{"id":27160369,"url":"https://github.com/wg-controller/wg-controller","last_synced_at":"2025-10-07T12:48:24.384Z","repository":{"id":273468147,"uuid":"909884438","full_name":"wg-controller/wg-controller","owner":"wg-controller","description":"A self hosted WireGuard VPN server with control plane and web management","archived":false,"fork":false,"pushed_at":"2025-05-08T01:33:26.000Z","size":2786,"stargazers_count":7,"open_issues_count":2,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-29T09:56:12.571Z","etag":null,"topics":["network","overlay-network","remote-access","vpn","wireguard"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wg-controller.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-12-30T01:17:09.000Z","updated_at":"2025-05-08T01:33:30.000Z","dependencies_parsed_at":"2025-01-21T05:23:48.365Z","dependency_job_id":"57bb0c50-1ceb-48b7-9f69-59936894780e","html_url":"https://github.com/wg-controller/wg-controller","commit_stats":null,"previous_names":["wg-controller/wg-controller"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/wg-controller/wg-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wg-controller%2Fwg-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wg-controller%2Fwg-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wg-controller%2Fwg-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wg-controller%2Fwg-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wg-controller","download_url":"https://codeload.github.com/wg-controller/wg-controller/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wg-controller%2Fwg-controller/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278778959,"owners_count":26044256,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network","overlay-network","remote-access","vpn","wireguard"],"created_at":"2025-04-08T23:44:59.504Z","updated_at":"2025-10-07T12:48:24.378Z","avatar_url":"https://github.com/wg-controller.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WireGuard Controller\n\nA self hosted WireGuard VPN server with control plane and web management.\n\n## Features\n\n- Easily host your own VPN overlay network with Docker or Kubernetes\n- Manage users and devices from a modern web interface\n- Integrated DNS server resolves devices by their configured name\n- Internal IP routing between clients\n- Share access to client local networks with the rest of your overlay network\n- Synchronization of WireGuard keys and settings between clients and server (using [wg-controller-client](https://github.com/wg-controller/wg-controller-client))\n- Easy client enrollment with pre defined API keys\n- Support for standard WireGuard clients and 3rd party devices\n- Optional internal client monitoring by icmp ping\n- Optional client up/down Slack alerts via webhook\n\n## Screenshots\n\n![Clients Page](/screenshot1.png?raw=true \"Client Management Page\")\n\n![Client Dialog](/screenshot2.png?raw=true \"Client Dialog\")\n\n## Deployment\n\n### Docker\n\n- Generate WG_PRIVATE_KEY and DB_AES_KEY\n\n ```\n docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-wg-key\n ```\n\n ```\n docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-db-key\n ```\n\n- Run docker image (fill in env vars)\n\n ```\n docker run --name wg-controller \\\n -e PUBLIC_HOST=\"wg.example.com\" \\\n -e ADMIN_EMAIL=\"admin@example.com\" \\\n -e ADMIN_PASS=\"\" \\\n -e WG_PRIVATE_KEY=\"\" \\\n -e DB_AES_KEY=\"\" \\\n -p 51820:51820/udp \\\n -p 8081:8081 \\\n -v wg-controller-data:/data \\\n --cap-add=NET_ADMIN \\\n --cap-add=SYS_MODULE \\\n --privileged \\\n --user=0 \\\n --sysctl net.ipv4.conf.all.src_valid_mark=1 \\\n --sysctl net.ipv4.ip_forward=1 \\\n ghcr.io/wg-controller/wg-controller:latest\n ```\n\n- The web interface will be running on port :8081\n\n### Kubernetes\n\n- Clone repo or download kube-manifests.yaml\n- Generate WG_PRIVATE_KEY and DB_AES_KEY\n\n ```\n docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-wg-key\n ```\n\n ```\n docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-db-key\n ```\n\n- Fill in env fields in kube-manifests.yaml\n- Configure ingress domain, SSL etc\n- Deploy to kubernetes with kubectl\n\n ```\n kubectl apply -f kube-manifests.yaml\n ```\n\n## Options\n\n| Env | Default | Example |\n| ---------------- | ------------- | -------------------------------------------- |\n| PUBLIC_HOST | required | wg.example.com |\n| ADMIN_EMAIL | required | admin@example.com |\n| ADMIN_PASS | required | SuP3Rs8cureP4ssw0rd# |\n| WG_PRIVATE_KEY | required | WFgLw2vV1Pc1EhtRXdFNHOopmuNl9GZluRFhI73Mf2o= |\n| DB_AES_KEY | required | CQLZLLfq+XXQKWrLDDvy0vine6Yil3SGxGJEUHK32yU= |\n| SERVER_CIDR | 172.19.0.0/24 | 192.168.10.0/24 |\n| SERVER_ADDRESS | 172.19.0.254 | 192.168.10.1 |\n| EGRESS_INTERFACE | eth0 | eth2 |\n| WG_INTERFACE | wg0 | utun11 |\n| WG_PORT | 51820 | 51821 |\n| API_PORT | 8081 | 9000 |\n| SERVER_HOSTNAME | wg-controller | my-vpn-server |\n| UPSTREAM_DNS | 8.8.8.8 | 1.1.1.1 |\n| SLACK_WEBHOOK | none | https://hooks.slack.com/services/example |\n| PING_MONITORING | false | true |\n\n## Security\n\n\u003e [!WARNING]\n\u003e Do not host this on the internet without an appropriate SSL reverse proxy (see [NGINX](https://hub.docker.com/_/nginx), [Caddy](https://caddyserver.com))\n\n- WireGuard keys encrypted at rest with AES256\n- Passwords and API keys salted and hashed before storage\n\n## Project Status\n\nThis project is in its early development phase.\n\n## Development\n\n[Tygo](https://github.com/gzuidhof/tygo) is used for generating TypeScript types from Golang types \u003cbr\u003e\nInstall Tygo with `go install github.com/gzuidhof/tygo@latest` \u003cbr\u003e\nRunning `tygo generate` will export Go types to frontend.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwg-controller%2Fwg-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwg-controller%2Fwg-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwg-controller%2Fwg-controller/lists"}