Skip to content
This repository was archived by the owner on Apr 25, 2023. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: EmbarkStudios/wg-ui
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: AscendNTNU/wg-ui
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 14 commits
  • 14 files changed
  • 2 contributors

Commits on Jan 14, 2022

  1. signout button is implemented, and email is shown instead if google id

    @CarixoHD
    CarixoHD committed Jan 14, 2022
    Copy the full SHA
    52a4f85 View commit details

  2. Update README.md

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    e8e16a2 View commit details

  3. Update README.md

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    1fd0b33 View commit details

  4. Update README.md

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    661abc7 View commit details

  5. Update README.md

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    02d1c1e View commit details

  6. Update README.md

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    dc19d00 View commit details

  7. Update README.md

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    3eaab92 View commit details

  8. Update README.md

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    8a67bc3 View commit details

  9. Delete doc directory

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    f68f0b9 View commit details

  10. Delete wireguard-ui.png

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    5124dc5 View commit details

  11. Add files via upload

    @CarixoHD
    CarixoHD authored Jan 14, 2022
    Copy the full SHA
    7ac34c1 View commit details

Commits on Jan 15, 2022

  1. Update README.md

    @CarixoHD
    CarixoHD authored Jan 15, 2022
    Copy the full SHA
    a09b3fd View commit details

Commits on Feb 9, 2022

  1. removed restart docker

    @CarixoHD
    CarixoHD committed Feb 9, 2022
    Copy the full SHA
    08eeb9c View commit details

Commits on May 6, 2022

  1. Update README.md

    @CarixoHD
    CarixoHD authored May 6, 2022
    Copy the full SHA
    1ca6d00 View commit details
Showing with 17,237 additions and 330 deletions.
  1. +5 −0 Dockerfile
  2. +125 −61 README.md
  3. +2 −2 config.go
  4. +0 −131 doc/auth-google-sso.md
  5. +0 −60 doc/auth-shibboleth-sso.md
  6. +7 −8 docker-compose.yml
  7. +0 −3 go.mod
  8. +2 −34 go.sum
  9. +7 −1 server.go
  10. +17,081 −22 ui/package-lock.json
  11. +3 −3 ui/src/App.svelte
  12. +2 −2 ui/src/Clients.svelte
  13. +3 −3 ui/src/Nav.svelte
  14. BIN wireguard-ui.png
5 changes: 5 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
FROM ubuntu:20.04
RUN apt-get update && apt-get install net-tools
CMD ["ifconfig"]

FROM docker.io/node:12 AS ui
WORKDIR /ui
COPY ui/package.json ui/package-lock.json /ui/
@@ -17,3 +21,4 @@ RUN go install .
FROM gcr.io/distroless/base
COPY --from=build /go/bin/wireguard-ui /
ENTRYPOINT [ "/wireguard-ui" ]

186 changes: 125 additions & 61 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -4,7 +4,6 @@
[![Contributor Covenant](https://img.shields.io/badge/contributor%20covenant-v1.4%20adopted-ff69b4.svg)](CODE_OF_CONDUCT.md)

A basic, self-contained management service for [WireGuard](https://wireguard.com) with a self-serve web UI.
Current stable release: [v1.3.0](https://github.com/EmbarkStudios/wg-ui/releases/tag/v1.3.0)

## Features

@@ -13,68 +12,30 @@ Current stable release: [v1.3.0](https://github.com/EmbarkStudios/wg-ui/releases
* Optional multi-user support behind an authenticating proxy
* Zero external dependencies - just a single binary using the wireguard kernel module
* Binary and container deployment
* This Ascend version also has a sign out button :D
* Instead of showing the Google ID, your company email is shown

![Screenshot](wireguard-ui.png)

## Running

The easiest way to run wg-ui is using the container image. To test it, run:

```docker run --rm -it --privileged --entrypoint "/wireguard-ui" -v /tmp/wireguard-ui:/data -p 8080:8080 embarkstudios/wireguard-ui:latest --data-dir=/data --log-level=debug```

When running in production, we recommend using the latest release as opposed to `latest`.

Important to know is that you need to have WireGuard installed on the machine in order for this to work, as this is 'just' a UI to manage WireGuard configs.

### Configuration

You can configure wg-ui using commandline flags or environment variables.
To see all available flags run:

```
docker run --rm -it embarkstudios/wireguard-ui:latest -h
./wireguard-ui -h
```

You can alternatively specify each flag through an environment variable of the form `WIREGUARD_UI_<FLAG_NAME>`, where `<FLAG_NAME>` is replaced with the flag name transformed to `CONSTANT_CASE`, e.g.

```docker run --rm -it embarkstudios/wireguard-ui:latest --log-level=debug```

and

```docker run --rm -it -e WIREGUARD_UI_LOG_LEVEL=debug embarkstudios/wireguard-ui:latest```

are the same.

## Docker images

There are two ways to run wg-ui today, you can run it with kernel module installed on your host which is the best way to do it if you want performance.

```
docker pull embarkstudios/wireguard-ui:latest
```

If you however do not have the possibility or interest in having kernel module loaded on your host, there is now a solution for that using a docker image based on wireguard-go. Keep in mind that this runs in userspace and not in kernel module.

```
docker pull embarkstudios/wireguard-ui:userspace
```

Both images are built for `linux/amd64`, `linux/arm64` and `linux/arm/v7`. If you would need it for any other platform you can build wg-ui binaries with help from the documentation.


## Install without Docker

You need to have WireGuard installed on the machine running `wg-ui`.

Unless you use the userspace version with docker you're required to have WireGuard installed on your host machine.

A few installation guides:
Ubuntu installation guide:
[Ubuntu 20.04 LTS](https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/)
[CentOS 8](https://www.cyberciti.biz/faq/centos-8-set-up-wireguard-vpn-server/)
[Debian 10](https://www.cyberciti.biz/faq/debian-10-set-up-wireguard-vpn-server/)

### Go installation (Debian)
### Go installation
Install latest version of Go from (https://golang.org/dl/)

```
@@ -90,18 +51,10 @@ export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin
export GOPATH=$HOME/go
```

### Install LTS version of nodejs for frontend.

```
sudo apt-get install curl software-properties-common
curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -
sudo apt-get install nodejs
```

### Fetch wg-ui

```
git clone https://github.com/EmbarkStudios/wg-ui.git && cd wg-ui
git clone https://github.com/AscendNTNU/wg-ui.git && cd wg-ui
```

### Build binary with ui
@@ -110,15 +63,6 @@ git clone https://github.com/EmbarkStudios/wg-ui.git && cd wg-ui
make build
```

### Crosscompiling

```
make build-amd64
```

```
make build-armv5
```

```
make build-armv6
@@ -150,6 +94,126 @@ make build
sudo ./bin/wireguard-ui --log-level=debug --dev-ui-server http://localhost:5000
```

### Running Wireguard

In this project, we use the binary that is created by building the project (`make build`).
Then run the binary with the flags that is outputed with the command `./wireguard-ui -h`

## Setting up Nginx as reverse proxy, and oauth2-proxy as authenticator with Google as provider

Notes:
- This example is running Wireguard-ui on port 8080.
- You need to have SSL (so get the certificate)

Edit the `/etc/nginx/sites-enables/default` or create a new config with these settings. Note: the SSL certificate and key, are both located in `/etc/nginx/ssl/`:
```
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name server-name;
ssl on;
ssl_certificate ssl/ssl_certificate.cer
ssl_certificate_key ssl/ssl_key.key;
location / {
proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 30;
}
}
server {
listen 80;
listen [::]:80;
server_name server-name;
location / {
if ($host = server-name) {
return 301 https://$host$request_uri;
}
}
}
```
To set up [oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy), you have to install the latest version from their GitHub.
Then follow this [guide](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#google-auth-provider) to get your client ID and secret from Google.
After you have installed it, create a config (for example `/etc/oauth2-proxy.cfg`):

```
prompt = "select_account"
provider = "google"
redirect_url = "https://cp.example.com/oauth2/callback"
reverse_proxy = true
email_domains = [
"yourcompany.com"
]
client_id = "google-client-id"
client_secret = "google-client-secret"
pass_user_headers = true
cookie_name = "_oauth2_proxy"
cookie_secret = "cookie-seed"
cookie_expire = "1h"
upstreams = "http://127.0.0.1:8080/"
```
I recommend checking out the official oauth2-proxy [documentation](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview) for more settings and configs. It also shows how you can generate your cookie seed.

To run oauth2-proxy, just run `oauth2-proxy --config=/etc/oauth2-proxy.cfg`.


### Creating service systemd file for the services

Create the service files in `/etc/systemd/system/` folder
```
# Systemd service file for wg-ui and wg
# Created by Shayan Alinejad
[Unit]
Description=wg-ui & wg daemon service
After=syslog.target network.target
[Service]
ExecStart=location-of-wireguard-ui-binary-with-flags
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
[Install]
WantedBy=multi-user.target
```
```
# Systemd service file for oauth2-proxy daemon
#
# Date: Feb 9, 2016
# Author: Srdjan Grubor <sgnn7@sgnn7.org>
[Unit]
Description=oauth2-proxy daemon service
After=syslog.target network.target
[Service]
# www-data group and user need to be created before using these lines
User=www-data
Group=www-data
ExecStart=oauth2-proxy --config=/etc/oauth2-proxy.cfg
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
[Install]
WantedBy=multi-user.target
```
## Contributing

We welcome community contributions to this project.
4 changes: 2 additions & 2 deletions config.go
View file
Original file line number Diff line number Diff line change
@@ -87,12 +87,12 @@ func (cfg *ServerConfig) Write() error {
}

// GetUserConfig returns a UserConfig for a specific user
func (cfg *ServerConfig) GetUserConfig(user string) *UserConfig {
func (cfg *ServerConfig) GetUserConfig(user string, username string) *UserConfig {
c, ok := cfg.Users[user]
if !ok {
log.WithField("user", user).Info("No such user. Creating one.")
c = &UserConfig{
Name: user,
Name: username,
Clients: make(map[string]*ClientConfig),
}
cfg.Users[user] = c
Loading