|
|
|
# wireguard-manager
|
|
|
|
The wireguard-manager provides a easy-to-use graphical interface to setup and manage wireguard server(s).
|
|
|
|
The following features is implemented:
|
|
|
|
* Create/Delete/Modify Server
|
|
|
|
* Create/Delete/Modify Users
|
|
|
|
* QRCode export
|
|
|
|
* Text export
|
|
|
|
* Start/Stop server
|
|
|
|
* User bandwidth usage statistics
|
|
|
|
|
|
|
|
The interface runs in docker and requires the host to have installed wireguard, either as a dkms module, or by using newer kernels (5.6+)
|
|
|
|
|
|
|
|
# Dependencies
|
|
|
|
* wireguard-dkms or Linux kernel >= 5.6
|
|
|
|
* python 3.6+
|
|
|
|
|
|
|
|
# Installation (Docker)
|
|
|
|
1. Enable ip forwarding with `sysctl -w net.ipv4.ip_forward=1`
|
|
|
|
1.1. To make the forwarding persistent add `net.ipv4.ip_forward = 1` to `/etc/sysctl.d/99-sysctl.conf`
|
|
|
|
2. It is recommended to have a firewall protecting your services
|
|
|
|
## Docker
|
|
|
|
```bash
|
|
|
|
docker run -d \
|
|
|
|
--cap-add NET_ADMIN \
|
|
|
|
--name wireguard-manager \
|
|
|
|
--net host \
|
|
|
|
-p "51800-51900:51800-51900/udp" \
|
|
|
|
-v wireguard-manager:/config \
|
|
|
|
-e PORT="8888" \
|
|
|
|
-e ADMIN_USERNAME="admin" \
|
|
|
|
-e ADMIN_PASSWORD="admin" \
|
|
|
|
perara/wireguard-manager
|
|
|
|
```
|
|
|
|
|
|
|
|
## Docker-compose
|
|
|
|
```yaml
|
|
|
|
wireguard:
|
|
|
|
container_name: wireguard-manager
|
|
|
|
image: perara/wireguard-manager
|
|
|
|
cap_add:
|
|
|
|
- NET_ADMIN
|
|
|
|
ports:
|
|
|
|
- 51800:51900/udp
|
|
|
|
- 8888:8888
|
|
|
|
volumes:
|
|
|
|
- ./ops/wireguard/_data:/config
|
|
|
|
environment:
|
|
|
|
HOST: 0.0.0.0
|
|
|
|
PORT: 8888
|
|
|
|
ADMIN_PASSWORD: admin
|
|
|
|
ADMIN_USERNAME: admin
|
|
|
|
WEB_CONCURRENCY: 1
|
|
|
|
```
|
|
|
|
|
|
|
|
# Install (OS)
|
|
|
|
- [Installation on Debian/Ubuntu](./docs/install_debian.md)
|
|
|
|
|
|
|
|
|
|
|
|
# Environment variables
|
|
|
|
| Environment | Description | Recommended |
|
|
|
|
|------------------|--------------------------------------------------------------------------|-------------|
|
|
|
|
| GUNICORN_CONF | Location of custom gunicorn configuration | default |
|
|
|
|
| WORKERS_PER_CORE | How many concurrent workers should there be per available core (Gunicorn | default |
|
|
|
|
| WEB_CONCURRENCY | The number of worker processes for handling requests. (Gunicorn) | 1 |
|
|
|
|
| HOST | 0.0.0.0 or unix:/tmp/gunicorn.sock if reverse proxy. Remember to mount | 0.0.0.0 |
|
|
|
|
| PORT | The port to use if running with IP host bind | 80 |
|
|
|
|
| LOG_LEVEL | Logging level of gunicorn/python | info |
|
|
|
|
| ADMIN_USERNAME | Default admin username on database creation | admin |
|
|
|
|
| ADMIN_PASSWORD | Default admin password on database creation | admin |
|
|
|
|
# Usage
|
|
|
|
When docker container is started, go to http://localhost:80
|
|
|
|
|
|
|
|
# Reverse Proxy
|
|
|
|
Use jwilder/nginx-proxy or similar.
|
|
|
|
|
|
|
|
|
|
|
|
# Showcase
|
|
|
|
![Illustration](docs/images/0.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/1.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/2.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/3.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/4.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/5.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/6.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/7.png)
|
|
|
|
|
|
|
|
![Illustration](docs/images/8.png)
|
|
|
|
|
|
|
|
# Roadmap
|
|
|
|
### Primaries
|
|
|
|
- Implement multi-server support (setting up site-2-site servers from the GUI)
|
|
|
|
- Extending multi-server support to enable custom access lists (A peer can be assigned to multiple servers, as part of the ACL)
|
|
|
|
|
|
|
|
### Other
|
|
|
|
* Eventual bugfixes
|
|
|
|
* Improve Auth
|
|
|
|
* Improve everything...
|