this post was submitted on 15 Apr 2024
0 points (50.0% liked)

Selfhosted

40329 readers
401 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I am running wg-easy and there is a way to passport protect the GUI used for creating Wireguard connections. Is there a way to prohibit connection to be made if not a password is entered? I don’t want someone to be able to access my VPN if for example my phone would be stolen unlocked. I don’t mind if it is client side only

you are viewing a single comment's thread
view the rest of the comments
[–] casey@lemmy.wiuf.net 1 points 7 months ago (1 children)

Yo - absolutely!

WG easy posts the GUI on a separate port than the primary Wireguard port you'd need to open in the firewall. I think it's 51821 - but this can easily be changed depending on if you're using docker-compose files or a gui like portainer to manage this.

In my case - I am using Nginx Proxy Manager - and it even has it's own basic password requirement "Access List" availability. With NPM I'm routing that gui over vpn (local dns) but you could put it behind a password with limite security via Access List, or the step beyond look into "middleware" like Keycloak.

[–] stuckgum@lemmy.ml 1 points 7 months ago

Hi, I’m not talking about the GUI. It is already behind a password and it is fine. I’m also using nginx for setting my the certs when connecting to nextcloud. What you are saying with Access List sounds very interesting but how does it work? How do you enter the password when you access nginx? Thanks for your reply