Breaking Changes
+This API is not yet stable and may change in the future. The API is currently in development and is subject to change without notice. The API is not yet documented, but we will add documentation as the API stabilizes.
+You can use the API to interact with the application programmatically. The API is available at /api and supports both GET and POST requests. The API is designed to be simple and easy to use, with a focus on providing a consistent interface for all endpoints.
There is no documentation for the API yet, but this will be added as the underlying library supports it.
+To use the API, you need to authenticate using Basic Authentication. The username and password are the same as the ones you use to log in to the web application. +If you use 2FA, the API will not work. You need to disable 2FA in the web application to use the API.
+import requests
+from requests.auth import HTTPBasicAuth
+
+url = "https://example.com:51821/api/client"
+response = requests.get(url, auth=HTTPBasicAuth('username', 'password'))
+if response.status_code == 200:
+ data = response.json()
+ print(data)
+else:
+ print(f"Error: {response.status_code}")
+The Endpoints are not yet documented. But as file-based routing is used, you can find the endpoints in the src/server/api folder. The method is defined in the file name.
| File Name | +Endpoint | +Method | +
|---|---|---|
src/server/api/client.get.ts |
+/api/client |
+GET | +
src/server/api/setup/2.post.ts |
+/api/setup/2 |
+POST | +
You can set these environment variables to configure the container. They are not required, but can be useful in some cases.
+| Env | +Default | +Example | +Description | +
|---|---|---|---|
PORT |
+51821 |
+6789 |
+TCP port for Web UI. | +
HOST |
+0.0.0.0 |
+localhost |
+IP address web UI binds to. | +
INSECURE |
+false |
+true |
+If access over http is allowed | +
If you want to run the setup without any user interaction, e.g. with a tool like Ansible, you can use these environment variables to configure the setup.
+These will only be used during the first start of the container. After that, the setup will be disabled.
+| Env | +Example | +Description | +Group | +
|---|---|---|---|
INIT_ENABLED |
+true |
+Enables the below env vars | +0 | +
INIT_USERNAME |
+admin |
+Sets admin username | +1 | +
INIT_PASSWORD |
+Se!ureP%ssw |
+Sets admin password | +1 | +
INIT_HOST |
+vpn.example.com |
+Host clients will connect to | +1 | +
INIT_PORT |
+51820 |
+Port clients will connect to and wireguard will listen on | +1 | +
INIT_DNS |
+1.1.1.1,8.8.8.8 |
+Sets global dns setting | +2 | +
INIT_IPV4_CIDR |
+10.8.0.0/24 |
+Sets IPv4 cidr | +3 | +
INIT_IPV6_CIDR |
+2001:0DB8::/32 |
+Sets IPv6 cidr | +3 | +
Variables have to be used together
+If variables are in the same group, you have to set all of them. For example, if you set INIT_IPV4_CIDR, you also have to set INIT_IPV6_CIDR.
If you want to skip the setup process, you have to configure group 1
Security
+The initial username and password is not checked for complexity. Make sure to set a long enough username and password. Otherwise, the user won't be able to log in.
+It's recommended to remove the variables after the setup is done to prevent the password from being exposed.
+To monitor the WireGuard server, you can use Prometheus and Grafana. The container exposes a /metrics/prometheus endpoint that can be scraped by Prometheus.
To enable Prometheus metrics, go to Admin Panel > General and enable Prometheus.
+You can optionally set a Bearer Password for the metrics endpoints. This is useful if you want to expose the metrics endpoint to the internet.
+You need to add a scrape config to your Prometheus configuration file. Here is an example:
+scrape_configs:
+ - job_name: 'wg-easy'
+ scrape_interval: 30s
+ metrics_path: /metrics/prometheus
+ static_configs:
+ - targets:
+ - 'localhost:51821'
+ authorization:
+ type: Bearer
+ credentials: 'SuperSecurePassword'
+You can use the following Grafana dashboard to visualize the metrics:
+Unofficial
+The Grafana dashboard is not official and is not maintained by the wg-easy team. If you have any issues with the dashboard, please contact the author of the dashboard.
+See #1299 for more information.
This guide will help you migrate from v14 to version v15 of wg-easy.
wg-easy project. Therefore the configuration files and the way you interact with the project have changed.v15 yet. We are working on it.INSECURE environment variable to true in the new container.Before you start the migration, make sure to backup your existing configuration files.
+Go into the Web Ui and click the Backup button, this should download a wg0.json file.
Or download the wg0.json file from your container volume to your pc.
You will need this file for the migration
+If you are using docker run
docker stop wg-easy
+If you are using docker-compose
docker-compose down
+Follow the instructions in the Getting Started or Basic Installation guide to start the new container.
+In the setup wizard, select that you already already have a configuration file and upload the wg0.json file you downloaded in the backup step.
You have now successfully migrated to v15 of wg-easy.
If you want to migrate from an older version of wg-easy to the new version, you can find the migration guides listed below.
v14.