diff --git a/Dockerfile b/Dockerfile index 99154a2..05442d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ######- # Start from the latest golang base image as builder image (only used to compile the code) ######- -FROM golang:1.15 as builder +FROM golang:1.16 as builder RUN mkdir /build @@ -29,7 +29,7 @@ FROM debian:buster ENV TZ=Europe/Vienna # GOSS for container health checks -ENV GOSS_VERSION v0.3.14 +ENV GOSS_VERSION v0.3.16 RUN apt-get update && apt-get upgrade -y && \ apt-get install --no-install-recommends -y moreutils ca-certificates curl && \ rm -rf /var/cache/apt /var/lib/apt/lists/*; \ diff --git a/Makefile b/Makefile index 474d287..5265ea1 100644 --- a/Makefile +++ b/Makefile @@ -11,12 +11,10 @@ IMAGE=h44z/wg-portal all: dep build build: dep $(addsuffix -amd64,$(addprefix $(BUILDDIR)/,$(BINARIES))) - cp -r assets $(BUILDDIR) cp scripts/wg-portal.service $(BUILDDIR) cp scripts/wg-portal.env $(BUILDDIR) build-cross-plat: dep build $(addsuffix -arm,$(addprefix $(BUILDDIR)/,$(BINARIES))) $(addsuffix -arm64,$(addprefix $(BUILDDIR)/,$(BINARIES))) - cp -r assets $(BUILDDIR) cp scripts/wg-portal.service $(BUILDDIR) cp scripts/wg-portal.env $(BUILDDIR) diff --git a/README-RASPBERRYPI.md b/README-RASPBERRYPI.md index fdaadf4..4278163 100644 --- a/README-RASPBERRYPI.md +++ b/README-RASPBERRYPI.md @@ -10,7 +10,7 @@ use the following instructions: ### Building This section describes how to build the WireGuard Portal code. To compile the final binary, use the Makefile provided in the repository. -As WireGuard Portal is written in Go, **golang >= 1.14** must be installed prior to building. +As WireGuard Portal is written in Go, **golang >= 1.16** must be installed prior to building. ``` make build-cross-plat diff --git a/README.md b/README.md index e4fd3f0..07fe303 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,13 @@ ![GitHub code size in bytes](https://img.shields.io/github/languages/code-size/h44z/wg-portal) [![Docker Pulls](https://img.shields.io/docker/pulls/h44z/wg-portal.svg)](https://hub.docker.com/r/h44z/wg-portal/) -A simple web base configuration portal for [WireGuard](https://wireguard.com). +A simple, web based configuration portal for [WireGuard](https://wireguard.com). The portal uses the WireGuard [wgctrl](https://github.com/WireGuard/wgctrl-go) library to manage the VPN interface. This allows for seamless activation or deactivation of new users, without disturbing existing VPN connections. -The configuration portal is designed to use LDAP (Active Directory) as a user source for authentication and profile data. -It still can be used without LDAP by using a predefined administrator account. Some features like mass creation of accounts -will only be available in combination with LDAP. +The configuration portal currently supports using SQLite, MySQL as a user source for authentication and profile data. +It also supports LDAP (Active Directory or OpenLDAP) as authentication provider. ## Features * Self-hosted and web based @@ -24,18 +23,19 @@ will only be available in combination with LDAP. * Enable / Disable clients seamlessly * Generation of `wgX.conf` after any modification * IPv6 ready - * User authentication (LDAP and/or predefined admin account) + * User authentication (SQLite/MySQL and LDAP) * Dockerized * Responsive template + * One single binary ![Screenshot](screenshot.png) ## Setup ### Docker -The easiest way to run WireGuard Portal is using the provided docker image. +The easiest way to run WireGuard Portal is to use the Docker image provided. -Docker compose snippet with sample values: +Docker Compose snippet with some sample configuration values: ``` version: '3.6' services: @@ -56,19 +56,20 @@ services: - WEBSITE_TITLE=WireGuard VPN - COMPANY_NAME=Your Company Name - MAIL_FROM=WireGuard VPN - - ADMIN_USER=admin # optional admin user + - ADMIN_USER=admin@domain.com - ADMIN_PASS=supersecret - - ADMIN_LDAP_GROUP=CN=WireGuardAdmins,OU=Users,DC=COMPANY,DC=LOCAL - EMAIL_HOST=10.10.10.10 - EMAIL_PORT=25 + - LDAP_ENABLED=true - LDAP_URL=ldap://srv-ad01.company.local:389 - LDAP_BASEDN=DC=COMPANY,DC=LOCAL - LDAP_USER=ldap_wireguard@company.local - LDAP_PASSWORD=supersecretldappassword + - LDAP_ADMIN_GROUP=CN=WireGuardAdmins,OU=Users,DC=COMPANY,DC=LOCAL ``` Please note that mapping ```/etc/wireguard``` to ```/etc/wireguard``` inside the docker, will erase your host's current configuration. If needed, please make sure to backup your files from ```/etc/wireguard```. -For a full list of configuration options take a look at the source file [internal/common/configuration.go](internal/common/configuration.go). +For a full list of configuration options take a look at the source file [internal/common/configuration.go](internal/common/configuration.go#L57). ### Standalone For a standalone application, use the Makefile provided in the repository to build the application. @@ -80,7 +81,7 @@ make make build-cross-plat ``` -The compiled binary and all necessary assets will be located in the dist folder. +The compiled binary will be located in the dist folder. A detailed description for using this software with a raspberry pi can be found in the [README-RASPBERRYPI.md](README-RASPBERRYPI.md). ## What is out of scope diff --git a/assets/css/custom.css b/assets/css/custom.css index 6bc0d62..f450dbb 100644 --- a/assets/css/custom.css +++ b/assets/css/custom.css @@ -40,6 +40,16 @@ pre{background:#f7f7f9}iframe{overflow:hidden;border:none}@media (min-width: 768 /* -------------------------------------------------- End collapsable table*/ +.jumbotron-home { + padding: 1rem 1rem; +} + +@media (min-width: 576px) { + .jumbotron-home { + padding: 2rem 2rem; + } +} + @media (min-width: 1440px) { .container, .container-lg, .container-md, .container-sm, .container-xl { max-width: 1400px; diff --git a/assets/img/favicon-large.png b/assets/img/favicon-large.png new file mode 100644 index 0000000..ab03774 Binary files /dev/null and b/assets/img/favicon-large.png differ diff --git a/assets/img/favicon.ico b/assets/img/favicon.ico new file mode 100644 index 0000000..b2a4e1c Binary files /dev/null and b/assets/img/favicon.ico differ diff --git a/assets/img/favicon.png b/assets/img/favicon.png new file mode 100644 index 0000000..6539846 Binary files /dev/null and b/assets/img/favicon.png differ diff --git a/assets/tpl/admin_create_clients.html b/assets/tpl/admin_create_clients.html index fab3dec..ea233ce 100644 --- a/assets/tpl/admin_create_clients.html +++ b/assets/tpl/admin_create_clients.html @@ -53,7 +53,7 @@ } }).tokenfield({ autocomplete: { - source: [{{range $i, $u :=.Users}}{{$u.Mail}},{{end}}], + source: [{{range $i, $u :=.Users}}{{$u.Email}},{{end}}], delay: 100 }, showAutocompleteOnFocus: false diff --git a/assets/tpl/admin_edit_user.html b/assets/tpl/admin_edit_user.html new file mode 100644 index 0000000..97729b0 --- /dev/null +++ b/assets/tpl/admin_edit_user.html @@ -0,0 +1,87 @@ + + + + + + {{ .Static.WebsiteTitle }} - Users + + + + + + + +{{template "prt_nav.html" .}} +
+ {{if eq .User.CreatedAt .Epoch}} +

Create a new user

+ {{else}} +

Edit user {{.User.Email}}

+ {{end}} + + {{template "prt_flashes.html" .}} + +
+ {{if eq .User.CreatedAt .Epoch}} +
+
+ + +
+
+ {{else}} + + {{end}} +
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+
+ + +
+
+ + +
+
+
+ + + Cancel +
+
+{{template "prt_footer.html" .}} + + + + + + + \ No newline at end of file diff --git a/assets/tpl/admin_index.html b/assets/tpl/admin_index.html index 40edc5e..7e7afd3 100644 --- a/assets/tpl/admin_index.html +++ b/assets/tpl/admin_index.html @@ -84,13 +84,11 @@
-

Current VPN Users

+

Current VPN Peers

- {{if not .Static.LdapDisabled}} - - {{end}} - M + + M
@@ -98,11 +96,11 @@ - Identifier - Public Key - E-Mail - IP's - Handshake + Identifier + Public Key + E-Mail + IP's + Handshake @@ -144,15 +142,14 @@

User details

- {{if not $p.LdapUser}} -

No LDAP user-information available...

+ {{if not $p.User}} +

No user information available...

{{else}}
    -
  • Firstname: {{$p.LdapUser.Firstname}}
    • -
  • Lastname: {{$p.LdapUser.Lastname}}
    • -
  • Phone: {{index $p.LdapUser.RawLdapData.Attributes "telephoneNumber"}}
    • -
  • Mail: {{$p.LdapUser.Mail}}
    • -
  • Department: {{index $p.LdapUser.RawLdapData.Attributes "department"}}
    • +
  • Firstname: {{$p.User.Firstname}}
    • +
  • Lastname: {{$p.User.Lastname}}
    • +
  • Phone: {{$p.User.Phone}}
    • +
  • Mail: {{$p.User.Email}}
{{end}}

Connection / Traffic

diff --git a/assets/tpl/admin_user_index.html b/assets/tpl/admin_user_index.html new file mode 100644 index 0000000..6c431e8 --- /dev/null +++ b/assets/tpl/admin_user_index.html @@ -0,0 +1,67 @@ + + + + + + {{ .Static.WebsiteTitle }} - Users + + + + + + + + {{template "prt_nav.html" .}} +
+

WireGuard VPN Users

+ {{template "prt_flashes.html" .}} +
+
+

All Users

+
+
+ M +
+
+
+ + + + + + + + + + + + + {{range $i, $u :=.Users}} + + + + + + + + + {{end}} + +
E-Mail Lastname Firstname Source Is Admin
{{$u.Email}}{{$u.Lastname}}{{$u.Firstname}}{{$u.Source}}{{if $u.IsAdmin}}True{{else}}False{{end}} + {{if eq $.Session.IsAdmin true}} + {{if eq $u.Source "db"}} + + {{end}} + {{end}} +
+

Currently listed users: {{len .Users}}

+
+
+ {{template "prt_footer.html" .}} + + + + + + + \ No newline at end of file diff --git a/assets/tpl/index.html b/assets/tpl/index.html index 1536271..f46a2eb 100644 --- a/assets/tpl/index.html +++ b/assets/tpl/index.html @@ -13,18 +13,69 @@ {{template "prt_nav.html" .}} -
+

WireGuard VPN Portal

{{template "prt_flashes.html" .}}

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.

+

More Information

+
+
+
+
WireGuard Installation
+
+

Installation

+

Installation instructions for client software can be found on the official WireGuard website.

+ Open Instructions +
+
+
+
+
+
About WireGuard
+
+

About

+

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.

+ More details +
+
+
+
+
+
About WireGuard Portal
+
+

WireGuard Portal

+

WireGuard Portal is a simple, web based configuration portal for WireGuard.

+ More details +
+
+
+
-

VPN Profiles and configuration

-

You can access your personal VPN configurations via your Userprofile: Open Userprofile

+
+

VPN Profiles

+

You can access and download your personal VPN configurations via your Userprofile.

+
+

To find all your configured profiles click on the button below.

+

+ Open My Profile +

+
+ + {{with eq $.Session.LoggedIn true}}{{with eq $.Session.IsAdmin true}} +
+

Administration Area

+

In the administration area you can manage WireGuard peers and the server interface as well as users that are allowed to log in to the WireGuard Portal.

+
+

To find all your configured profiles click on the button below.

+

+ Open WireGuard Administration + Open User Administration +

+
+ {{end}}{{end}} -

Client Software

-

Installation instructions for client software can be found on the official WireGuard website: https://www.wireguard.com/

{{template "prt_footer.html" .}} diff --git a/assets/tpl/prt_nav.html b/assets/tpl/prt_nav.html index 79178a5..6ab5d9b 100644 --- a/assets/tpl/prt_nav.html +++ b/assets/tpl/prt_nav.html @@ -7,19 +7,28 @@