53bae9d194
Before this commit, the default was to not validate TLS certificates of the SMTP server. This is perhaps a rather unexpected default and can be considered insecure. This commit activates mail server TLS cert validation by default. This change might break some users' email configuration, if they did not explicitly set the `mail.cert_validation` config variable. Nonetheless, I think that the secure option should be the default option (e.g., to prevent man-in-the-middle attacks and breaching mail server login credentials). Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
WireGuard Portal (v2 - testing)
Caution
Version 2 is currently under development and may contain bugs and breaking changes. It is not advised to use this version in production. Use version v1 instead.
Important
Since the project was accepted by the Docker-Sponsored Open Source Program, the Docker image location has moved to wgportal/wg-portal. Please update the Docker image from h44z/wg-portal to wgportal/wg-portal.
Introduction
WireGuard Portal is a simple, web-based configuration portal for WireGuard server management. The portal uses the WireGuard wgctrl library to manage existing VPN interfaces. This allows for the seamless activation or deactivation of new users without disturbing existing VPN connections.
The configuration portal supports using a database (SQLite, MySQL, MsSQL or Postgres), OAuth or LDAP (Active Directory or OpenLDAP) as a user source for authentication and profile data.
Features
- Self-hosted - the whole application is a single binary
- Responsive multi-language web UI written in Vue.JS
- Automatically selects IP from the network pool assigned to the client
- QR-Code for convenient mobile client configuration
- Sends email to the client with QR-code and client config
- Enable / Disable clients seamlessly
- Generation of wg-quick configuration file (
wgX.conf) if required - User authentication (database, OAuth, or LDAP)
- IPv6 ready
- Docker ready
- Can be used with existing WireGuard setups
- Support for multiple WireGuard interfaces
- Peer Expiry Feature
- Handles route and DNS settings like wg-quick does
- Exposes Prometheus metrics for monitoring and alertingt
- REST API for management and client deployment
Documentation
For the complete documentation visit wgportal.org.
V2 TODOs
- Audit UI
What is out of scope
- Automatic generation or application of any
iptablesornftablesrules. - Support for operating systems other than linux.
- Automatic import of private keys of an existing WireGuard setup.
Application stack
- wgctrl-go and netlink for interface handling
- Gin, HTTP web framework written in Go
- Bootstrap, for the HTML templates
- Vue.JS, for the frontend
License
- MIT License. MIT or https://opensource.org/licenses/MIT