1.4 KiB
1.4 KiB
wg-selfserve
Prerequisites
The tested setup is to host the service on apache, with uwsgi running the
python application. Example configs for apache and uwsgi are provided in the
examples/ subdirectory.
All python dependencies are listed in requirements.txt. It is recommended to
run the application in a virtualenv.
Wireguard must be installed with the wg binary available in $PATH.
You will need to register the service with an oauth server,
probably toker.dsv.su.se. Oauth settings are saved in config.ini along
with all other settings.
Setup
- Clone the repo
- Create server keys:
wg genkey | tee server-priv.key | wg pubkey > server-pub.key - Create a suitable directory for user client data:
mkdir user-data - Set up config.ini:
cp config.ini.example config.ini && editor config.ini
The comments in the file should explain each option. - Ensure the web server user can write to the
work/subdirectory:
chown www-data work/ - Configure apache and uwsgi, see examples under
examples/. - Start apache and uwsgi
- Create a symbolic link to the wireguard server config:
ln -s /path/to/repo/work/<tunnel-id>.conf /etc/wireguard/ - Activate the wg-quick systemd unit:
systemctl enable wg-quick@<tunnel-id>.service - Start the wg-quick systemd unit:
systemctl start wg-quick@<tunnel-id>.service