A basic, self-contained management service for WireGuard with a self-serve web UI.
- Self-serve and web based
- QR-Code for convenient mobile client configuration
- Optional multi-user support behind an authenticating proxy
- Zero external dependencies - just a single binary using the wireguard kernel module
- Binary and container deployment
- This Ascend version also has a sign out button :D
- Instead of showing the Google ID, your company email is shown
You can configure wg-ui using commandline flags or environment variables. To see all available flags run:
./wireguard-ui -h
You need to have WireGuard installed on the machine running wg-ui
.
Unless you use the userspace version with docker you're required to have WireGuard installed on your host machine.
Ubuntu installation guide: Ubuntu 20.04 LTS
Install latest version of Go from (https://golang.org/dl/)
sudo tar -C /usr/local -xzf go$VERSION.$OS-$ARCH.tar.gz
Bash: ~/.bash_profile
ZSH: ~/.zshrc
export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin
export GOPATH=$HOME/go
git clone https://github.com/AscendNTNU/wg-ui.git && cd wg-ui
make build
make build-armv6
make build-armv7
make ui
make build
npm install --prefix=ui
npm run --prefix=ui dev
make build
sudo ./bin/wireguard-ui --log-level=debug --dev-ui-server http://localhost:5000
In this project, we use the binary that is created by building the project (make build
).
Then run the binary with the flags that is outputed with the command ./wireguard-ui -h
Notes:
- This example is running Wireguard-ui on port 8080.
- You need to have SSL (so get the certificate)
Edit the /etc/nginx/sites-enables/default
or create a new config with these settings. Note: the SSL certificate and key, are both located in /etc/nginx/ssl/
:
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name server-name;
ssl on;
ssl_certificate ssl/ssl_certificate.cer
ssl_certificate_key ssl/ssl_key.key;
location / {
proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 30;
}
}
server {
listen 80;
listen [::]:80;
server_name server-name;
location / {
if ($host = server-name) {
return 301 https://$host$request_uri;
}
}
}
To set up oauth2-proxy, you have to install the latest version from their GitHub.
Then follow this guide to get your client ID and secret from Google.
After you have installed it, create a config (for example /etc/oauth2-proxy.cfg
):
prompt = "select_account"
provider = "google"
redirect_url = "https://cp.example.com/oauth2/callback"
reverse_proxy = true
email_domains = [
"yourcompany.com"
]
client_id = "google-client-id"
client_secret = "google-client-secret"
pass_user_headers = true
cookie_name = "_oauth2_proxy"
cookie_secret = "cookie-seed"
cookie_expire = "1h"
upstreams = "http://127.0.0.1:8080/"
I recommend checking out the official oauth2-proxy documentation for more settings and configs. It also shows how you can generate your cookie seed.
To run oauth2-proxy, just run oauth2-proxy --config=/etc/oauth2-proxy.cfg
.
Create the service files in /etc/systemd/system/
folder
# Systemd service file for wg-ui and wg
# Created by Shayan Alinejad
[Unit]
Description=wg-ui & wg daemon service
After=syslog.target network.target
[Service]
ExecStart=location-of-wireguard-ui-binary-with-flags
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
[Install]
WantedBy=multi-user.target
# Systemd service file for oauth2-proxy daemon
#
# Date: Feb 9, 2016
# Author: Srdjan Grubor <sgnn7@sgnn7.org>
[Unit]
Description=oauth2-proxy daemon service
After=syslog.target network.target
[Service]
# www-data group and user need to be created before using these lines
User=www-data
Group=www-data
ExecStart=oauth2-proxy --config=/etc/oauth2-proxy.cfg
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
[Install]
WantedBy=multi-user.target
We welcome community contributions to this project.
Please read our Contributor Guide for more information on how to get started.
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.