{"id":13495405,"url":"https://github.com/perara/wg-manager","last_synced_at":"2025-10-06T03:32:56.419Z","repository":{"id":37559810,"uuid":"253635130","full_name":"perara/wg-manager","owner":"perara","description":"A easy to use WireGuard dashboard and management tool","archived":false,"fork":false,"pushed_at":"2022-03-17T08:35:32.000Z","size":4619,"stargazers_count":607,"open_issues_count":48,"forks_count":74,"subscribers_count":31,"default_branch":"main","last_synced_at":"2025-03-28T16:09:27.825Z","etag":null,"topics":["dashboard","obfuscation","site-to-site","vpn","wg-manager","wireguard","wireguard-dashboard","wireguard-tunnel","wireguard-vpn","wireguard-vpn-setup"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/perara.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["perara"]}},"created_at":"2020-04-06T23:02:19.000Z","updated_at":"2025-03-24T11:05:04.000Z","dependencies_parsed_at":"2022-07-12T16:23:31.716Z","dependency_job_id":null,"html_url":"https://github.com/perara/wg-manager","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perara%2Fwg-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perara%2Fwg-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perara%2Fwg-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perara%2Fwg-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/perara","download_url":"https://codeload.github.com/perara/wg-manager/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247217221,"owners_count":20903009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dashboard","obfuscation","site-to-site","vpn","wg-manager","wireguard","wireguard-dashboard","wireguard-tunnel","wireguard-vpn","wireguard-vpn-setup"],"created_at":"2024-07-31T19:01:34.391Z","updated_at":"2025-10-06T03:32:51.382Z","avatar_url":"https://github.com/perara.png","language":"Python","funding_links":["https://github.com/sponsors/perara"],"categories":["Python"],"sub_categories":[],"readme":"# wg-manager\nThe wg-manager provides an easy-to-use graphical web interface to import, setup, and manage WireGuard server(s).\n[See Here](https://github.com/perara/wg-manager#Showcase)\n\n## Contributions\nAll contributions are very much appreciated, and please, to ease the merging process, target your pull requests to the [development] branch (https://github.com/perara/wg-manager/tree/dev) branch to prevent merge conflicts. Thanks!\n\n## Features\n\nThe features of wg-manager includes:\n\n**Server**\n* IPv4 **and** IPv6 support\n* Create/Delete/Modify\n* Start/Stop/Restart server\n* Import existing configurations\n* Export server config, along with client config as zip.\n\n**Peer**\n* Create/Delete/Modify\n* Bandwidth usage statistics\n* Export by QRCode, Text\n* Authentication via API-Keys for automation (Created in GUI)\n* Automatic setup using docker\n\n**General**\n* Modify Admin User\n* Create and manage API-Keys\n\n# Dependencies\n* Linux Kernel \u003e= 5.6 *(Alternatively: wireguard-dkms)*\n\n# Common Installation Steps\n1. Enable ip forwarding:\n     ```\n    sysctl -w net.ipv4.ip_forward=1 # IPV4 Support\n    sysctl -w net.ipv6.conf.all.forwarding=1  # IPV6 Support\n     ```\n2. For persistent configuration: \n    ```\n    cat \u003e /etc/sysctl.d/99-sysctl.conf \u003c\u003c EOF\n    net.ipv4.ip_forward = 1\n    net.ipv6.conf.all.forwarding=1\n    EOF\n    ```\n3. It is recommended to have a firewall protecting your servers\n\n## Notes\n* A few people has experienced issues with running the dockerized method using bridged networking. To workaround this, you can use `network_mode: host`. Note that you can no longer reverse-proxy the web interface from reverse proxies such as [jwilder/nginx-proxy](https://hub.docker.com/r/jwilder/nginx-proxy/).\n\n## Method #1: Docker-compose\n```yaml\nversion: \"2.1\"\nservices:\n  wireguard:\n    container_name: wg-manager\n    image: perara/wg-manager\n    restart: always\n    sysctls:\n      net.ipv6.conf.all.disable_ipv6: 0  # Required for IPV6\n    cap_add:\n      - NET_ADMIN\n    #network_mode: host # Alternatively\n    ports:\n       - 51800-51900:51800-51900/udp\n       - 8888:8888\n    volumes:\n      - ./wg-manager:/config\n    environment:\n      HOST: 0.0.0.0\n      PORT: 8888\n      ADMIN_USERNAME: admin\n      ADMIN_PASSWORD: admin\n      WEB_CONCURRENCY: 1\n```\nor [plain docker here](./docs/guides/docker_configuration.md)\nor [build docker image from github](./docs/install_docker_github.md)\n\n## Method #2: Bare Metal\n- [Installation on Debian/Ubuntu/RPI4](./docs/install.md)\n\n# Using the development branch\nAs there is no builds for the development branch, you have to do the following:\nChange `image: perara/wg-manager` to\n```\nbuild:\n      context: https://github.com/perara/wg-manager.git#dev\n```\n\n# Guides\n- [Importing Existing configuration](./docs/guides/import_existing_server.md)\n- [Reverse Proxy](./docs/guides/reverse_proxy.md)\n\n# Usage\nWhen docker container/server has started, go to http://localhost:8888\n\n# API Docs\nThe API docs is found [here](./docs/api.md).\n\n# API-Keys\n1. Login to wg-manager\n2. Go to edit profile\n3. Create API-Key and take note of the key. Use the X-API-Key header to authenticate.\n4. Example: `curl -i -H \"X-API-Key: \u003ckey-goes-here\u003e\" http://\u003chost\u003e:\u003cport\u003e/api/v1/users/api-key/list`\n5. Example 2: `curl -X POST \"http://\u003chost\u003e:\u003cport\u003e/api/v1/peer/configuration/add\" -H \"accept: application/json\" -H \"Content-Type: application/json\" -H \"X-API-Key: \u003capi-key-here\u003e\" -d \"{\\\"server_interface\\\":\\\"wg0\\\"}\"`\n\n# Client Mode\nwg-manager can also run in client-mode, with near-automatic setup and connection. To automatically setup the client,\nyou will need:\n1. wg-manager server url\n2. name of the interface the client should run on\n3. wg-manager server api key\n\nYou can setup multiple clients using the numbered environment variables. The following configuration runs a server and client automatically:\n```dockerfile\nversion: \"2.1\"\nservices:\n\n  server:\n    container_name: wg-manager\n    build: .\n    restart: always\n    sysctls:\n      net.ipv6.conf.all.disable_ipv6: 0\n    cap_add:\n      - NET_ADMIN\n    #network_mode: host # Alternatively\n    ports:\n      - 11820:11820/udp\n      - 51800-51900:51800-51900/udp\n      - 8888:8888\n    environment:\n      HOST: 0.0.0.0\n      PORT: 8888\n      ADMIN_USERNAME: admin\n      ADMIN_PASSWORD: admin\n      WEB_CONCURRENCY: 2\n      SERVER_INIT_INTERFACE_START: 1\n\n      #endpoint dynamic variables: ||external|| , ||internal||\n      SERVER_INIT_INTERFACE: '{\"address\":\"10.0.200.1\",\"v6_address\":\"fd42:42:42::1\",\"subnet\":24,\"v6_subnet\":64,\"interface\":\"wg0\",\"listen_port\":\"51820\",\"endpoint\":\"server\",\"dns\":\"10.0.200.1,8.8.8.8\",\"private_key\":\"\",\"public_key\":\"\",\"post_up\":\"\",\"post_down\":\"\",\"configuration\":\"\",\"is_running\":false,\"peers\":[]}'\n      SERVER_STARTUP_API_KEY: thisisasecretkeythatnobodyknows\n    networks:\n      - wg-manager-net\n\n  client:\n    container_name: wg-manager-server-with-client\n    build: .\n    restart: always\n    sysctls:\n      net.ipv6.conf.all.disable_ipv6: 0\n    cap_add:\n      - NET_ADMIN\n    ports:\n      - 8889:8889\n    privileged: true\n    environment:\n      HOST: 0.0.0.0  # Optional (For Accessing WEB-Gui)\n      PORT: 8889  # Optional (Web-GUI Listen Port)\n      WEB_CONCURRENCY: 1  # Optional\n      ADMIN_USERNAME: admin\n      ADMIN_PASSWORD: admin\n      INIT_SLEEP: 5  # If you run into concurrency issues\n      SERVER: 0  # If you want to host a server as well\n      CLIENT: 1  # If you want to connect to servers\n      CLIENT_START_AUTOMATICALLY: 1  # If you want the client to start automatically\n      CLIENT_1_NAME: \"client-1\"   # Name of first client\n      CLIENT_1_SERVER_HOST: \"http://server:8888\"  # Endpoint of first server\n      CLIENT_1_SERVER_INTERFACE: \"wg0\"  # Interface of first server (to get config)\n      CLIENT_1_API_KEY: \"thisisasecretkeythatnobodyknows\"  # API-Key of first server (to get config)\n    networks:\n      - wg-manager-net\n\nnetworks:\n  wg-manager-net:\n    driver: bridge\n```\n\n\n# Environment variables\n| Environment      | Description                                                               | Recommended |\n|------------------|---------------------------------------------------------------------------|-------------|\n| GUNICORN_CONF    | Location of custom gunicorn configuration                                 | default     |\n| WORKERS_PER_CORE | How many concurrent workers should there be per available core (Gunicorn) | default     |\n| WEB_CONCURRENCY  | The number of worker processes for handling requests. (Gunicorn)          | 1           |\n| HOST             | 0.0.0.0 or unix:/tmp/gunicorn.sock if reverse proxy. Remember to mount    | 0.0.0.0     |\n| PORT             | The port to use if running with IP host bind                              | 80          |\n| LOG_LEVEL        | Logging level of gunicorn/python                                          | info        |\n| ADMIN_USERNAME   | Default admin username on database creation                               | admin       |\n| ADMIN_PASSWORD   | Default admin password on database creation                               | admin       |\n| POST_UP          | The POST_UP Command (version 4)                                           | default     |\n| POST_DOWN        | The POST_DOWN Command (version 4)                                         | default     |\n| POST_UP_V6       | The POST_UP Command (version 6)                                           | default     |\n| POST_DOWN_V6     | The POST_DOWN Command (version 6)                                         | default     |\n| INIT_SLEEP       | Sleep before bootstrap. Useful for delaying client boot                   | integer     |\n| SERVER_STARTUP_API_KEY | Create a initial, and known API key on server init                  | secret      |\n| SERVER_INIT_INTERFACE | Create a initial wireguard interface on server init. See docs        | json        |\n| SERVER_INIT_INTERFACE_START | If the interface should start immediately                      | 1 or 0      |\n| SERVER | If the container should enable server-mode                                          | 1 or 0      |\n| CLIENT | If the container should enable client-mode                                          | 1 or 0      |\n| CLIENT_START_AUTOMATICALLY | If client is enabled. should it start immediately?              | 1 or 0      |\n| CLIENT_X_NAME | Name of the automatically generated client. X = incremental number from 1    | string      |\n| CLIENT_X_SERVER_HOST | The url to wg-manager server e.g. \"http://server:8888\"  See docs      | url         |\n| CLIENT_X_SERVER_INTERFACE | The wg-interface to create client on e.g\"wg0\". See docs          | string      |\n| CLIENT_X_API_KEY | A valid API-Key that is active on the server. Works well with SERVER_STARTUP_API_KEY | string |\n\n# Q\u0026A\nI'm trying to start the device but recieve the message: `Perhaps ip6tables or your kernel needs to be upgraded.`.\n    Try: `modprobe ip6table_nat` on the host.\n\n# Showcase\n![Illustration](docs/images/0.png)\n\n![Illustration](docs/images/1.png)\n\n![Illustration](docs/images/2.png)\n\n![Illustration](docs/images/3.png)\n\n![Illustration](docs/images/4.png)\n\n![Illustration](docs/images/5.png)\n\n![Illustration](docs/images/6.png)\n\n![Illustration](docs/images/7.png)\n\n![Illustration](docs/images/8.png)\n\n# Roadmap\n### Primaries\n- Implement multi-server support (setting up site-2-site servers from the GUI)\n- Extending multi-server support to enable custom access lists (A peer can be assigned to multiple servers, as part of the ACL)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperara%2Fwg-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fperara%2Fwg-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperara%2Fwg-manager/lists"}