prepare for v2 release

2025-06-27 16:57:01 +00:00 · 2025-05-04 11:00:12 +02:00 · 2025-05-04 11:00:12 +02:00 · 2c8304417b
commit 2c8304417b
parent 020ebb64e7
12 changed files with 64 additions and 39 deletions
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@ -4,7 +4,7 @@ on:
  pull_request:
    branches: [master]
  push:
-    branches: [master, stable]
+    branches: [master, stable, legacy]
    # Publish vX.X.X tags as releases.
    tags: ["v*.*.*"]

--- a/.github/workflows/pages.yml
+++ b/.github/workflows/pages.yml
@ -2,7 +2,11 @@ name: github-pages
 on:
  push:
    branches: [master]
-    tags: ["v*"]
+    tags:
+      - 'v*'
+      - '!v*-alpha*'
+      - '!v*-beta*'
+      - '!v*-rc*'

 permissions:
  contents: write
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# WireGuard Portal (v2 - testing)
+# WireGuard Portal v2

 [![Build Status](https://github.com/h44z/wg-portal/actions/workflows/docker-publish.yml/badge.svg?event=push)](https://github.com/h44z/wg-portal/actions/workflows/docker-publish.yml)
 [![License: MIT](https://img.shields.io/badge/license-MIT-green.svg)](https://opensource.org/licenses/MIT)
@ -8,14 +8,6 @@
 ![GitHub code size in bytes](https://img.shields.io/github/languages/code-size/h44z/wg-portal)
 [![Docker Pulls](https://img.shields.io/docker/pulls/h44z/wg-portal.svg)](https://hub.docker.com/r/wgportal/wg-portal/)

-> [!CAUTION]
-> Version 2 is currently under development and may contain bugs and breaking changes.
-> It is not advised to use this version in production. Use version [v1](https://github.com/h44z/wg-portal/tree/stable) instead.
-
-> [!IMPORTANT]
-> Since the project was accepted by the Docker-Sponsored Open Source Program, the Docker image location has moved to [wgportal/wg-portal](https://hub.docker.com/r/wgportal/wg-portal).
-> Please update the Docker image from **h44z/wg-portal** to **wgportal/wg-portal**.
-
 ## Introduction
 <!-- Text from this line # is included in docs/documentation/overview.md -->
 **WireGuard Portal** is a simple, web-based configuration portal for [WireGuard](https://wireguard.com) server management.
@ -23,7 +15,7 @@ The portal uses the WireGuard [wgctrl](https://github.com/WireGuard/wgctrl-go) l
 interfaces. This allows for the seamless activation or deactivation of new users without disturbing existing VPN
 connections.

-The configuration portal supports using a database (SQLite, MySQL, MsSQL or Postgres), OAuth or LDAP
+The configuration portal supports using a database (SQLite, MySQL, MsSQL, or Postgres), OAuth or LDAP
 (Active Directory or OpenLDAP) as a user source for authentication and profile data.

 ## Features
@ -44,7 +36,7 @@ The configuration portal supports using a database (SQLite, MySQL, MsSQL or Post
 * Handles route and DNS settings like wg-quick does
 * Exposes Prometheus metrics for monitoring and alerting
 * REST API for management and client deployment
-* Webhook for custom actions on peer, interface or user updates
+* Webhook for custom actions on peer, interface, or user updates

 <!-- Text to this line # is included in docs/documentation/overview.md -->
 ![Screenshot](docs/assets/images/screenshot.png)
@ -68,3 +60,8 @@ For the complete documentation visit [wgportal.org](https://wgportal.org).
 ## License

 * MIT License. [MIT](LICENSE.txt) or <https://opensource.org/licenses/MIT>
+
+
+> [!IMPORTANT]
+> Since the project was accepted by the Docker-Sponsored Open Source Program, the Docker image location has moved to [wgportal/wg-portal](https://hub.docker.com/r/wgportal/wg-portal).
+> Please update the Docker image from **h44z/wg-portal** to **wgportal/wg-portal**.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,7 +1,7 @@
 ---
 services:
  wg-portal:
-    image: wgportal/wg-portal:latest
+    image: wgportal/wg-portal:v2
    container_name: wg-portal
    restart: unless-stopped
    logging:
--- a/docs/documentation/configuration/overview.md
+++ b/docs/documentation/configuration/overview.md
@ -4,7 +4,7 @@ You can supply these configurations in a **YAML** file (e.g. `config.yaml`) when
 The path of the configuration file defaults to **config/config.yaml** (or config/config.yml) in the working directory of the executable.  
 It is possible to override configuration filepath using the environment variable `WG_PORTAL_CONFIG`.
 For example: `WG_PORTAL_CONFIG=/etc/wg-portal/config.yaml ./wg-portal`.  
-Also, environment variable substitution in config file is supported. Refer to [syntax](https://github.com/a8m/envsubst?tab=readme-ov-file#docs).
+Also, environment variable substitution in the config file is supported. Refer to [syntax](https://github.com/a8m/envsubst?tab=readme-ov-file#docs).

 Configuration examples are available on the [Examples](./examples.md) page.

@ -15,6 +15,7 @@ Configuration examples are available on the [Examples](./examples.md) page.
 core:
  admin_user: admin@wgportal.local
  admin_password: wgportal
+  admin_api_token: ""
  editable_keys: true
  create_default_peer: false
  create_default_peer_on_creation: false
@ -35,6 +36,7 @@ advanced:
  config_storage_path: ""
  expiry_check_interval: 15m
  rule_prio_offset: 20000
+  route_table_offset: 20000
  api_admin_only: true

 database:
@ -42,6 +44,7 @@ database:
  slow_query_threshold: "0"
  type: sqlite
  dsn: data/sqlite.db
+  encryption_passphrase: ""

 statistics:
  use_ping_checks: true
@ -79,6 +82,7 @@ web:
  session_secret: very_secret
  csrf_secret: extremely_secret
  request_logging: false
+  expose_host_info: false
  cert_file: ""
  key_File: ""

@ -607,6 +611,10 @@ Without a valid `external_url`, the login process may fail due to CSRF protectio
 - **Default:** `false`
 - **Description:** Log all HTTP requests.

+### `expose_host_info`
+- **Default:** `false`
+- **Description:** Expose the hostname and version of the WireGuard Portal server in an HTTP header. This is useful for debugging but may expose sensitive information.
+
 ### `cert_file`
 - **Default:** *(empty)*
 - **Description:** (Optional) Path to the TLS certificate file.
--- a/docs/documentation/getting-started/binaries.md
+++ b/docs/documentation/getting-started/binaries.md
@ -3,23 +3,31 @@ These binary versions can be manually downloaded and installed.

 ## Download

+Make sure that you download the correct binary for your architecture. The available binaries are:
+
+- `wg-portal_linux_amd64` - Linux x86_64
+- `wg-portal_linux_arm64` - Linux ARM 64-bit
+- `wg-portal_linux_arm_v7` - Linux ARM 32-bit
+
 With `curl`:

-  ```shell
-  curl -L -o wg-portal https://github.com/h44z/wg-portal/releases/download/${WG_PORTAL_VERSION}/wg-portal_linux_amd64 
-  ```
+```shell
+curl -L -o wg-portal https://github.com/h44z/wg-portal/releases/download/${WG_PORTAL_VERSION}/wg-portal_linux_amd64 
+```

 With `wget`:

-  ```shell
-  wget -O wg-portal https://github.com/h44z/wg-portal/releases/download/${WG_PORTAL_VERSION}/wg-portal_linux_amd64
-  ```
+```shell
+wget -O wg-portal https://github.com/h44z/wg-portal/releases/download/${WG_PORTAL_VERSION}/wg-portal_linux_amd64
+```

 with `gh cli`:

-  ```shell
-  gh release download ${WG_PORTAL_VERSION} --repo h44z/wg-portal --output wg-portal --pattern '*amd64'
-  ```
+```shell
+gh release download ${WG_PORTAL_VERSION} --repo h44z/wg-portal --output wg-portal --pattern '*amd64'
+```
+
+

 ## Install

@ -28,7 +36,7 @@ sudo mkdir -p /opt/wg-portal
 sudo install wg-portal /opt/wg-portal/
 ```

-## Unreleased
+## Unreleased versions (master branch builds)
+
+Unreleased versions can be fetched directly from the artifacts section of the [GitHub Workflow](https://github.com/h44z/wg-portal/actions/workflows/docker-publish.yml?query=branch%3Amaster).

-Unreleased versions could be downloaded from
-[GitHub Workflow](https://github.com/h44z/wg-portal/actions/workflows/docker-publish.yml?query=branch%3Amaster) artifacts also.
--- a/docs/documentation/getting-started/docker.md
+++ b/docs/documentation/getting-started/docker.md
@ -10,7 +10,7 @@ The recommended method for deploying WireGuard Portal is via Docker Compose for
 A sample docker-compose.yml (managing WireGuard interfaces directly on the host) is provided below:

 ```yaml
--8<-- "docker-compose.yml::17"
+--8<-- "docker-compose.yml::18"
 ```

 By default, the webserver is listening on port **8888**.
@ -39,7 +39,7 @@ WireGuard Portal supports managing WireGuard interfaces through three distinct d
   ```yaml
   services:
     wg-portal:
-       image: wgportal/wg-portal:latest
+       image: wgportal/wg-portal:v2
       container_name: wg-portal
       ...
       cap_add:
@ -65,7 +65,7 @@ WireGuard Portal supports managing WireGuard interfaces through three distinct d
   ```yaml
   services:
     wg-portal:
-       image: wgportal/wg-portal:latest
+       image: wgportal/wg-portal:v2
       container_name: wg-portal
       ...
       cap_add:
@ -118,11 +118,11 @@ These are official releases of WireGuard Portal. They correspond to the GitHub t

 Once these tags show up in this repository, they will never change.

-For production deployments of WireGuard Portal, we strongly recommend using one of these tags, e.g. **wgportal/wg-portal:1.0.19**, instead of the latest or canary tags.
+For production deployments of WireGuard Portal, we strongly recommend using one of these tags, e.g. **wgportal/wg-portal:2.0.0**, instead of the latest or canary tags.

-If you only want to stay at the same major or major+minor version, use either `v[MAJOR]` or `[MAJOR].[MINOR]` tags. For example `v1` or `1.0`.
+If you only want to stay at the same major or major+minor version, use either `v[MAJOR]` or `[MAJOR].[MINOR]` tags. For example `v2` or `2.0`.

-Version **1** is currently **stable**, version **2** is in **development**.
+Version **2** is the current stable release. Version **1** has moved to legacy status and is no longer recommended.

 #### latest

--- a/docs/documentation/getting-started/reverse-proxy.md
+++ b/docs/documentation/getting-started/reverse-proxy.md
@ -44,7 +44,7 @@ services:
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

  wg-portal:
-    image: wgportal/wg-portal:latest
+    image: wgportal/wg-portal:v2
    container_name: wg-portal
    restart: unless-stopped
    logging:
--- a/docs/documentation/monitoring/prometheus.md
+++ b/docs/documentation/monitoring/prometheus.md
@ -13,7 +13,7 @@ By default, WG-Portal exposes Prometheus metrics on port `8787` if interface/pee

 ## Prometheus Config

-Add following scrape job to your Prometheus config file:
+Add the following scrape job to your Prometheus config file:

 ```yaml
 # prometheus.yaml
--- a/docs/documentation/overview.md
+++ b/docs/documentation/overview.md
@ -1 +1 @@
--8<-- "README.md:20:47"
+--8<-- "README.md:12:41"
--- a/docs/documentation/upgrade/v1.md
+++ b/docs/documentation/upgrade/v1.md
@ -1,5 +1,4 @@
-For production deployments of WireGuard Portal, we strongly recommend using version 1.
-If you want to use version 2, please be aware that it is still a release candidate and not yet fully stable.
+Major upgrades between different versions may require special procedures, which are described in the following sections.

 ## Upgrade from v1 to v2

@ -29,7 +28,7 @@ If you are using Docker, you can adapt the docker-compose.yml file to start the
 ```yaml
 services:
  wg-portal:
-    image: wgportal/wg-portal:latest
+    image: wgportal/wg-portal:v2
    # ... other settings
    restart: no
    command: ["-migrateFrom=/app/data/wg_portal.db"]
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -30,6 +30,15 @@ plugins:
  - minify:
      minify_html: true
  - swagger-ui-tag
+  - mike:
+      # These fields are all optional; the defaults are as below...
+      alias_type: symlink
+      redirect_template: null
+      deploy_prefix: ''
+      canonical_version: null
+      version_selector: true
+      css_dir: css
+      javascript_dir: js

 extra:
  version: