https://wireguard-webadmin.com/Recent content on wireguard_webadminHugoen-ushttps://wireguard-webadmin.com/deployment/Mon, 01 Jan 0001 00:00:00 +0000https://wireguard-webadmin.com/deployment/<h2 id="prerequisites">Prerequisites</h2> <ul> <li>A Linux server reachable from where you&rsquo;ll manage it</li> <li><a href="https://docs.docker.com/engine/install/">Docker</a> and <a href="https://docs.docker.com/compose/install/">Docker Compose</a> installed</li> <li>A domain name pointing to your server&rsquo;s IP</li> <li>Ports <strong>80</strong> and <strong>443</strong> open for Caddy; your WireGuard UDP port open (default <strong>51820</strong>)</li> </ul> <div class="callout"> <p><strong>Caddy requires a valid DNS name</strong> — either internal or public — pointing to your server so it can obtain and renew SSL certificates automatically.</p> </div> <hr> <h2 id="deploy">Deploy</h2> <div class="tab-group"> <div class="tabs"> <button class="tab-btn active" data-tab="dep-step-1">1. Create directory</button> <button class="tab-btn" data-tab="dep-step-2">2. Fetch compose file</button> <button class="tab-btn" data-tab="dep-step-3">3. Configure .env</button> <button class="tab-btn" data-tab="dep-step-4">4. Run</button> </div> <div class="tab-wrap"> <div class="tab-panel active" id="dep-step-1"> <pre><code>mkdir wireguard_webadmin && cd wireguard_webadmin</code></pre> </div> <div class="tab-panel" id="dep-step-2"> <pre><code>wget -O docker-compose.yml \ https://raw.githubusercontent.com/eduardogsilva/wireguard_webadmin/main/docker-compose-caddy.yml</code></pre> </div> <div class="tab-panel" id="dep-step-3"> <p>Create a <code>.env</code> file in the same directory. Set <code>SERVER_ADDRESS</code> to your domain:</p>https://wireguard-webadmin.com/get-involved/Mon, 01 Jan 0001 00:00:00 +0000https://wireguard-webadmin.com/get-involved/<div class="involve-grid"> <div class="involve-card involve-card--highlight"> <div class="involve-card-icon">⭐</div> <h3>Star the repo</h3> <p>The simplest thing you can do. It helps the project get discovered by other sysadmins who are looking for exactly this.</p> <a href="https://github.com/eduardogsilva/wireguard_webadmin" target="_blank" rel="noopener" class="btn btn-primary">Star on GitHub</a> </div> <div class="involve-card"> <div class="involve-card-icon">🐛</div> <h3>Report bugs</h3> <p>Found something broken? Open an issue on GitHub. No template required — just describe what you saw and how to reproduce it.</p> <a href="https://github.com/eduardogsilva/wireguard_webadmin/issues" target="_blank" rel="noopener" class="btn btn-outline">Open an issue</a> </div> <div class="involve-card"> <div class="involve-card-icon">🔧</div> <h3>Contribute code</h3> <p>Pull requests are welcome. For anything non-trivial, open an issue first so we can align before you invest time writing code. Good starting points: issues tagged <code>good first issue</code>, bug fixes with a clear reproduction case, and test coverage.</p>https://wireguard-webadmin.com/zero-trust/Mon, 01 Jan 0001 00:00:00 +0000https://wireguard-webadmin.com/zero-trust/<h2 id="what-is-zero-trust-here">What is Zero Trust here?</h2> <p>Traditional network security assumes that anything inside your network can be trusted. Zero Trust flips that model: <strong>no request is trusted by default</strong>, even if it comes from inside the VPN.</p> <p>In wireguard_webadmin, the Zero Trust application gateway sits in front of your internal services. Every request must authenticate before reaching the app — the service itself never needs to be exposed directly.</p> <hr> <h2 id="how-a-request-flows">How a request flows</h2> <div class="flow-cards"> <div class="flow-card"> <div class="flow-card-header"><span class="flow-card-num">1</span> <strong>Client reaches gateway</strong></div> <p>The public endpoint receives the request instead of the internal service.</p>