mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
3 Branches
17 Tags
22 MiB
 
 
 
 
 
Tree: a9bb7f49b5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a9bb7f49b5'
${ noResults }
wg-easy/Pre-release/search/search_index.json

1 lines
37 KiB
Raw Blame History

{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to the Documentation for <code>wg-easy</code>","text":"<p>\u00a0This Documentation is Versioned</p> <p>Make sure to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the <code>:latest</code> image tag - the most recent stable release.</p> <p>This documentation provides you not only with the basic setup and configuration of <code>wg-easy</code> but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.</p>"},{"location":"#about","title":"About","text":"<p><code>wg-easy</code> is the easiest way to run WireGuard VPN + Web-based Admin UI.</p>"},{"location":"#contents","title":"Contents","text":""},{"location":"#getting-started","title":"Getting Started","text":"<p>If you're new to wg-easy, make sure to read the Getting Started chapter first. If you want to look at examples for Docker Run and Compose, we have an Examples page.</p>"},{"location":"#contributing","title":"Contributing","text":"<p>We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the Contributing section.</p>"},{"location":"#migration","title":"Migration","text":"<p>If you are migrating from an older version of <code>wg-easy</code>, please read the Migration chapter.</p>"},{"location":"faq/","title":"FAQ","text":"<p>Here are some frequently asked questions or errors about <code>wg-easy</code>. If you have a question that is not answered here, please feel free to open a discussion on GitHub.</p>"},{"location":"faq/#error-wireguard-exited-with-the-error-cannot-find-device-wg0","title":"Error: WireGuard exited with the error: Cannot find device \"wg0\"","text":"<p>This error indicates that the WireGuard interface <code>wg0</code> does not exist. This can happen if the WireGuard kernel module is not loaded or if the interface was not created properly.</p> <p>To resolve this issue, you can try the following steps:</p> <ol> <li>Load the WireGuard kernel module: If the WireGuard kernel module is not loaded, you can load it manually by running:</li> </ol> <pre><code> sudo modprobe wireguard\n</code></pre> <ol> <li>Load the WireGuard kernel module on boot: If you want to ensure that the WireGuard kernel module is loaded automatically on boot, you can add it to the <code>/etc/modules</code> file:</li> </ol> <pre><code>echo \"wireguard\" | sudo tee -a /etc/modules\n</code></pre>"},{"location":"faq/#cant-initialize-iptables-table-nat-table-does-not-exist-do-you-need-to-insmod","title":"can't initialize iptables table `nat': Table does not exist (do you need to insmod?)","text":"<p>This error indicates that the <code>nat</code> table in <code>iptables</code> does not exist. This can happen if the <code>iptables</code> kernel module is not loaded or if the <code>nat</code> table is not supported by your kernel.</p> <p>To resolve this issue, you can try the following steps:</p> <ol> <li>Load the <code>nat</code> kernel module: If the <code>nat</code> kernel module is not loaded, you can load it manually by running:</li> </ol> <pre><code>sudo modprobe iptable_nat\n</code></pre> <ol> <li>Load the <code>nat</code> kernel module on boot: If you want to ensure that the <code>nat</code> kernel module is loaded automatically on boot, you can add it to the <code>/etc/modules</code> file:</li> </ol> <pre><code> echo \"iptable_nat\" | sudo tee -a /etc/modules\n</code></pre>"},{"location":"faq/#cant-initialize-ip6tables-table-nat-table-does-not-exist-do-you-need-to-insmod","title":"can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)","text":"<p>This error indicates that the <code>nat</code> table in <code>ip6tables</code> does not exist. This can happen if the <code>ip6tables</code> kernel module is not loaded or if the <code>nat</code> table is not supported by your kernel.</p> <p>To resolve this issue, you can try the following steps:</p> <ol> <li>Load the <code>nat</code> kernel module: If the <code>nat</code> kernel module is not loaded, you can load it manually by running:</li> </ol> <pre><code>sudo modprobe ip6table_nat\n</code></pre> <ol> <li>Load the <code>nat</code> kernel module on boot: If you want to ensure that the <code>nat</code> kernel module is loaded automatically on boot, you can add it to the <code>/etc/modules</code> file:</li> </ol> <pre><code> echo \"ip6table_nat\" | sudo tee -a /etc/modules\n</code></pre>"},{"location":"faq/#cant-initialize-iptables-table-filter-permission-denied","title":"can't initialize iptables table `filter': Permission denied","text":"<p>This error indicates that the <code>filter</code> table in <code>iptables</code> cannot be initialized due to permission issues. This can happen if you are not running the command with sufficient privileges.</p> <p>To resolve this issue, you can try the following steps:</p> <ol> <li>Load the <code>filter</code> kernel module: If the <code>filter</code> kernel module is not loaded, you can load it manually by running:</li> </ol> <pre><code>sudo modprobe iptable_filter\n</code></pre> <ol> <li>Load the <code>filter</code> kernel module on boot: If you want to ensure that the <code>filter</code> kernel module is loaded automatically on boot, you can add it to the <code>/etc/modules</code> file:</li> </ol> <pre><code>echo \"iptable_filter\" | sudo tee -a /etc/modules\n</code></pre>"},{"location":"faq/#cant-initialize-ip6tables-table-filter-permission-denied","title":"can't initialize ip6tables table `filter': Permission denied","text":"<p>This error indicates that the <code>filter</code> table in <code>ip6tables</code> cannot be initialized due to permission issues. This can happen if you are not running the command with sufficient privileges.</p> <p>To resolve this issue, you can try the following steps:</p> <ol> <li>Load the <code>filter</code> kernel module: If the <code>filter</code> kernel module is not loaded, you can load it manually by running:</li> </ol> <pre><code>sudo modprobe ip6table_filter\n</code></pre> <ol> <li>Load the <code>filter</code> kernel module on boot: If you want to ensure that the <code>filter</code> kernel module is loaded automatically on boot, you can add it to the <code>/etc/modules</code> file:</li> </ol> <pre><code> echo \"ip6table_filter\" | sudo tee -a /etc/modules\n</code></pre>"},{"location":"getting-started/","title":"Getting Started","text":"<p>This page explains how to get started with <code>wg-easy</code>. The guide uses Docker Compose as a reference. In our examples, we mount the named volume <code>etc_wireguard</code> to <code>/etc/wireguard</code> inside the container.</p>"},{"location":"getting-started/#preliminary-steps","title":"Preliminary Steps","text":"<p>Before you can get started with deploying your own VPN, there are some requirements to be met:</p> <ol> <li>You need to have a host that you can manage</li> <li>You need to have a domain name or a public IP address</li> <li>You need a supported architecture (x86_64, arm64)</li> </ol>"},{"location":"getting-started/#host-setup","title":"Host Setup","text":"<p>There are a few requirements for a suitable host system:</p> <ol> <li>You need to have a container runtime installed</li> </ol> <p>About the Container Runtime</p> <p>On the host, you need to have a suitable container runtime (like Docker or Podman) installed. We assume Docker Compose is installed. We have aligned file names and configuration conventions with the latest Docker Compose specification. If you're using podman, make sure to read the related documentation.</p>"},{"location":"getting-started/#deploying-the-actual-image","title":"Deploying the Actual Image","text":""},{"location":"getting-started/#tagging-convention","title":"Tagging Convention","text":"<p>To understand which tags you should use, read this section carefully. Our CI will automatically build, test and push new images to the following container registry:</p> <ol> <li>GitHub Container Registry (<code>ghcr.io/wg-easy/wg-easy</code>)</li> </ol> <p>All workflows are using the tagging convention listed below. It is subsequently applied to all images.</p> tag Type Example Description <code>15</code> latest minor for that major tag <code>ghcr.io/wg-easy/wg-easy:15</code> latest features for specific major versions, no breaking changes <code>latest</code> latest tag <code>ghcr.io/wg-easy/wg-easy:latest</code> or <code>ghcr.io/wg-easy/wg-easy</code> stable as possible get bug fixes quickly when needed, see Releases for more information. <code>15.0</code> latest patch for that minor tag <code>ghcr.io/wg-easy/wg-easy:15.0</code> latest patches for specific minor version <code>15.0.0</code> specific tag <code>ghcr.io/wg-easy/wg-easy:15.0.0</code> specific release, don't use this as this will not get updated <code>nightly</code> <code>master</code> <code>ghcr.io/wg-easy/wg-easy:nightly</code> mostly unstable gets frequent package and code updates, deployed against <code>master</code>. <code>development</code> pull requests <code>ghcr.io/wg-easy/wg-easy:development</code> used for development, testing code from PRs before landing into <code>master</code>. <p>When publishing a tag we follow the Semantic Versioning specification. The <code>latest</code> tag is always pointing to the latest stable release. If you want to avoid breaking changes, use the major version tag (e.g. <code>15</code>).</p>"},{"location":"getting-started/#get-all-files","title":"Get All Files","text":"<p>Issue the following command to acquire the necessary file:</p> <pre><code>wget \"https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml\"\n</code></pre>"},{"location":"getting-started/#start-the-container","title":"Start the Container","text":"<p>To start the container, issue the following command:</p> <pre><code>sudo docker compose up -d\n</code></pre>"},{"location":"getting-started/#configuration-steps","title":"Configuration Steps","text":"<p>Now follow the setup process in your web browser</p>"},{"location":"getting-started/#stopping-the-container","title":"Stopping the Container","text":"<p>To stop the container, issue the following command:</p> <pre><code>sudo docker compose down\n</code></pre> <p>Using the Correct Commands For Stopping and Starting <code>wg-easy</code></p> <p>Use <code>sudo docker compose up / down</code>, not <code>sudo docker compose start / stop</code>. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.</p> <p>That's it! It really is that easy.</p> <p>If you need more help you can read the Basic Installation Tutorial.</p>"},{"location":"advanced/api/","title":"API","text":"<p>You can use the API to interact with the application programmatically. The API is available at <code>/api</code> and supports both GET and POST requests. The API is designed to be simple and easy to use, with a focus on providing a consistent interface for all endpoints.</p> <p>There is no documentation for the API yet, but this will be added as the underlying library supports it.</p>"},{"location":"advanced/api/#authentication","title":"Authentication","text":"<p>To use the API, you need to authenticate using Basic Authentication. The username and password are the same as the ones you use to log in to the web application. If you use 2FA, the API will not work. You need to disable 2FA in the web application to use the API.</p>"},{"location":"advanced/api/#authentication-example","title":"Authentication Example","text":"<pre><code>import requests\nfrom requests.auth import HTTPBasicAuth\n\nurl = \"https://example.com:51821/api/client\"\nresponse = requests.get(url, auth=HTTPBasicAuth('username', 'password'))\nif response.status_code == 200:\n data = response.json()\n print(data)\nelse:\n print(f\"Error: {response.status_code}\")\n</code></pre>"},{"location":"advanced/api/#endpoints","title":"Endpoints","text":"<p>The Endpoints are not yet documented. But as file-based routing is used, you can find the endpoints in the <code>src/server/api</code> folder. The method is defined in the file name.</p>"},{"location":"advanced/api/#endpoints-example","title":"Endpoints Example","text":"File Name Endpoint Method <code>src/server/api/client.get.ts</code> <code>/api/client</code> GET <code>src/server/api/setup/2.post.ts</code> <code>/api/setup/2</code> POST"},{"location":"advanced/config/optional-config/","title":"Optional Configuration","text":"<p>You can set these environment variables to configure the container. They are not required, but can be useful in some cases.</p> Env Default Example Description <code>PORT</code> <code>51821</code> <code>6789</code> TCP port for Web UI. <code>HOST</code> <code>0.0.0.0</code> <code>localhost</code> IP address web UI binds to. <code>INSECURE</code> <code>false</code> <code>true</code> If access over http is allowed"},{"location":"advanced/config/unattended-setup/","title":"Unattended Setup","text":"<p>If you want to run the setup without any user interaction, e.g. with a tool like Ansible, you can use these environment variables to configure the setup.</p> <p>These will only be used during the first start of the container. After that, the setup will be disabled.</p> Env Example Description Group <code>INIT_ENABLED</code> <code>true</code> Enables the below env vars 0 <code>INIT_USERNAME</code> <code>admin</code> Sets admin username 1 <code>INIT_PASSWORD</code> <code>Se!ureP%ssw</code> Sets admin password 1 <code>INIT_HOST</code> <code>vpn.example.com</code> Host clients will connect to 1 <code>INIT_PORT</code> <code>51820</code> Port clients will connect to and wireguard will listen on 1 <code>INIT_DNS</code> <code>1.1.1.1,8.8.8.8</code> Sets global dns setting 2 <code>INIT_IPV4_CIDR</code> <code>10.8.0.0/24</code> Sets IPv4 cidr 3 <code>INIT_IPV6_CIDR</code> <code>2001:0DB8::/32</code> Sets IPv6 cidr 3 <p>\u00a0Variables have to be used together</p> <p>If variables are in the same group, you have to set all of them. For example, if you set <code>INIT_IPV4_CIDR</code>, you also have to set <code>INIT_IPV6_CIDR</code>.</p> <p>If you want to skip the setup process, you have to configure group <code>1</code></p> <p>Security</p> <p>The initial username and password is not checked for complexity. Make sure to set a long enough username and password. Otherwise, the user won't be able to log in.</p> <p>It's recommended to remove the variables after the setup is done to prevent the password from being exposed.</p>"},{"location":"advanced/metrics/prometheus/","title":"Prometheus","text":"<p>To monitor the WireGuard server, you can use Prometheus and Grafana. The container exposes a <code>/metrics/prometheus</code> endpoint that can be scraped by Prometheus.</p>"},{"location":"advanced/metrics/prometheus/#enable-prometheus","title":"Enable Prometheus","text":"<p>To enable Prometheus metrics, go to Admin Panel &gt; General and enable Prometheus.</p> <p>You can optionally set a Bearer Password for the metrics endpoints. This is useful if you want to expose the metrics endpoint to the internet.</p>"},{"location":"advanced/metrics/prometheus/#configure-prometheus","title":"Configure Prometheus","text":"<p>You need to add a scrape config to your Prometheus configuration file. Here is an example:</p> <pre><code>scrape_configs:\n - job_name: \"wg-easy\"\n scrape_interval: 30s\n metrics_path: /metrics/prometheus\n static_configs:\n - targets:\n - \"localhost:51821\"\n authorization:\n type: Bearer\n credentials: \"SuperSecurePassword\"\n</code></pre>"},{"location":"advanced/metrics/prometheus/#grafana-dashboard","title":"Grafana Dashboard","text":"<p>You can use the following Grafana dashboard to visualize the metrics:</p> <p></p> <p>21733</p> <p>Unofficial</p> <p>The Grafana dashboard is not official and is not maintained by the <code>wg-easy</code> team. If you have any issues with the dashboard, please contact the author of the dashboard. See #1299 for more information.</p>"},{"location":"advanced/migrate/","title":"Migrate","text":"<p>If you want to migrate from an older version of <code>wg-easy</code> to the new version, you can find the migration guides listed below.</p> <ul> <li>Migrate from v14 to v15 : This guide should also work for any version before <code>v14</code>.</li> </ul>"},{"location":"advanced/migrate/from-14-to-15/","title":"Migrate from v14 to v15","text":"<p>This guide will help you migrate from <code>v14</code> to version <code>v15</code> of <code>wg-easy</code>.</p>"},{"location":"advanced/migrate/from-14-to-15/#changes","title":"Changes","text":"<ul> <li>This is a complete rewrite of the <code>wg-easy</code> project. Therefore the configuration files and the way you interact with the project have changed.</li> <li>If you use armv6 or armv7, you can't migrate to <code>v15</code> yet. We are working on it.</li> <li>If you are connecting to the web ui via HTTP, you need to set the <code>INSECURE</code> environment variable to <code>true</code> in the new container.</li> </ul>"},{"location":"advanced/migrate/from-14-to-15/#migration","title":"Migration","text":""},{"location":"advanced/migrate/from-14-to-15/#backup","title":"Backup","text":"<p>Before you start the migration, make sure to backup your existing configuration files.</p> <p>Go into the Web Ui and click the Backup button, this should download a <code>wg0.json</code> file.</p> <p>Or download the <code>wg0.json</code> file from your container volume to your pc.</p> <p>You will need this file for the migration</p>"},{"location":"advanced/migrate/from-14-to-15/#remove-old-container","title":"Remove old container","text":"<ol> <li>Stop the running container</li> </ol> <p>If you are using <code>docker run</code></p> <pre><code>docker stop wg-easy\n</code></pre> <p>If you are using <code>docker-compose</code></p> <pre><code>docker-compose down\n</code></pre>"},{"location":"advanced/migrate/from-14-to-15/#start-new-container","title":"Start new container","text":"<p>Follow the instructions in the Getting Started or Basic Installation guide to start the new container.</p> <p>In the setup wizard, select that you already already have a configuration file and upload the <code>wg0.json</code> file you downloaded in the backup step.</p>"},{"location":"advanced/migrate/from-14-to-15/#done","title":"Done","text":"<p>You have now successfully migrated to <code>v15</code> of <code>wg-easy</code>.</p>"},{"location":"contributing/general/","title":"General Information","text":""},{"location":"contributing/general/#coding-style","title":"Coding Style","text":"<p>When refactoring, writing or altering files, adhere to these rules:</p> <ol> <li>Adjust your style of coding to the style that is already present! Even if you do not like it, this is due to consistency. There was a lot of work involved in making all files consistent.</li> <li>Use <code>pnpm lint</code> to check your scripts! Your contributions are checked by GitHub Actions too, so you will need to do this.</li> <li>Use the provided <code>.vscode/settings.json</code> file.</li> </ol>"},{"location":"contributing/general/#documentation","title":"Documentation","text":"<p>Make sure to select <code>nightly</code> in the dropdown menu at the top. Navigate to the page you would like to edit and click the edit button in the top right. This allows you to make changes and create a pull-request.</p> <p>Alternatively you can make the changes locally. For that you'll need to have Docker installed. Run</p> <pre><code>pnpm docs:serve\n</code></pre> <p>This serves the documentation on your local machine on port <code>8080</code>. Each change will be hot-reloaded onto the page you view, just edit, save and look at the result.</p>"},{"location":"contributing/issues-and-pull-requests/","title":"Issues and Pull Requests","text":"<p>This project is Open Source. That means that you can contribute on enhancements, bug fixing or improving the documentation.</p>"},{"location":"contributing/issues-and-pull-requests/#opening-an-issue","title":"Opening an Issue","text":"<p>Attention</p> <p>Before opening an issue, read the <code>README</code> carefully, study the docs for your version (maybe latest) and your search engine you trust. The issue tracker is not meant to be used for unrelated questions!</p> <p>When opening an issue, please provide details use case to let the community reproduce your problem.</p> <p>Attention</p> <p>Use the issue templates to provide the necessary information. Issues which do not use these templates are not worked on and closed.</p> <p>By raising issues, I agree to these terms and I understand, that the rules set for the issue tracker will help both maintainers as well as everyone to find a solution.</p> <p>Maintainers take the time to improve on this project and help by solving issues together. It is therefore expected from others to make an effort and comply with the rules.</p>"},{"location":"contributing/issues-and-pull-requests/#filing-a-bug-report","title":"Filing a Bug Report","text":"<p>Thank you for participating in this project and reporting a bug. <code>wg-easy</code> is a community-driven project, and each contribution counts!</p> <p>Maintainers and moderators are volunteers. We greatly appreciate reports that take the time to provide detailed information via the template, enabling us to help you in the best and quickest way. Ignoring the template provided may seem easier, but discourages receiving any support.</p> <p>Markdown formatting can be used in almost all text fields (unless stated otherwise in the description).</p> <p>Be as precise as possible, and if in doubt, it's best to add more information that too few.</p> <p>When an option is marked with \"not officially supported\" / \"unsupported\", then support is dependent on availability from specific maintainers.</p>"},{"location":"contributing/issues-and-pull-requests/#pull-requests","title":"Pull Requests","text":"<p>Motivation</p> <p>You want to add a feature? Feel free to start creating an issue explaining what you want to do and how you're thinking doing it. Other users may have the same need and collaboration may lead to better results.</p>"},{"location":"contributing/issues-and-pull-requests/#submit-a-pull-request","title":"Submit a Pull-Request","text":"<p>The development workflow is the following:</p> <ol> <li>Fork the project</li> <li>Write the code that is needed :D</li> <li>Document your improvements if necessary</li> <li>Commit (and sign your commit), push and create a pull-request to merge into <code>master</code>. Please use the pull-request template to provide a minimum of contextual information and make sure to meet the requirements of the checklist.</li> </ol> <p>Pull requests are automatically tested against the CI and will be reviewed when tests pass. When your changes are validated, your branch is merged. CI builds the new <code>:nightly</code> image every night and your changes will be includes in the next version release.</p>"},{"location":"examples/tutorials/adguard/","title":"AdGuard Home","text":"<p>It seems like the Docs on how to setup AdGuard Home are not available yet.</p> <p>Feel free to create a PR and add them here.</p>"},{"location":"examples/tutorials/auto-updates/","title":"Auto Updates","text":""},{"location":"examples/tutorials/auto-updates/#docker-compose","title":"Docker Compose","text":"<p>With Docker Compose <code>wg-easy</code> can be updated with a single command:</p> <pre><code>cd /etc/docker/containers/wg-easy\nsudo docker compose up -d --pull always\n</code></pre>"},{"location":"examples/tutorials/auto-updates/#watchtower","title":"Watchtower","text":"<p>If you want the updates to be fully automatic you can install Watchtower. This will check for updates every day at 4:00 AM and update the container if a new version is available.</p> <p>File: <code>/etc/docker/containers/watchtower/docker-compose.yml</code></p> <pre><code>services:\n watchtower:\n image: containrrr/watchtower:latest\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n env_file:\n - watchtower.env\n restart: unless-stopped\n</code></pre> <p>File: <code>/etc/docker/containers/watchtower/watchtower.env</code></p> <pre><code>WATCHTOWER_CLEANUP=true\nWATCHTOWER_SCHEDULE=0 0 4 * * *\nTZ=Europe/Berlin\n\n# Email\n# WATCHTOWER_NOTIFICATIONS_LEVEL=info\n# WATCHTOWER_NOTIFICATIONS=email\n# [email protected]\n# [email protected]\n# WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.example.com\n# [email protected]\n# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=\"SuperSecurePassword\"\n# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587\n</code></pre> <pre><code>cd /etc/docker/containers/watchtower\nsudo docker compose up -d\n</code></pre>"},{"location":"examples/tutorials/auto-updates/#docker-run","title":"Docker Run","text":"<pre><code>sudo docker stop wg-easy\nsudo docker rm wg-easy\nsudo docker pull ghcr.io/wg-easy/wg-easy\n</code></pre> <p>And then run the <code>docker run -d \\ ...</code> command from Docker Run again.</p>"},{"location":"examples/tutorials/auto-updates/#podman","title":"Podman","text":"<p>To update <code>wg-easy</code> (and every container that has auto updates enabled), you can run the following command:</p> <pre><code>sudo podman auto-update\n</code></pre>"},{"location":"examples/tutorials/basic-installation/","title":"Basic Installation","text":""},{"location":"examples/tutorials/basic-installation/#requirements","title":"Requirements","text":"<ol> <li>You need to have a host that you can manage</li> <li>You need to have a domain name or a public IP address</li> <li>You need a supported architecture (x86_64, arm64)</li> <li>You need curl installed on your host</li> </ol>"},{"location":"examples/tutorials/basic-installation/#install-docker","title":"Install Docker","text":"<p>Follow the Docs here: https://docs.docker.com/engine/install/ and install Docker on your host.</p>"},{"location":"examples/tutorials/basic-installation/#install-wg-easy","title":"Install <code>wg-easy</code>","text":"<ol> <li>Create a directory for the configuration files (you can choose any directory you like):</li> </ol> <pre><code>sudo mkdir -p /etc/docker/containers/wg-easy\n</code></pre> <ol> <li>Download docker compose file</li> </ol> <pre><code>sudo curl -o /etc/docker/containers/wg-easy/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml\n</code></pre> <ol> <li>Start <code>wg-easy</code></li> </ol> <pre><code> cd /etc/docker/containers/wg-easy\n sudo docker-compose up -d\n</code></pre>"},{"location":"examples/tutorials/basic-installation/#setup-firewall","title":"Setup Firewall","text":"<p>If you are using a firewall, you need to open the following ports:</p> <ul> <li>UDP 51820 (WireGuard)</li> </ul> <p>These ports can be changed, so if you change them you have to update your firewall rules accordingly.</p>"},{"location":"examples/tutorials/basic-installation/#setup-reverse-proxy","title":"Setup Reverse Proxy","text":"<ul> <li>To setup traefik follow the instructions here: Traefik</li> <li>To setup caddy follow the instructions here: Caddy</li> </ul>"},{"location":"examples/tutorials/basic-installation/#update-wg-easy","title":"Update <code>wg-easy</code>","text":"<p>To update <code>wg-easy</code> to the latest version, run:</p> <pre><code>cd /etc/docker/containers/wg-easy\nsudo docker-compose pull\nsudo docker-compose up -d\n</code></pre>"},{"location":"examples/tutorials/basic-installation/#auto-update","title":"Auto Update","text":"<p>If you want to enable auto-updates, follow the instructions here: Auto Updates</p>"},{"location":"examples/tutorials/caddy/","title":"Caddy","text":"<p>It seems like the Docs on how to setup Caddy are not available yet.</p> <p>Feel free to create a PR and add them here.</p>"},{"location":"examples/tutorials/docker-run/","title":"Docker Run","text":"<p>To setup the IPv6 Network, simply run once:</p> <pre><code>docker network create \\\n -d bridge --ipv6 \\\n -d default \\\n --subnet 10.42.42.0/24 \\\n --subnet fdcc:ad94:bacf:61a3::/64 wg \\\n</code></pre> <p>To automatically install &amp; run <code>wg-easy</code>, simply run:</p> <pre><code>docker run -d \\\n --net wg \\\n -e INSECURE=true \\\n --name wg-easy \\\n --ip6 fdcc:ad94:bacf:61a3::2a \\\n --ip 10.42.42.42 \\\n -v ~/.wg-easy:/etc/wireguard \\\n -v /lib/modules:/lib/modules:ro \\\n -p 51820:51820/udp \\\n -p 51821:51821/tcp \\\n --cap-add NET_ADMIN \\\n --cap-add SYS_MODULE \\\n --sysctl net.ipv4.ip_forward=1 \\\n --sysctl net.ipv4.conf.all.src_valid_mark=1 \\\n --sysctl net.ipv6.conf.all.disable_ipv6=0 \\\n --sysctl net.ipv6.conf.all.forwarding=1 \\\n --sysctl net.ipv6.conf.default.forwarding=1 \\\n --restart unless-stopped \\\n ghcr.io/wg-easy/wg-easy:15\n</code></pre> <p>The Web UI will now be available at http://0.0.0.0:51821.</p>"},{"location":"examples/tutorials/dockerless/","title":"Without Docker","text":"<p>This is currently not yet supported.</p>"},{"location":"examples/tutorials/podman-nft/","title":"Podman + nftables","text":"<p>This guide will show you how to run <code>wg-easy</code> with rootful Podman and nftables.</p>"},{"location":"examples/tutorials/podman-nft/#requirements","title":"Requirements","text":"<ol> <li>Podman installed with version 4.4 or higher</li> </ol>"},{"location":"examples/tutorials/podman-nft/#configuration","title":"Configuration","text":"<p>Create a Folder for the configuration files:</p> <pre><code>sudo mkdir -p /etc/containers/systemd/wg-easy\nsudo mkdir -p /etc/containers/volumes/wg-easy\n</code></pre> <p>Create a file <code>/etc/containers/systemd/wg-easy/wg-easy.container</code> with the following content:</p> <pre><code>[Container]\nContainerName=wg-easy\nImage=ghcr.io/wg-easy/wg-easy:15\nAutoUpdate=registry\n\nVolume=/etc/containers/volumes/wg-easy:/etc/wireguard:Z\nNetwork=wg-easy.network\nPublishPort=51820:51820/udp\nPublishPort=51821:51821/tcp\n\n# this is used to allow access over HTTP\n# remove this when using a reverse proxy\nEnvironment=INSECURE=true\n\nAddCapability=NET_ADMIN\nAddCapability=SYS_MODULE\nAddCapability=NET_RAW\nSysctl=net.ipv4.ip_forward=1\nSysctl=net.ipv4.conf.all.src_valid_mark=1\nSysctl=net.ipv6.conf.all.disable_ipv6=0\nSysctl=net.ipv6.conf.all.forwarding=1\nSysctl=net.ipv6.conf.default.forwarding=1\n\n[Install]\n# this is used to start the container on boot\nWantedBy=default.target\n</code></pre> <p>Create a file <code>/etc/containers/systemd/wg-easy/wg-easy.network</code> with the following content:</p> <pre><code>[Network]\nNetworkName=wg-easy\nIPv6=true\n</code></pre>"},{"location":"examples/tutorials/podman-nft/#load-kernel-modules","title":"Load Kernel Modules","text":"<p>You will need to load the following kernel modules</p> <pre><code>wireguard\nnft_masq\n</code></pre> <p>Create a file <code>/etc/modules-load.d/wg-easy.conf</code> with the following content:</p> <pre><code>wireguard\nnft_masq\n</code></pre>"},{"location":"examples/tutorials/podman-nft/#start-the-container","title":"Start the Container","text":"<pre><code>sudo systemctl daemon-reload\nsudo systemctl start wg-easy\n</code></pre>"},{"location":"examples/tutorials/podman-nft/#edit-hooks","title":"Edit Hooks","text":"<p>In the Admin Panel of your WireGuard server, go to the <code>Hooks</code> tab and add the following hook:</p> <ol> <li>PostUp</li> </ol> <pre><code>nft add table inet wg_table; nft add chain inet wg_table prerouting { type nat hook prerouting priority 100 \\; }; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \\; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \\; policy accept \\; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \\; policy accept \\; }; nft add rule inet wg_table forward iifname \"wg0\" accept; nft add rule inet wg_table forward oifname \"wg0\" accept;\n</code></pre> <ol> <li>PostDown</li> </ol> <pre><code>nft delete table inet wg_table\n</code></pre> <p>If you don't have iptables loaded on your server, you could see many errors in the logs or in the UI. You can ignore them.</p>"},{"location":"examples/tutorials/podman-nft/#restart-the-container","title":"Restart the Container","text":"<p>Restart the container to apply the new hooks:</p> <pre><code>sudo systemctl restart wg-easy\n</code></pre>"},{"location":"examples/tutorials/traefik/","title":"Traefik","text":"<p>Opinionated</p> <p>This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.</p>"},{"location":"examples/tutorials/traefik/#create-docker-compose-project","title":"Create docker compose project","text":"<pre><code>sudo mkdir -p /etc/docker/containers/traefik\ncd /etc/docker/containers/traefik\n</code></pre>"},{"location":"examples/tutorials/traefik/#create-docker-compose-file","title":"Create docker compose file","text":"<p>File: <code>/etc/docker/containers/traefik/docker-compose.yml</code></p> <pre><code>services:\n traefik:\n image: traefik:3.3\n container_name: traefik\n restart: unless-stopped\n ports:\n - \"80:80\"\n - \"443:443/tcp\"\n - \"443:443/udp\"\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n - /etc/docker/volumes/traefik/traefik.yml:/traefik.yml:ro\n - /etc/docker/volumes/traefik/traefik_dynamic.yml:/traefik_dynamic.yml:ro\n - /etc/docker/volumes/traefik/acme.json:/acme.json\n networks:\n - traefik\n\nnetworks:\n traefik:\n external: true\n</code></pre>"},{"location":"examples/tutorials/traefik/#create-traefikyml","title":"Create traefik.yml","text":"<p>File: <code>/etc/docker/volumes/traefik/traefik.yml</code></p> <pre><code>log:\n level: INFO\n\nentryPoints:\n web:\n address: \":80/tcp\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443/tcp\"\n http:\n middlewares:\n - compress@file\n - hsts@file\n tls:\n certResolver: letsencrypt\n http3: {}\n\napi:\n dashboard: true\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: [email protected]$\n storage: acme.json\n httpChallenge:\n entryPoint: web\n\nproviders:\n docker:\n watch: true\n network: traefik\n exposedByDefault: false\n file:\n filename: traefik_dynamic.yml\n\nserversTransport:\n insecureSkipVerify: true\n</code></pre>"},{"location":"examples/tutorials/traefik/#create-traefik_dynamicyml","title":"Create traefik_dynamic.yml","text":"<p>File: <code>/etc/docker/volumes/traefik/traefik_dynamic.yml</code></p> <pre><code>http:\n middlewares:\n services:\n basicAuth:\n users:\n - \"$username$:$password$\"\n compress:\n compress: {}\n hsts:\n headers:\n stsSeconds: 2592000\n routers:\n api:\n rule: Host(`traefik.$example.com$`)\n entrypoints:\n - websecure\n middlewares:\n - services\n service: api@internal\n\ntls:\n options:\n default:\n cipherSuites:\n - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n sniStrict: true\n</code></pre>"},{"location":"examples/tutorials/traefik/#create-acmejson","title":"Create acme.json","text":"<pre><code>sudo touch /etc/docker/volumes/traefik/acme.json\nsudo chmod 600 /etc/docker/volumes/traefik/acme.json\n</code></pre>"},{"location":"examples/tutorials/traefik/#create-network","title":"Create network","text":"<pre><code>sudo docker network create traefik\n</code></pre>"},{"location":"examples/tutorials/traefik/#start-traefik","title":"Start traefik","text":"<pre><code>sudo docker-compose up -d\n</code></pre> <p>You can no access the Traefik dashboard at <code>https://traefik.$example.com$</code> with the credentials you set in <code>traefik_dynamic.yml</code>.</p>"},{"location":"examples/tutorials/traefik/#add-labels-to-wg-easy","title":"Add Labels to <code>wg-easy</code>","text":"<p>To add labels to your <code>wg-easy</code> service, you can add the following to your <code>docker-compose.yml</code> file:</p> <p>File: <code>/etc/docker/containers/wg-easy/docker-compose.yml</code></p> <pre><code>services:\n wg-easy:\n ...\n container_name: wg-easy\n networks:\n ...\n traefik: {}\n labels:\n - \"traefik.enable=true\"\n - \"traefik.http.routers.wg-easy.rule=Host(`wg-easy.$example.com$`)\"\n - \"traefik.http.routers.wg-easy.entrypoints=websecure\"\n - \"traefik.http.routers.wg-easy.service=wg-easy\"\n - \"traefik.http.services.wg-easy.loadbalancer.server.port=51821\"\n ...\n\nnetworks:\n ...\n traefik:\n external: true\n</code></pre>"},{"location":"examples/tutorials/traefik/#restart-wg-easy","title":"Restart <code>wg-easy</code>","text":"<pre><code>cd /etc/docker/containers/wg-easy\nsudo docker-compose up -d\n</code></pre> <p>You can now access <code>wg-easy</code> at <code>https://wg-easy.$example.com$</code> and start the setup.</p>"},{"location":"guides/2fa/","title":"2FA","text":"<p>TODO</p>"},{"location":"guides/account/","title":"Edit Account","text":"<p>TODO</p>"},{"location":"guides/admin/","title":"Admin Panel","text":"<p>TODO</p>"},{"location":"guides/clients/","title":"Edit Client","text":"<p>TODO</p>"},{"location":"guides/login/","title":"Login","text":"<p>TODO</p>"},{"location":"guides/setup/","title":"Setup","text":"<p>TODO</p>"}]}