Skip to content

Matze1224/wireguard-ui

 
 

Repository files navigation

wireguard-ui

A web user interface to manage your WireGuard setup.

Features

  • Friendly UI
  • Authentication
  • Manage extra client information (name, email, etc)
  • Retrieve client config using QR code / file / email

wireguard-ui 0.3.7

Run WireGuard-UI

⚠️The default username and password are admin. Please change it to secure your setup.

Using binary file

Download the binary file from the release page and run it directly on the host machine

./wireguard-ui

Using docker compose

You can take a look at this example of docker-compose.yml. Please adjust volume mount points to work with your setup. Then run it like below:

docker-compose up

Note:

  • There is a Status page that needs docker to be able to access the network of the host in order to read the wireguard interface stats. See the cap_add and network_mode options on the docker-compose.yaml
  • Similarly, the WGUI_MANAGE_START and WGUI_MANAGE_RESTART settings need the same access, in order to restart the wireguard interface.
  • Because the network_mode is set to host, we don't need to specify the exposed ports. The app will listen on port 5000 by default.

Environment Variables

Variable Description Default
BASE_PATH Set this variable if you run wireguard-ui under a subpath of your reverse proxy virtual host (e.g. /wireguard)) N/A
SESSION_SECRET The secret key used to encrypt the session cookies. Set this to a random value N/A
WGUI_USERNAME The username for the login page. Used for db initialization only admin
WGUI_PASSWORD The password for the user on the login page. Will be hashed automatically. Used for db initialization only admin
WGUI_PASSWORD_HASH The password hash for the user on the login page. (alternative to WGUI_PASSWORD). Used for db initialization only N/A
WGUI_ENDPOINT_ADDRESS The default endpoint address used in global settings Resolved to your public ip address
WGUI_DNS The default DNS servers (comma-separated-list) used in the global settings 1.1.1.1
WGUI_MTU The default MTU used in global settings 1450
WGUI_PERSISTENT_KEEPALIVE The default persistent keepalive for WireGuard in global settings 15
WGUI_FORWARD_MARK The default WireGuard forward mark 0xca6c
WGUI_CONFIG_FILE_PATH The default WireGuard config file path used in global settings /etc/wireguard/wg0.conf
WG_CONF_TEMPLATE The custom wg.conf config file template. Please refer to our default template N/A
EMAIL_FROM_ADDRESS The sender email address N/A
EMAIL_FROM_NAME The sender name WireGuard UI
SENDGRID_API_KEY The SendGrid api key N/A
SMTP_HOSTNAME The SMTP IP address or hostname 127.0.0.1
SMTP_PORT The SMTP port 25
SMTP_USERNAME The SMTP username N/A
SMTP_PASSWORD The SMTP user password N/A
SMTP_AUTH_TYPE The SMTP authentication type. Possible values: PLAIN, LOGIN, NONE NONE
SMTP_ENCRYPTION the encryption method. Possible values: SSL, SSLTLS, TLS, STARTTLS STARTTLS

Defaults for server configuration

These environment variables are used to control the default server settings used when initializing the database.

Variable Description Default
WGUI_SERVER_INTERFACE_ADDRESSES The default interface addresses (comma-separated-list) for the WireGuard server configuration 10.252.1.0/24
WGUI_SERVER_LISTEN_PORT The default server listen port 51820
WGUI_SERVER_POST_UP_SCRIPT The default server post-up script N/A
WGUI_SERVER_POST_DOWN_SCRIPT The default server post-down script N/A

Defaults for new clients

These environment variables are used to set the defaults used in New Client dialog.

Variable Description Default
WGUI_DEFAULT_CLIENT_ALLOWED_IPS Comma-separated-list of CIDRs for the Allowed IPs field. (default ) 0.0.0.0/0
WGUI_DEFAULT_CLIENT_EXTRA_ALLOWED_IPS Comma-separated-list of CIDRs for the Extra Allowed IPs field. (default empty) N/A
WGUI_DEFAULT_CLIENT_USE_SERVER_DNS Boolean value [0, f, F, false, False, FALSE, 1, t, T, true, True, TRUE] true
WGUI_DEFAULT_CLIENT_ENABLE_AFTER_CREATION Boolean value [0, f, F, false, False, FALSE, 1, t, T, true, True, TRUE] true

Docker only

These environment variables only apply to the docker container.

Variable Description Default
WGUI_MANAGE_START Start/stop WireGuard when the container is started/stopped false
WGUI_MANAGE_RESTART Auto restart WireGuard when we Apply Config changes in the UI false

Auto restart WireGuard daemon

WireGuard-UI only takes care of configuration generation. You can use systemd to watch for the changes and restart the service. Following is an example:

Using systemd

Create /etc/systemd/system/wgui.service

cd /etc/systemd/system/
cat << EOF > wgui.service
[Unit]
Description=Restart WireGuard
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart [email protected]

[Install]
RequiredBy=wgui.path
EOF

Create /etc/systemd/system/wgui.path

cd /etc/systemd/system/
cat << EOF > wgui.path
[Unit]
Description=Watch /etc/wireguard/wg0.conf for changes

[Path]
PathModified=/etc/wireguard/wg0.conf

[Install]
WantedBy=multi-user.target
EOF

Apply it

systemctl enable wgui.{path,service}
systemctl start wgui.{path,service}

Using openrc

Create /usr/local/bin/wgui file and make it executable

cd /usr/local/bin/
cat << EOF > wgui
#!/bin/sh
wg-quick down wg0
wg-quick up wg0
EOF
chmod +x wgui

Create /etc/init.d/wgui file and make it executable

cd /etc/init.d/
cat << EOF > wgui
#!/sbin/openrc-run

command=/sbin/inotifyd
command_args="/usr/local/bin/wgui /etc/wireguard/wg0.conf:w"
pidfile=/run/${RC_SVCNAME}.pid
command_background=yes
EOF
chmod +x wgui

Apply it

rc-service wgui start
rc-update add wgui default

Using Docker

Set WGUI_MANAGE_RESTART=true to manage Wireguard interface restarts. Using WGUI_MANAGE_START=true can also replace the function of wg-quick@wg0 service, to start Wireguard at boot, by running the container with restart: unless-stopped. These settings can also pick up changes to Wireguard Config File Path, after restarting the container. Please make sure you have --cap-add=NET_ADMIN in your container config to make this feature work.

Build

Build docker image

Go to the project root directory and run the following command:

docker build -t wireguard-ui .

Build binary file

Prepare the assets directory

./prepare_assets.sh

Then you can embed resources by generating Go source code

rice embed-go
go build -o wireguard-ui

Or, append resources to executable as zip file

go build -o wireguard-ui
rice append --exec wireguard-ui

License

MIT. See LICENSE.

Support

If you like the project and want to support it, you can buy me a coffee

Buy Me A Coffee

About

Wireguard web interface

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • HTML 47.8%
  • Go 42.8%
  • JavaScript 7.4%
  • Dockerfile 1.1%
  • Shell 0.9%