64b8eba092
Under Global Settings, the MTU value on the left is by default set to 1450, but the documentation claims 1420. This updates the documentation to match the correct default value. |
||
---|---|---|
.github | ||
custom | ||
db | ||
emailer | ||
handler | ||
model | ||
router | ||
store | ||
templates | ||
util | ||
.dockerignore | ||
.gitignore | ||
docker-compose.yaml | ||
Dockerfile | ||
go.mod | ||
go.sum | ||
init.sh | ||
Jenkinsfile | ||
LICENSE | ||
main.go | ||
package.json | ||
prepare_assets.sh | ||
README.md | ||
yarn.lock |
wireguard-ui
A web user interface to manage your WireGuard setup.
Features
- Friendly UI
- Authentication
- Manage extra client information (name, email, etc)
- Retrieve client config using QR code / file / email
Run WireGuard-UI
⚠️The default username and password are
admin
. Please change it to secure your setup.
Using binary file
Download the binary file from the release page and run it directly on the host machine
./wireguard-ui
Using docker compose
You can take a look at this example of docker-compose.yml. Please adjust volume mount points to work with your setup. Then run it like below:
docker-compose up
Note:
- There is a Status page that needs docker to be able to access the network of the host in order to read the
wireguard interface stats. See the
cap_add
andnetwork_mode
options on the docker-compose.yaml - Similarly, the
WGUI_MANAGE_START
andWGUI_MANAGE_RESTART
settings need the same access, in order to restart the wireguard interface. - Because the
network_mode
is set tohost
, we don't need to specify the exposed ports. The app will listen on port5000
by default.
Environment Variables
Variable | Description | Default |
---|---|---|
BASE_PATH |
Set this variable if you run wireguard-ui under a subpath of your reverse proxy virtual host (e.g. /wireguard)) | N/A |
SESSION_SECRET |
The secret key used to encrypt the session cookies. Set this to a random value | N/A |
WGUI_USERNAME |
The username for the login page. Used for db initialization only | admin |
WGUI_PASSWORD |
The password for the user on the login page. Will be hashed automatically. Used for db initialization only | admin |
WGUI_PASSWORD_HASH |
The password hash for the user on the login page. (alternative to WGUI_PASSWORD ). Used for db initialization only |
N/A |
WGUI_FAVICON_FILE_PATH |
The file path used as website favicon | Embedded WireGuard logo |
WGUI_ENDPOINT_ADDRESS |
The default endpoint address used in global settings | Resolved to your public ip address |
WGUI_DNS |
The default DNS servers (comma-separated-list) used in the global settings | 1.1.1.1 |
WGUI_MTU |
The default MTU used in global settings | 1450 |
WGUI_PERSISTENT_KEEPALIVE |
The default persistent keepalive for WireGuard in global settings | 15 |
WGUI_FORWARD_MARK |
The default WireGuard forward mark | 0xca6c |
WGUI_CONFIG_FILE_PATH |
The default WireGuard config file path used in global settings | /etc/wireguard/wg0.conf |
WG_CONF_TEMPLATE |
The custom wg.conf config file template. Please refer to our default template |
N/A |
EMAIL_FROM_ADDRESS |
The sender email address | N/A |
EMAIL_FROM_NAME |
The sender name | WireGuard UI |
SENDGRID_API_KEY |
The SendGrid api key | N/A |
SMTP_HOSTNAME |
The SMTP IP address or hostname | 127.0.0.1 |
SMTP_PORT |
The SMTP port | 25 |
SMTP_USERNAME |
The SMTP username | N/A |
SMTP_PASSWORD |
The SMTP user password | N/A |
SMTP_AUTH_TYPE |
The SMTP authentication type. Possible values: PLAIN , LOGIN , NONE |
NONE |
SMTP_ENCRYPTION |
the encryption method. Possible values: NONE , SSL , SSLTLS , TLS , STARTTLS |
STARTTLS |
Defaults for server configuration
These environment variables are used to control the default server settings used when initializing the database.
Variable | Description | Default |
---|---|---|
WGUI_SERVER_INTERFACE_ADDRESSES |
The default interface addresses (comma-separated-list) for the WireGuard server configuration | 10.252.1.0/24 |
WGUI_SERVER_LISTEN_PORT |
The default server listen port | 51820 |
WGUI_SERVER_POST_UP_SCRIPT |
The default server post-up script | N/A |
WGUI_SERVER_POST_DOWN_SCRIPT |
The default server post-down script | N/A |
Defaults for new clients
These environment variables are used to set the defaults used in New Client
dialog.
Variable | Description | Default |
---|---|---|
WGUI_DEFAULT_CLIENT_ALLOWED_IPS |
Comma-separated-list of CIDRs for the Allowed IPs field. (default ) |
0.0.0.0/0 |
WGUI_DEFAULT_CLIENT_EXTRA_ALLOWED_IPS |
Comma-separated-list of CIDRs for the Extra Allowed IPs field. (default empty) |
N/A |
WGUI_DEFAULT_CLIENT_USE_SERVER_DNS |
Boolean value [0 , f , F , false , False , FALSE , 1 , t , T , true , True , TRUE ] |
true |
WGUI_DEFAULT_CLIENT_ENABLE_AFTER_CREATION |
Boolean value [0 , f , F , false , False , FALSE , 1 , t , T , true , True , TRUE ] |
true |
Docker only
These environment variables only apply to the docker container.
Variable | Description | Default |
---|---|---|
WGUI_MANAGE_START |
Start/stop WireGuard when the container is started/stopped | false |
WGUI_MANAGE_RESTART |
Auto restart WireGuard when we Apply Config changes in the UI | false |
Auto restart WireGuard daemon
WireGuard-UI only takes care of configuration generation. You can use systemd to watch for the changes and restart the service. Following is an example:
Using systemd
Create /etc/systemd/system/wgui.service
cd /etc/systemd/system/
cat << EOF > wgui.service
[Unit]
Description=Restart WireGuard
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart wg-quick@wg0.service
[Install]
RequiredBy=wgui.path
EOF
Create /etc/systemd/system/wgui.path
cd /etc/systemd/system/
cat << EOF > wgui.path
[Unit]
Description=Watch /etc/wireguard/wg0.conf for changes
[Path]
PathModified=/etc/wireguard/wg0.conf
[Install]
WantedBy=multi-user.target
EOF
Apply it
systemctl enable wgui.{path,service}
systemctl start wgui.{path,service}
Using openrc
Create /usr/local/bin/wgui
file and make it executable
cd /usr/local/bin/
cat << EOF > wgui
#!/bin/sh
wg-quick down wg0
wg-quick up wg0
EOF
chmod +x wgui
Create /etc/init.d/wgui
file and make it executable
cd /etc/init.d/
cat << EOF > wgui
#!/sbin/openrc-run
command=/sbin/inotifyd
command_args="/usr/local/bin/wgui /etc/wireguard/wg0.conf:w"
pidfile=/run/${RC_SVCNAME}.pid
command_background=yes
EOF
chmod +x wgui
Apply it
rc-service wgui start
rc-update add wgui default
Using Docker
Set WGUI_MANAGE_RESTART=true
to manage Wireguard interface restarts.
Using WGUI_MANAGE_START=true
can also replace the function of wg-quick@wg0
service, to start Wireguard at boot, by
running the container with restart: unless-stopped
. These settings can also pick up changes to Wireguard Config File
Path, after restarting the container. Please make sure you have --cap-add=NET_ADMIN
in your container config to make
this
feature work.
Build
Build docker image
Go to the project root directory and run the following command:
docker build -t wireguard-ui .
Build binary file
Prepare the assets directory
./prepare_assets.sh
Then you can embed resources by generating Go source code
rice embed-go
go build -o wireguard-ui
Or, append resources to executable as zip file
go build -o wireguard-ui
rice append --exec wireguard-ui
License
MIT. See LICENSE.
Support
If you like the project and want to support it, you can buy me a coffee ☕