Mirrors/wg-portal
1
0
Fork 0
mirror of https://github.com/h44z/wg-portal.git synced 2025-06-28 09:17:00 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
wg-portal/v2.0.0-rc.4/documentation/configuration/overview/index.html

88 lines
92 KiB
HTML
Raw Normal View History

Deployed b4aa6f8 to v2.0.0-rc.4 with MkDocs 1.6.1 and mike 2.1.3
2025-05-04 17:09:11 +00:00
<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="Manage WireGuard Peers and Interface using a beautiful and simple web UI."><link href=https://wgportal.org/v2.0.0-rc.4/documentation/configuration/overview/ rel=canonical><link href=../../getting-started/reverse-proxy/ rel=prev><link href=../examples/ rel=next><link rel=icon href=../../../assets/images/favicon-large.png><meta name=generator content="mkdocs-1.6.1, mkdocs-material-9.6.12"><title>Overview - WireGuard Portal</title><link rel=stylesheet href=../../../assets/stylesheets/main.2afb09e1.min.css><link rel=stylesheet href=../../../assets/stylesheets/palette.06af60db.min.css><link rel=stylesheet href=../../../stylesheets/extra.css><script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script><meta property=og:type content=website><meta property=og:title content="Overview - WireGuard Portal"><meta property=og:description content="Manage WireGuard Peers and Interface using a beautiful and simple web UI."><meta property=og:image content=https://wgportal.org/v2.0.0-rc.4/assets/images/social/documentation/configuration/overview.png><meta property=og:image:type content=image/png><meta property=og:image:width content=1200><meta property=og:image:height content=630><meta content=https://wgportal.org/v2.0.0-rc.4/documentation/configuration/overview/ property=og:url><meta name=twitter:card content=summary_large_image><meta name=twitter:title content="Overview - WireGuard Portal"><meta name=twitter:description content="Manage WireGuard Peers and Interface using a beautiful and simple web UI."><meta name=twitter:image content=https://wgportal.org/v2.0.0-rc.4/assets/images/social/documentation/configuration/overview.png></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#core class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <div data-md-color-scheme=default data-md-component=outdated hidden> </div> <header class=md-header data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../../.. title="WireGuard Portal" class="md-header__button md-logo" aria-label="WireGuard Portal" data-md-component=logo> <img src=../../../assets/images/logo.svg alt=logo> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> WireGuard Portal </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> Overview </span> </div> </div> </div> <label class="md-header__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query req
<span class=w> </span><span class=nt>admin_user</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">admin@wgportal.local</span>
<span class=w> </span><span class=nt>admin_password</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">wgportal</span>
<span class=w> </span><span class=nt>editable_keys</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>create_default_peer</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>create_default_peer_on_creation</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>re_enable_peer_after_user_enable</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>delete_peer_after_user_deleted</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>self_provisioning_allowed</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>import_existing</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>restore_state</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=nt>advanced</span><span class=p>:</span>
<span class=w> </span><span class=nt>log_level</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">info</span>
<span class=w> </span><span class=nt>log_pretty</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>log_json</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>start_listen_port</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">51820</span>
<span class=w> </span><span class=nt>start_cidr_v4</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">10.11.12.0/24</span>
<span class=w> </span><span class=nt>start_cidr_v6</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">fdfd:d3ad:c0de:1234::0/64</span>
<span class=w> </span><span class=nt>use_ip_v6</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>config_storage_path</span><span class=p>:</span><span class=w> </span><span class=s>&quot;&quot;</span>
<span class=w> </span><span class=nt>expiry_check_interval</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">15m</span>
<span class=w> </span><span class=nt>rule_prio_offset</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">20000</span>
<span class=w> </span><span class=nt>api_admin_only</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=nt>database</span><span class=p>:</span>
<span class=w> </span><span class=nt>debug</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>slow_query_threshold</span><span class=p>:</span><span class=w> </span><span class=s>&quot;0&quot;</span>
<span class=w> </span><span class=nt>type</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">sqlite</span>
<span class=w> </span><span class=nt>dsn</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">data/sqlite.db</span>
<span class=nt>statistics</span><span class=p>:</span>
<span class=w> </span><span class=nt>use_ping_checks</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>ping_check_workers</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">10</span>
<span class=w> </span><span class=nt>ping_unprivileged</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>ping_check_interval</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">1m</span>
<span class=w> </span><span class=nt>data_collection_interval</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">1m</span>
<span class=w> </span><span class=nt>collect_interface_data</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>collect_peer_data</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>collect_audit_data</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>listening_address</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">:8787</span>
<span class=nt>mail</span><span class=p>:</span>
<span class=w> </span><span class=nt>host</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">127.0.0.1</span>
<span class=w> </span><span class=nt>port</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">25</span>
<span class=w> </span><span class=nt>encryption</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">none</span>
<span class=w> </span><span class=nt>cert_validation</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class=w> </span><span class=nt>username</span><span class=p>:</span><span class=w> </span><span class=s>&quot;&quot;</span>
<span class=w> </span><span class=nt>password</span><span class=p>:</span><span class=w> </span><span class=s>&quot;&quot;</span>
<span class=w> </span><span class=nt>auth_type</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">plain</span>
<span class=w> </span><span class=nt>from</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">Wireguard Portal &lt;noreply@wireguard.local&gt;</span>
<span class=w> </span><span class=nt>link_only</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=nt>auth</span><span class=p>:</span>
<span class=w> </span><span class=nt>oidc</span><span class=p>:</span><span class=w> </span><span class="p p-Indicator">[]</span>
<span class=w> </span><span class=nt>oauth</span><span class=p>:</span><span class=w> </span><span class="p p-Indicator">[]</span>
<span class=w> </span><span class=nt>ldap</span><span class=p>:</span><span class=w> </span><span class="p p-Indicator">[]</span>
<span class=nt>web</span><span class=p>:</span>
<span class=w> </span><span class=nt>listening_address</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">:8888</span>
<span class=w> </span><span class=nt>external_url</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">http://localhost:8888</span>
<span class=w> </span><span class=nt>site_company_name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">WireGuard Portal</span>
<span class=w> </span><span class=nt>site_title</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">WireGuard Portal</span>
<span class=w> </span><span class=nt>session_identifier</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">wgPortalSession</span>
<span class=w> </span><span class=nt>session_secret</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">very_secret</span>
<span class=w> </span><span class=nt>csrf_secret</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">extremely_secret</span>
<span class=w> </span><span class=nt>request_logging</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class=w> </span><span class=nt>cert_file</span><span class=p>:</span><span class=w> </span><span class=s>&quot;&quot;</span>
<span class=w> </span><span class=nt>key_File</span><span class=p>:</span><span class=w> </span><span class=s>&quot;&quot;</span>
<span class=nt>webhook</span><span class=p>:</span>
<span class=w> </span><span class=nt>url</span><span class=p>:</span><span class=w> </span><span class=s>&quot;&quot;</span>
<span class=w> </span><span class=nt>authentication</span><span class=p>:</span><span class=w> </span><span class=s>&quot;&quot;</span>
<span class=w> </span><span class=nt>timeout</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">10s</span>
</code></pre></div> </details> <p>Below you will find sections like <a href=#core><code>core</code></a>, <a href=#advanced><code>advanced</code></a>, <a href=#database><code>database</code></a>, <a href=#statistics><code>statistics</code></a>, <a href=#mail><code>mail</code></a>, <a href=#auth><code>auth</code></a>, <a href=#web><code>web</code></a> and <a href=#webhook><code>webhook</code></a>.<br> Each section describes the individual configuration keys, their default values, and a brief explanation of their purpose.</p> <hr> <h2 id=core>Core</h2> <p>These are the primary configuration options that control fundamental WireGuard Portal behavior. More advanced options are found in the subsequent <code>Advanced</code> section.</p> <h3 id=admin_user><code>admin_user</code></h3> <ul> <li><strong>Default:</strong> <code>admin@wgportal.local</code></li> <li><strong>Description:</strong> The administrator user. This user will be created as a default admin if it does not yet exist.</li> </ul> <h3 id=admin_password><code>admin_password</code></h3> <ul> <li><strong>Default:</strong> <code>wgportal</code></li> <li><strong>Description:</strong> The administrator password. The default password of <code>wgportal</code> should be changed immediately.</li> </ul> <h3 id=admin_api_token><code>admin_api_token</code></h3> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> An API token for the admin user. If a token is provided, the REST API can be accessed using this token. If empty, the API is initially disabled for the admin user.</li> </ul> <h3 id=editable_keys><code>editable_keys</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> Allow editing of WireGuard key-pairs directly in the UI.</li> </ul> <h3 id=create_default_peer><code>create_default_peer</code></h3> <ul> <li><strong>Default:</strong> <code>false</code></li> <li><strong>Description:</strong> If a user logs in for the first time with no existing peers, automatically create a new WireGuard peer for <strong>all</strong> server interfaces.</li> </ul> <h3 id=create_default_peer_on_creation><code>create_default_peer_on_creation</code></h3> <ul> <li><strong>Default:</strong> <code>false</code></li> <li><strong>Description:</strong> If an LDAP user is created (e.g., through LDAP sync) and has no peers, automatically create a new WireGuard peer for <strong>all</strong> server interfaces.</li> </ul> <h3 id=re_enable_peer_after_user_enable><code>re_enable_peer_after_user_enable</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> Re-enable all peers that were previously disabled if the associated user is re-enabled.</li> </ul> <h3 id=delete_peer_after_user_deleted><code>delete_peer_after_user_deleted</code></h3> <ul> <li><strong>Default:</strong> <code>false</code></li> <li><strong>Description:</strong> If a user is deleted, remove all linked peers. Otherwise, peers remain but are disabled.</li> </ul> <h3 id=self_provisioning_allowed><code>self_provisioning_allowed</code></h3> <ul> <li><strong>Default:</strong> <code>false</code></li> <li><strong>Description:</strong> Allow registered (non-admin) users to self-provision peers from their profile page.</li> </ul> <h3 id=import_existing><code>import_existing</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> On startup, import existing WireGuard interfaces and peers into WireGuard Portal.</li> </ul> <h3 id=restore_state><code>restore_state</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> Restore the WireGuard interface states (up/down) that existed before WireGuard Portal started.</li> </ul> <hr> <h2 id=advanced>Advanced</h2> <p>Additional or more specialized configuration options for logging and interface creation details.</p> <h3 id=log_level><code>log_level</code></h3> <ul> <li><strong>Default:</strong> <code>info</code></li> <li><strong>Description:</strong> The log level used by the app
</code></pre></div></li> </ul> <h3 id=encryption_passphrase><code>encryption_passphrase</code></h3> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> Passphrase for encrypting sensitive values such as private keys in the database. Encryption is only applied if this passphrase is set. <strong>Important:</strong> Once you enable encryption by setting this passphrase, you cannot disable it or change it afterward. New or updated records will be encrypted; existing data remains in plaintext until its next modified.</li> </ul> <hr> <h2 id=statistics>Statistics</h2> <p>Controls how WireGuard Portal collects and reports usage statistics, including ping checks and Prometheus metrics.</p> <h3 id=use_ping_checks><code>use_ping_checks</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> Enable periodic ping checks to verify that peers remain responsive.</li> </ul> <h3 id=ping_check_workers><code>ping_check_workers</code></h3> <ul> <li><strong>Default:</strong> <code>10</code></li> <li><strong>Description:</strong> Number of parallel worker processes for ping checks.</li> </ul> <h3 id=ping_unprivileged><code>ping_unprivileged</code></h3> <ul> <li><strong>Default:</strong> <code>false</code></li> <li><strong>Description:</strong> If <code>false</code>, ping checks run without root privileges. This is currently considered BETA.</li> </ul> <h3 id=ping_check_interval><code>ping_check_interval</code></h3> <ul> <li><strong>Default:</strong> <code>1m</code></li> <li><strong>Description:</strong> Interval between consecutive ping checks for all peers. Format uses <code>s</code>, <code>m</code>, <code>h</code>, <code>d</code> for seconds, minutes, hours, days, see <a href=https://golang.org/pkg/time/#ParseDuration>time.ParseDuration</a>.</li> </ul> <h3 id=data_collection_interval><code>data_collection_interval</code></h3> <ul> <li><strong>Default:</strong> <code>1m</code></li> <li><strong>Description:</strong> Interval between data collection cycles (bytes sent/received, handshake times, etc.). Format uses <code>s</code>, <code>m</code>, <code>h</code>, <code>d</code> for seconds, minutes, hours, days, see <a href=https://golang.org/pkg/time/#ParseDuration>time.ParseDuration</a>.</li> </ul> <h3 id=collect_interface_data><code>collect_interface_data</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> If <code>true</code>, collects interface-level data (bytes in/out) for monitoring and statistics.</li> </ul> <h3 id=collect_peer_data><code>collect_peer_data</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> If <code>true</code>, collects peer-level data (bytes, last handshake, endpoint, etc.).</li> </ul> <h3 id=collect_audit_data><code>collect_audit_data</code></h3> <ul> <li><strong>Default:</strong> <code>true</code></li> <li><strong>Description:</strong> If <code>true</code>, logs certain portal events (such as user logins) to the database.</li> </ul> <h3 id=listening_address><code>listening_address</code></h3> <ul> <li><strong>Default:</strong> <code>:8787</code></li> <li><strong>Description:</strong> Address and port for the integrated Prometheus metric server (e.g., <code>:8787</code> or <code>127.0.0.1:8888</code>).</li> </ul> <hr> <h2 id=mail>Mail</h2> <p>Options for configuring email notifications or sending peer configurations via email.</p> <h3 id=host><code>host</code></h3> <ul> <li><strong>Default:</strong> <code>127.0.0.1</code></li> <li><strong>Description:</strong> Hostname or IP of the SMTP server.</li> </ul> <h3 id=port><code>port</code></h3> <ul> <li><strong>Default:</strong> <code>25</code></li> <li><strong>Description:</strong> Port number for the SMTP server.</li> </ul> <h3 id=encryption><code>encryption</code></h3> <ul> <li><strong>Default:</strong> <code>none</code></li> <li><strong>Description:</strong> SMTP encryption type. Valid values: <code>none</code>, <code>tls</code>, <code>starttls</code>.</li> </ul> <h3 id=cert_vali
</code></pre></div></li> </ul> <h4 id=admin_group><code>admin_group</code></h4> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> A specific LDAP group whose members are considered administrators in WireGuard Portal. For example: <div class=highlight><pre><span></span><code>CN=WireGuardAdmins,OU=Some-OU,DC=YOURDOMAIN,DC=LOCAL
</code></pre></div></li> </ul> <h4 id=sync_interval><code>sync_interval</code></h4> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> How frequently (in duration, e.g. <code>30m</code>) to synchronize users from LDAP. Empty or <code>0</code> disables sync. Format uses <code>s</code>, <code>m</code>, <code>h</code>, <code>d</code> for seconds, minutes, hours, days, see <a href=https://golang.org/pkg/time/#ParseDuration>time.ParseDuration</a>. Only users that match the <code>sync_filter</code> are synchronized, if <code>disable_missing</code> is <code>true</code>, users not found in LDAP are disabled.</li> </ul> <h4 id=sync_filter><code>sync_filter</code></h4> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> An LDAP filter to select which users get synchronized into WireGuard Portal. For example: <div class=highlight><pre><span></span><code>(&amp;(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803:=2)(mail=*))
</code></pre></div></li> </ul> <h4 id=disable_missing><code>disable_missing</code></h4> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> If <code>true</code>, any user <strong>not</strong> found in LDAP (during sync) is disabled in WireGuard Portal.</li> </ul> <h4 id=auto_re_enable><code>auto_re_enable</code></h4> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> If <code>true</code>, users that where disabled because they were missing (see <code>disable_missing</code>) will be re-enabled once they are found again.</li> </ul> <h4 id=registration_enabled_2><code>registration_enabled</code></h4> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> If <code>true</code>, new user accounts are created in WireGuard Portal upon first login.</li> </ul> <h4 id=log_user_info_2><code>log_user_info</code></h4> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> If <code>true</code>, logs LDAP user data at the trace level upon login.</li> </ul> <hr> <h2 id=web>Web</h2> <p>The web section contains configuration options for the web server, including the listening address, session management, and CSRF protection. It is important to specify a valid <code>external_url</code> for the web server, especially if you are using a reverse proxy. Without a valid <code>external_url</code>, the login process may fail due to CSRF protection.</p> <h3 id=listening_address_1><code>listening_address</code></h3> <ul> <li><strong>Default:</strong> <code>:8888</code></li> <li><strong>Description:</strong> The listening port of the web server.</li> </ul> <h3 id=external_url><code>external_url</code></h3> <ul> <li><strong>Default:</strong> <code>http://localhost:8888</code></li> <li><strong>Description:</strong> The URL where a client can access WireGuard Portal. This URL is used for generating links in emails and for performing OAUTH redirects.<br> <strong>Important:</strong> If you are using a reverse proxy, set this to the external URL of the reverse proxy, otherwise login will fail. If you access the portal via IP address, set this to the IP address of the server.</li> </ul> <h3 id=site_company_name><code>site_company_name</code></h3> <ul> <li><strong>Default:</strong> <code>WireGuard Portal</code></li> <li><strong>Description:</strong> The company name that is shown at the bottom of the web frontend.</li> </ul> <h3 id=site_title><code>site_title</code></h3> <ul> <li><strong>Default:</strong> <code>WireGuard Portal</code></li> <li><strong>Description:</strong> The title that is shown in the web frontend.</li> </ul> <h3 id=session_identifier><code>session_identifier</code></h3> <ul> <li><strong>Default:</strong> <code>wgPortalSession</code></li> <li><strong>Description:</strong> The session identifier for the web frontend.</li> </ul> <h3 id=session_secret><code>session_secret</code></h3> <ul> <li><strong>Default:</strong> <code>very_secret</code></li> <li><strong>Description:</strong> The session secret for the web frontend.</li> </ul> <h3 id=csrf_secret><code>csrf_secret</code></h3> <ul> <li><strong>Default:</strong> <code>extremely_secret</code></li> <li><strong>Description:</strong> The CSRF secret.</li> </ul> <h3 id=request_logging><code>request_logging</code></h3> <ul> <li><strong>Default:</strong> <code>false</code></li> <li><strong>Description:</strong> Log all HTTP requests.</li> </ul> <h3 id=cert_file><code>cert_file</code></h3> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> (Optional) Path to the TLS certificate file.</li> </ul> <h3 id=key_file><code>key_file</code></h3> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> (Optional) Path to the TLS certificate key file.</li> </ul> <hr> <h2 id=webhook>Webhook</h2> <p>The webhook section allows you to configure a webhook that is called on certain events in WireGuard Portal. A JSON object is sent in a POST request to the webhook URL with the following structu
<span class=w> </span><span class=nt>&quot;event&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;peer_created&quot;</span><span class=p>,</span>
<span class=w> </span><span class=nt>&quot;entity&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;peer&quot;</span><span class=p>,</span>
<span class=w> </span><span class=nt>&quot;identifier&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;the-peer-identifier&quot;</span><span class=p>,</span>
<span class=w> </span><span class=nt>&quot;payload&quot;</span><span class=p>:</span><span class=w> </span><span class=p>{</span>
<span class=w> </span><span class=c1>// The payload of the event, e.g. peer data.</span>
<span class=w> </span><span class=c1>// Check the API documentation for the exact structure.</span>
<span class=w> </span><span class=p>}</span>
<span class=p>}</span>
</code></pre></div></p> <h3 id=url_1><code>url</code></h3> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> The POST endpoint to which the webhook is sent. The URL must be reachable from the WireGuard Portal server. If the URL is empty, the webhook is disabled.</li> </ul> <h3 id=authentication><code>authentication</code></h3> <ul> <li><strong>Default:</strong> <em>(empty)</em></li> <li><strong>Description:</strong> The Authorization header for the webhook endpoint. The value is send as-is in the header. For example: <code>Bearer &lt;token&gt;</code>.</li> </ul> <h3 id=timeout><code>timeout</code></h3> <ul> <li><strong>Default:</strong> <code>10s</code></li> <li><strong>Description:</strong> The timeout for the webhook request. If the request takes longer than this, it is aborted.</li> </ul> </article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> </main> <!-- Application footer --> <footer class=md-footer> <!-- Further information --> <div class="md-footer-meta md-typeset" style="background-color: #fff;"> <div class="md-footer-meta__inner md-grid" style="background-color: #fff;"> <!-- Copyright and theme information --> <div class=md-footer-copyright> <div class=md-footer-copyright__highlight style="color: rgb(38, 38, 38);"> Copyright &copy; 2023-2025 WireGuard Portal Project </div> <div style="color: rgb(38, 38, 38);"> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener style="color: black;"> Material for MkDocs </a> </div> </div> <!-- Social links --> <div class=md-social> <a href=https://github.com/h44z/wg-portal target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 480 512"><!-- Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M186.1 328.7c0 20.9-10.9 55.1-36.7 55.1s-36.7-34.2-36.7-55.1 10.9-55.1 36.7-55.1 36.7 34.2 36.7 55.1M480 278.2c0 31.9-3.2 65.7-17.5 95-37.9 76.6-142.1 74.8-216.7 74.8-75.8 0-186.2 2.7-225.6-74.8-14.6-29-20.2-63.1-20.2-95 0-41.9 13.9-81.5 41.5-113.6-5.2-15.8-7.7-32.4-7.7-48.8 0-21.5 4.9-32.3 14.6-51.8 45.3 0 74.3 9 108.8 36 29-6.9 58.8-10 88.7-10 27 0 54.2 2.9 80.4 9.2 34-26.7 63-35.2 107.8-35.2 9.8 19.5 14.6 30.3 14.6 51.8 0 16.4-2.6 32.7-7.7 48.2 27.5 32.4 39 72.3 39 114.2m-64.3 50.5c0-43.9-26.7-82.6-73.5-82.6-18.9 0-37 3.4-56 6-14.9 2.3-29.8 3.2-45.1 3.2-15.2 0-30.1-.9-45.1-3.2-18.7-2.6-37-6-56-6-46.8 0-73.5 38.7-73.5 82.6 0 87.8 80.4 101.3 150.4 101.3h48.2c70.3 0 150.6-13.4 150.6-101.3m-82.6-55.1c-25.8 0-36.7 34.2-36.7 55.1s10.9 55.1 36.7 55.1 36.7-34.2 36.7-55.1-10.9-55.1-36.7-55.1"/></svg> </a> <a href=https://hub.docker.com/r/wgportal/wg-portal target=_blank rel=noopener title=hub.docker.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 640 512"><!-- Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M349.9 236.3h-66.1v-59.4h66.1zm0-204.3h-66.1v60.7h66.1zm78.2 144.8H362v59.4h66.1zm-156.3-72.1h-66.1v60.1h66.1zm78.1 0h-66.1v60.1h66.1zm276.8 100c-14.4-9.7-47.6-13.2-73.1-8.4-3.3-24-16.7-44.9-41.1-63.7l-14-9.3-9.3 14c-18.4 27.8-23.4 73.6-3.7 103.8-8.7 4.7-25.8 11.1-48.4 10.7H2.4c-8.7 50.8 5.8 116.8 44 162.1 37.1 43.9 92.7 66.2 165.4 66.2 157.4 0 273.9-72.5 328.4-204.2 21.4.4 67.6.1 91.3-45.2 1.5-2.5 6.6-13.2 8.5-17.1zm-511.1-27.9h-66v59.4h66.1v-59.4zm78.1 0h-66.1v59.4h66.1zm78.1 0h-66.1v59.4h66.1zm-78.1-72.1h-66.1v60.1h66.1z"/></svg> </a> <a href=https://twitter.com/chris_h44z target=_blank rel=noopener title=twitter.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 512 512"><!-- Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https:
Reference in New Issue Copy Permalink