https://github.com/friedjof/wireguardadmin
A modern web interface for managing WireGuard VPNs with live status, firewall management, and real-time updates.
https://github.com/friedjof/wireguardadmin
admin api deshboard docker firewall flask iptables linux management monitoring network peer python realtime security vpn webinterface websocket wireguard
Last synced: 3 months ago
JSON representation
A modern web interface for managing WireGuard VPNs with live status, firewall management, and real-time updates.
- Host: GitHub
- URL: https://github.com/friedjof/wireguardadmin
- Owner: Friedjof
- License: gpl-3.0
- Created: 2025-07-02T07:03:18.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2025-07-02T07:27:12.000Z (3 months ago)
- Last Synced: 2025-07-02T08:35:19.420Z (3 months ago)
- Topics: admin, api, deshboard, docker, firewall, flask, iptables, linux, management, monitoring, network, peer, python, realtime, security, vpn, webinterface, websocket, wireguard
- Language: Python
- Homepage:
- Size: 148 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
- Security: docs/SECURITY.md
Awesome Lists containing this project
README
# ๐ WireGuard Management System
[](https://www.gnu.org/licenses/gpl-3.0)
[](https://www.python.org/downloads/)
[](https://www.docker.com/)
[](https://flask.palletsprojects.com/)
[](https://github.com/features/actions)
[](https://pytest.org/)
[](https://black.readthedocs.io/)
A professional, enterprise-ready web application for managing WireGuard VPN peers with **real-time monitoring**, **advanced firewall management**, and **WebSocket-powered live updates**.
> โ ๏ธ **Development Status**: This project is actively under development. The firewall management and VPN functionality are experimental and may contain bugs. Use with caution in production environments.
## โจ **Key Features**
### ๐ **Real-Time Monitoring**
- **Live Status Updates** via WebSockets (2-second intervals)
- **Traffic Graphs** showing upload/download rates for last 40 seconds
- **Connection Monitoring** with visual indicators
- **Automatic Reconnection** with fallback to HTTP polling
### ๐ฅ **Advanced Peer Management**
- **Auto-IP Assignment** with conflict detection
- **Bulk Operations** with validation
- **Multiple Allowed IPs** with descriptions
- **QR Code Generation** for mobile devices
- **Configuration Export** (file download + API)
### ๐ก๏ธ **Enterprise Firewall Management** โ ๏ธ *Experimental*
- **iptables Integration** with rule preview
- **Security Templates** (Admin, Guest, Restricted, etc.)
- **Custom Rule Builder** with priorities
- **Terminal-Style Interface** for rule management
- **Dry-Run Testing** before applying rules
- *Note: Firewall features are experimental and may require manual intervention*
### ๐ง **Professional Architecture**
- **REST API** with full CRUD operations
- **WebSocket Events** for real-time communication
- **Docker Support** with production-ready setup
- **Modular Design** with separated concerns
- **Comprehensive Logging** and error handling
## ๐ฏ **Quick Start**
### **Using Make Commands (Recommended)**
```bash
# Clone repository
git clone https://github.com/Friedjof/WireguardAdmin.git
cd wireguard-management
# Show all available commands
make help
# Setup development environment
make setup
# Run tests and linting
make check
# Start development server
make dev
```
### **Docker Deployment**
```bash
# Configure environment
cp .env.example .env
# Edit .env with your server details
# Build and start with Docker
make build
make up
# Check status
make status
# Access web interface
open http://localhost:5000
```
### **Manual Installation**
```bash
# Install system dependencies
sudo apt update
sudo apt install wireguard-tools iptables python3 python3-pip
# Clone and setup
git clone https://github.com/Friedjof/WireguardAdmin.git
cd wireguard-management
# Setup with Make
make setup
# Or manually
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Configure environment
cp .env.example .env
# Edit .env with your configuration
# Run application
python app.py
```
## ๐ **Screenshots & Demo**
๐ผ๏ธ **Click to view screenshots**
### Dashboard with Real-Time Monitoring
### Peer Details with Traffic Graph
### Firewall Management Console
### Mobile QR Code Setup
## ๐๏ธ **Architecture**
```
wireguard-management/
โโโ ๐ app/ # Core application
โ โโโ ๐ __init__.py # Flask app & WebSocket setup
โ โโโ ๐๏ธ models.py # Database models
โ โโโ ๐ฃ๏ธ routes.py # Web routes & API endpoints
โ โโโ โ๏ธ utils.py # Utility functions
โ โโโ ๐ฅ iptables_manager.py # Firewall management
โ โโโ ๐ก websocket_manager.py # Real-time updates
โ โโโ ๐ websocket_events.py # WebSocket event handlers
โ โโโ ๐ wireguard_status.py # Status monitoring
โโโ ๐ static/ # Frontend assets
โ โโโ ๐จ css/ # Stylesheets
โ โโโ โก js/ # JavaScript modules
โโโ ๐ templates/ # Jinja2 templates
โโโ ๐ docker/ # Docker configuration
โโโ ๐ docs/ # Documentation
โโโ ๐ scripts/ # Utility scripts
โโโ ๐ณ docker-compose.yml # Production setup
```
## ๐ **API Reference**
### **Peer Management**
```http
GET /api/v1/peers # List all peers
POST /api/v1/peers # Create new peer
GET /api/v1/peers/{id} # Get peer details
PUT /api/v1/peers/{id} # Update peer
DELETE /api/v1/peers/{id} # Delete peer
POST /api/v1/peers/{id}/toggle # Toggle peer status
```
### **Real-Time WebSocket Events**
```javascript
// Connect to WebSocket
const socket = io();
// Listen for real-time updates
socket.on('peer_status_update', (data) => {
// data.data contains all peer statuses
// data.data[peerId].graph_data contains traffic history
});
// Activate/deactivate peers
socket.emit('peer_action', {
peer_id: 123,
action: 'activate' // or 'deactivate'
});
```
### **Firewall Management**
```http
GET /api/v1/firewall/status # Check iptables access
GET /api/v1/firewall/rules/generate # Preview generated rules
POST /api/v1/firewall/rules/apply # Apply rules to system
POST /api/v1/firewall/backup # Backup current rules
```
## ๐ก๏ธ **Security Features**
> โ ๏ธ **Security Notice**: This application manages critical network infrastructure. The firewall and VPN features are experimental and should be thoroughly tested before production use. Always maintain backup access to your server.
### **Built-in Security**
- โ
**Input Validation** with SQLAlchemy ORM protection
- โ
**Rate Limiting** on API endpoints
- โ
**CSRF Protection** on forms
- โ
**Secure Headers** with Flask-Talisman
- โ
**Environment-based Secrets** (no hardcoded keys)
### **Network Security** โ ๏ธ *Experimental*
- โ ๏ธ **iptables Integration** with custom rules *(may require manual fixes)*
- โ ๏ธ **Firewall Templates** for different security levels *(test thoroughly)*
- โ ๏ธ **Peer Isolation** options *(experimental feature)*
- โ
**Traffic Monitoring** and logging
### **Production Deployment**
- โ
**Docker Security** with non-root user
- โ
**Reverse Proxy** support (nginx/Traefik)
- โ
**SSL/TLS** certificate integration
- โ
**Environment Isolation** with Docker networks
## โ๏ธ **Configuration**
### **Environment Variables**
| Variable | Description | Default | Required |
|----------|-------------|---------|----------|
| `SERVER_PUBLIC_IP` | Your server's public IP/domain | - | โ
|
| `SERVER_PRIVATE_KEY` | WireGuard server private key | - | โ
|
| `SERVER_PUBLIC_KEY` | WireGuard server public key | - | โ
|
| `LISTEN_PORT` | WireGuard listen port | `51820` | โ |
| `VPN_SUBNET` | VPN internal network | `10.0.0.0/24` | โ |
| `FLASK_ENV` | Flask environment | `production` | โ |
### **Docker Configuration**
```yaml
# docker-compose.yml
services:
vpn-manager:
build: .
ports:
- "5000:5000" # Web interface
- "51820:51820/udp" # WireGuard
environment:
- SERVER_PUBLIC_IP=your-server.com
- SERVER_PRIVATE_KEY=your_private_key
- SERVER_PUBLIC_KEY=your_public_key
volumes:
- ./instance:/app/instance # Database persistence
- ./logs:/app/logs # Logs
- ./backups:/app/backups # Backups
```
## ๐ง **Development**
### **Quick Development Setup**
```bash
# Clone repository
git clone https://github.com/Friedjof/WireguardAdmin.git
cd wireguard-management
# Complete setup with one command
make setup
# Show all available commands
make help
```
### **Development Commands**
#### **๐ง Setup & Development**
```bash
make setup # Setup development environment
make install # Install dependencies (alias for setup)
make dev # Start development server
make clean # Clean up development environment
```
#### **๐งช Testing & Quality**
```bash
make test # Run all tests
make test-watch # Run tests in watch mode
make lint # Run linting checks (dry-run)
make format # Format code with Black
make check # Run all checks (lint + test)
```
#### **๐ณ Docker Operations**
```bash
make build # Build Docker container
make up # Start system (Docker)
make down # Stop system (Docker)
make logs # Show container logs
make shell # Open shell in container
make restart # Restart system
make docker-clean # Clean Docker resources
```
#### **๐ Monitoring & Operations**
```bash
make status # Show system status
make keys # Show WireGuard server keys
make backup # Create backup of configuration
```
### **CI/CD Pipeline**
The project includes automated CI/CD with GitHub Actions:
- **Automated Testing**: All tests run on every push
- **Code Quality**: Flake8 linting and Black formatting checks
- **Release Automation**: Docker images built on version tags (`v*`)
- **Container Registry**: Images pushed to GitHub Container Registry
#### **Release Process**
```bash
# Create and push a release tag
git tag v1.0.0
git push origin v1.0.0
# This automatically triggers:
# 1. Run tests and linting
# 2. Build Docker image
# 3. Push to registry
# 4. Create GitHub release
```
## ๐ **Requirements**
### **System Requirements**
- **Linux Server** (Ubuntu 22.04+ recommended)
- **WireGuard Tools** (`wireguard-tools` package)
- **iptables** (for firewall management)
- **Docker** and **Docker Compose** (for containerized deployment)
- **Make** (for development commands)
### **Python Requirements**
- **Python 3.12+**
- **pytest** (testing framework)
- **flake8** (code linting)
- **black** (code formatting)
- See `requirements.txt` for complete list
### **Network Requirements**
- **Open Port 51820/UDP** (WireGuard)
- **Open Port 5000/TCP** (Web interface, can be proxied)
- **Root Access** (for WireGuard and iptables management)
## ๐ค **Contributing**
We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.
### **Development Workflow**
1. **Fork** the repository
2. **Create** a feature branch (`git checkout -b feature/amazing-feature`)
3. **Commit** your changes (`git commit -m 'Add amazing feature'`)
4. **Push** to the branch (`git push origin feature/amazing-feature`)
5. **Open** a Pull Request
### **Bug Reports**
Please use the [GitHub Issues](https://github.com/Friedjof/WireguardAdmin/issues) for bug reports and feature requests.
## ๐ **License**
This project is licensed under the **GNU General Public License v3.0** - see the [LICENSE](LICENSE) file for details.
## ๐ **Acknowledgments**
- **WireGuard** team for the amazing VPN technology
- **Flask** community for the excellent web framework
- **Bootstrap** team for the responsive UI components
- **Chart.js** for beautiful traffic visualization
- **Socket.IO** for real-time communication
## ๐ **Support**
- ๐ **Documentation**: [Wiki](https://github.com/Friedjof/WireguardAdmin/wiki)
- ๐ **Bug Reports**: [Issues](https://github.com/Friedjof/WireguardAdmin/issues)
- ๐ฌ **Discussions**: [GitHub Discussions](https://github.com/Friedjof/WireguardAdmin/discussions)
- ๐ง **Email**: dev@noweck.info
---
โญ **Star this repository if it helped you!**
Made with โค๏ธ by [Friedjof](https://github.com/Friedjof)