From 654f28b6cd9a3a1995d179a7c53ce6e56635a642 Mon Sep 17 00:00:00 2001 From: Lucas Rattz Date: Fri, 30 May 2025 18:23:29 -0300 Subject: [PATCH] Improve documentation on password hash --- How_to_generate_an_bcrypt_hash.md | 37 ++++++++++++++++++------------- src/lib/Server.js | 2 +- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/How_to_generate_an_bcrypt_hash.md b/How_to_generate_an_bcrypt_hash.md index d868d23c..5c760e74 100644 --- a/How_to_generate_an_bcrypt_hash.md +++ b/How_to_generate_an_bcrypt_hash.md @@ -1,28 +1,33 @@ -# wg-password +# Generating bcrypt-hashed password -`wg-password` (wgpw) is a script that generates bcrypt password hashes for use with `wg-easy`, enhancing security by requiring passwords. +Since version 14 of wg-easy, a password hashed with bcrypt is needed instead of the plain-text password string. This doc explains how to generate the hash based on a plain-text password. -## Features +## Using Docker + node -- Generate bcrypt password hashes. -- Easily integrate with `wg-easy` to enforce password requirements. +The easiest way to generate a bcrypt password hash with wgpw is using docker and node: -## Usage with Docker +```sh +docker run ghcr.io/wg-easy/wg-easy node -e 'const bcrypt = require("bcryptjs"); const hash = bcrypt.hashSync("YOUR_PASSWORD", 10); console.log(hash.replace(/\$/g, "$$$$"));' +``` + +The hashed password will get printed on your terminal. Copy it and use on the `PASSWORD_HASH` environment variable. -To generate a bcrypt password hash using docker, run the following command : +## Using Docker + wgpw + +`wg-password` (wgpw) is a script that generates bcrypt password hashes. You can use it with docker: ```sh docker run ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD -PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD ``` -*Important* : make sure to enclose your password in single quotes when you run `docker run` command : +You will see an output similar to this: -```bash -$ echo $2b$12$coPqCsPtcF -b2 -$ echo "$2b$12$coPqCsPtcF" -b2 -$ echo '$2b$12$coPqCsPtcF' -$2b$12$coPqCsPtcF +```sh +PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' +``` + +In this example, the `$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW` string is your hashed password. For using it with docker-compose, you need to escape the `$` characters by adding another `$` before them, or they will get interpreted as variables. The final password you can use in docker-compose will look like this: + +```sh +$$2b$$12$$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW ``` diff --git a/src/lib/Server.js b/src/lib/Server.js index b2ee2e9d..16ff90cd 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -308,7 +308,7 @@ module.exports = class Server { ); if (PASSWORD) { - throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md'); + throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/production/How_to_generate_an_bcrypt_hash.md'); } createServer(toNodeListener(app)).listen(PORT, WEBUI_HOST);