanguage Support -- Traffic Stats - One Time Links - Client Expiration - Prometheus metrics support - IPv6 support - CIDR support +> [!NOTE] +> To better manage documentation for this project, it has its own site here: [https://wg-easy.github.io/wg-easy/latest](https://wg-easy.github.io/wg-easy/latest) + +- [Getting Started](https://wg-easy.github.io/wg-easy/latest/getting-started/) +- [Basic Installation](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/basic-installation/) + ## Requirements - A host with a kernel that supports WireGuard (all modern kernels). @@ -58,11 +63,10 @@ We offer multiple Docker image tags to suit your needs. The table below is in a ### 1. Install Docker -If you haven't installed Docker yet, install it by running: +If you haven't installed Docker yet, install it by running as root: ```shell curl -sSL https://get.docker.com | sh -sudo usermod -aG docker $(whoami) exit ``` @@ -73,9 +77,11 @@ And log in again. The easiest way to run WireGuard Easy is with Docker Compose. Just download [`docker-compose.yml`](docker-compose.yml), make necessary adjustments and -execute `docker compose up -d`. +execute `sudo docker compose up -d`. -The Web UI will now be available on `http://0.0.0.0:51821`. +Now setup a reverse proxy to be able to access the Web UI from the internet. + +If you want to access the Web UI over HTTP, change the env var `INSECURE` to `true`. This is not recommended. Only use this for testing @@ -136,10 +142,11 @@ Maintainer: [Buy kaaax0815 a coffee!](https://github.com/sponsors/kaaax0815) ☕ These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command. -| Env | Default | Example | Description | -| ------ | --------- | ----------- | --------------------------- | -| `PORT` | `51821` | `6789` | TCP port for Web UI. | -| `HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to. | +| Env | Default | Example | Description | +| ---------- | --------- | ----------- | ------------------------------ | +| `PORT`. | `51821` | `6789` | TCP port for Web UI. | +| `HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to. | +| `INSECURE` | `false` | `true` | If access over http is allowed | ## Updating diff --git a/docker-compose.yml b/docker-compose.yml index 9260fcd3..e8607ffe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,7 @@ services: # Optional: # - PORT=51821 # - HOST=0.0.0.0 + # - INSECURE=false image: ghcr.io/wg-easy/wg-easy container_name: wg-easy diff --git a/docs/content/advanced/api.md b/docs/content/advanced/api.md new file mode 100644 index 00000000..3fa4f793 --- /dev/null +++ b/docs/content/advanced/api.md @@ -0,0 +1,5 @@ +--- +title: API +--- + +TODO diff --git a/docs/content/config/advanced/optional-config.md b/docs/content/advanced/config/optional-config.md similarity index 100% rename from docs/content/config/advanced/optional-config.md rename to docs/content/advanced/config/optional-config.md diff --git a/docs/content/config/migrate/from-14-to-15.md b/docs/content/advanced/migrate/from-14-to-15.md similarity index 100% rename from docs/content/config/migrate/from-14-to-15.md rename to docs/content/advanced/migrate/from-14-to-15.md diff --git a/docs/content/examples/tutorials/basic-installation.md b/docs/content/examples/tutorials/basic-installation.md index 534bccec..91946264 100644 --- a/docs/content/examples/tutorials/basic-installation.md +++ b/docs/content/examples/tutorials/basic-installation.md @@ -45,6 +45,10 @@ If you are using a firewall, you need to open the following ports: These ports can be changed, so if you change them you have to update your firewall rules accordingly. +## Setup Reverse Proxy + +TODO + ## Access the Web UI Open your browser and navigate to `https://:51821` or `https://:51821`. diff --git a/docs/content/usage.md b/docs/content/getting-started.md similarity index 94% rename from docs/content/usage.md rename to docs/content/getting-started.md index 5d4717fd..47638d07 100644 --- a/docs/content/usage.md +++ b/docs/content/getting-started.md @@ -1,5 +1,5 @@ --- -title: Usage +title: Getting Started hide: - navigation --- @@ -86,3 +86,7 @@ sudo docker compose down /// **That's it! It really is that easy**. + +If you need more help you can read the [Basic Installation Tutorial][basic-installation]. + +[basic-installation]: ./examples/tutorials/basic-installation.md diff --git a/src/server/utils/config.ts b/src/server/utils/config.ts index 480186d9..71805e2e 100644 --- a/src/server/utils/config.ts +++ b/src/server/utils/config.ts @@ -11,3 +11,10 @@ export const OLD_ENV = { /** @deprecated Only for migration purposes */ PASSWORD_HASH: process.env.PASSWORD_HASH, }; + +export const WG_ENV = { + /** UI is hosted on HTTP instead of HTTPS */ + INSECURE: process.env.INSECURE === 'true', +}; + +console.log(WG_ENV); diff --git a/src/server/utils/session.ts b/src/server/utils/session.ts index 7b248063..9602ded5 100644 --- a/src/server/utils/session.ts +++ b/src/server/utils/session.ts @@ -7,8 +7,6 @@ export type WGSession = Partial<{ const name = 'wg-easy'; -// TODO: don't set secure to false by default - export async function useWGSession(event: H3Event, rememberMe = false) { const sessionConfig = await Database.general.getSessionConfig(); return useSession(event, { @@ -18,7 +16,7 @@ export async function useWGSession(event: H3Event, rememberMe = false) { // maxAge: undefined cookie: { maxAge: rememberMe ? sessionConfig.sessionTimeout : undefined, - secure: false, + secure: !WG_ENV.INSECURE, }, }); } @@ -29,7 +27,7 @@ export async function getWGSession(event: H3Event) { password: sessionConfig.sessionPassword, name, cookie: { - secure: false, + secure: !WG_ENV.INSECURE, }, }); }