{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"documentation/overview/","title":"Overview","text":"<p>WireGuard Portal is a simple, web-based configuration portal for WireGuard server management. The portal uses the WireGuard wgctrl library to manage existing VPN interfaces. This allows for the seamless activation or deactivation of new users without disturbing existing VPN connections.</p> <p>The configuration portal supports using a database (SQLite, MySQL, MsSQL, or Postgres), OAuth or LDAP (Active Directory or OpenLDAP) as a user source for authentication and profile data.</p>"},{"location":"documentation/overview/#features","title":"Features","text":"<ul> <li>Self-hosted - the whole application is a single binary</li> <li>Responsive multi-language web UI written in Vue.js</li> <li>Automatically selects IP from the network pool assigned to the client</li> <li>QR-Code for convenient mobile client configuration</li> <li>Sends email to the client with QR-code and client config</li> <li>Enable / Disable clients seamlessly</li> <li>Generation of wg-quick configuration file (<code>wgX.conf</code>) if required</li> <li>User authentication (database, OAuth, or LDAP), Passkey support</li> <li>IPv6 ready</li> <li>Docker ready</li> <li>Can be used with existing WireGuard setups</li> <li>Support for multiple WireGuard interfaces</li> <li>Supports multiple WireGuard backends (wgctrl or MikroTik [BETA])</li> <li>Peer Expiry Feature</li> <li>Handles route and DNS settings like wg-quick does</li> <li>Exposes Prometheus metrics for monitoring and alerting</li> <li>REST API for management and client deployment</li> <li>Webhook for custom actions on peer, interface, or user updates</li> </ul>"},{"location":"documentation/configuration/examples/","title":"Examples","text":"<p>Below are some sample YAML configurations demonstrating how to override some default values.</p>"},{"location":"documentation/configuration/examples/#basic","title":"Basic","text":"<pre><code>core:\n admin_user: test@example.com\n admin_password: password\n admin_api_token: super-s3cr3t-api-token-or-a-UUID\n import_existing: false\n create_default_peer: true\n self_provisioning_allowed: true\n\nbackend:\n # default backend decides where new interfaces are created\n default: mikrotik\n\n mikrotik:\n - id: mikrotik # unique id, not \"local\"\n display_name: RouterOS RB5009 # optional nice name\n api_url: https://10.10.10.10/rest\n api_user: wgportal\n api_password: a-super-secret-password\n api_verify_tls: false # set to false only if using self-signed during testing\n api_timeout: 30s # maximum request duration\n concurrency: 5 # limit parallel REST calls to device\n debug: false # verbose logging for this backend\n ignored_interfaces: # ignore these interfaces during import\n - wgTest1\n - wgTest2\n\nweb:\n site_title: My WireGuard Server\n site_company_name: My Company\n listening_address: :8080\n external_url: https://my.external-domain.com\n csrf_secret: super-s3cr3t-csrf\n session_secret: super-s3cr3t-session\n request_logging: true\n\nadvanced:\n log_level: trace\n log_pretty: true\n log_json: false\n config_storage_path: /etc/wireguard\n expiry_check_interval: 5m\n\ndatabase:\n debug: true\n type: sqlite\n dsn: data/sqlite.db\n encryption_passphrase: change-this-s3cr3t-encryption-passphrase\n\nauth:\n webauthn:\n enabled: true\n</code></pre>"},{"location":"documentation/configuration/examples/#ldap-authentication-and-synchronization","title":"LDAP Authentication and Synchronization","text":"<pre><code>#...(basicconfiguration)\n\nauth:\nldap:\n#asampleLDAPproviderwithusersyncenabled\n-id:ldap\nprovider_name:ActiveDirectory\nurl:ldap://srv-ad1.company.local:389\n bind_user: ldap_wireguard@company.local\n bind_pass: super-s3cr3t-ldap\n base_dn: DC=COMPANY,DC=LOCAL\n login_filter: (&(obj
