38 lines
1.4 KiB
Markdown
38 lines
1.4 KiB
Markdown
# wg-selfserve
|
|
|
|
## Prerequisites
|
|
|
|
The tested setup is to host the service on apache, with uwsgi running the
|
|
python application. Example configs for apache and uwsgi are provided in the
|
|
`examples/` subdirectory.
|
|
|
|
All python dependencies are listed in `requirements.txt`. It is recommended to
|
|
run the application in a virtualenv.
|
|
|
|
Wireguard must be installed with the `wg` binary available in `$PATH`.
|
|
|
|
You will need to register the service with an oauth server,
|
|
probably `toker.dsv.su.se`. Oauth settings are saved in `config.ini` along
|
|
with all other settings.
|
|
|
|
## Setup
|
|
|
|
- Clone the repo
|
|
- Create server keys:
|
|
`wg genkey | tee server-priv.key | wg pubkey > server-pub.key`
|
|
- Create a suitable directory for user client data:
|
|
`mkdir user-data`
|
|
- Set up config.ini:
|
|
`cp config.ini.example config.ini && editor config.ini`
|
|
The comments in the file should explain each option.
|
|
- Ensure the web server user can write to the `work/` subdirectory:
|
|
`chown www-data work/`
|
|
- Configure apache and uwsgi, see examples under `examples/`.
|
|
- Start apache and uwsgi
|
|
- Create a symbolic link to the wireguard server config:
|
|
`ln -s /path/to/repo/work/<tunnel-id>.conf /etc/wireguard/`
|
|
- Activate the wg-quick systemd unit:
|
|
`systemctl enable wg-quick@<tunnel-id>.service`
|
|
- Start the wg-quick systemd unit:
|
|
`systemctl start wg-quick@<tunnel-id>.service`
|