Feat: Improve Docs (#1791)

* improve docs * preplan guides * fix spelling * fix nftables rules * consistent wg-easy code block * fix grammar
2025-04-11 23:25:58 +02:00
parent 65aa067100
commit ff783fd4d1
24 changed files with 465 additions and 73 deletions
--- a/docs/content/examples/tutorials/adguard.md
+++ b/docs/content/examples/tutorials/adguard.md
@@ -2,4 +2,8 @@
 title: AdGuard Home
 ---

-TODO
+It seems like the Docs on how to setup AdGuard Home are not available yet.
+
+Feel free to create a PR and add them here.
+
+<!-- TODO -->
--- a/docs/content/examples/tutorials/auto-updates.md
+++ b/docs/content/examples/tutorials/auto-updates.md
@@ -6,11 +6,49 @@ title: Auto Updates

 With Docker Compose `wg-easy` can be updated with a single command:

-Replace `$DIR` with the directory where your `docker-compose.yml` is located.
+```shell
+cd /etc/docker/containers/wg-easy
+sudo docker compose up -d --pull always
+```
+
+### Watchtower
+
+If you want the updates to be fully automatic you can install Watchtower. This will check for updates every day at 4:00 AM and update the container if a new version is available.
+
+File: `/etc/docker/containers/watchtower/docker-compose.yml`
+
+```yaml
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    env_file:
+      - watchtower.env
+    restart: unless-stopped
+```
+
+File: `/etc/docker/containers/watchtower/watchtower.env`
+
+```env
+WATCHTOWER_CLEANUP=true
+WATCHTOWER_SCHEDULE=0 0 4 * * *
+TZ=Europe/Berlin
+
+# Email
+# WATCHTOWER_NOTIFICATIONS_LEVEL=info
+# WATCHTOWER_NOTIFICATIONS=email
+# WATCHTOWER_NOTIFICATION_EMAIL_FROM=mail@example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_TO=mail@example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=mail@example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="SuperSecurePassword"
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
+```

 ```shell
-cd $DIR
-sudo docker compose up -d --pull always
+cd /etc/docker/containers/watchtower
+sudo docker compose up -d
 ```

 ## Docker Run
--- a/docs/content/examples/tutorials/basic-installation.md
+++ b/docs/content/examples/tutorials/basic-installation.md
@@ -20,20 +20,20 @@ Follow the Docs here: <https://docs.docker.com/engine/install/> and install Dock
 1. Create a directory for the configuration files (you can choose any directory you like):

   ```shell
-   DIR=/docker/wg-easy
-   sudo mkdir -p $DIR
+   sudo mkdir -p /etc/docker/containers/wg-easy
   ```

 2. Download docker compose file

   ```shell
-   sudo curl -o $DIR/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
+   sudo curl -o /etc/docker/containers/wg-easy/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
   ```

 3. Start `wg-easy`

   ```shell
-    sudo docker-compose -f $DIR/docker-compose.yml up -d
+    cd /etc/docker/containers/wg-easy
+    sudo docker-compose up -d
   ```

 ## Setup Firewall
@@ -41,27 +41,22 @@ Follow the Docs here: <https://docs.docker.com/engine/install/> and install Dock
 If you are using a firewall, you need to open the following ports:

 - UDP 51820 (WireGuard)
- TCP 51821 (Web UI)

 These ports can be changed, so if you change them you have to update your firewall rules accordingly.

 ## Setup Reverse Proxy

-TODO
-
-## Access the Web UI
-
-Open your browser and navigate to `https://<your-domain>:51821` or `https://<your-ip>:51821`.
-
-Follow the instructions to set up your WireGuard VPN.
+- To setup traefik follow the instructions here: [Traefik](./traefik.md)
+- To setup caddy follow the instructions here: [Caddy](./caddy.md)

 ## Update `wg-easy`

 To update `wg-easy` to the latest version, run:

 ```shell
-sudo docker-compose -f $DIR/docker-compose.yml pull
-sudo docker-compose -f $DIR/docker-compose.yml up -d
+cd /etc/docker/containers/wg-easy
+sudo docker-compose pull
+sudo docker-compose up -d
 ```

 ## Auto Update
--- a/docs/content/examples/tutorials/caddy.md
+++ b/docs/content/examples/tutorials/caddy.md
@@ -2,4 +2,8 @@
 title: Caddy
 ---

-TODO
+It seems like the Docs on how to setup Caddy are not available yet.
+
+Feel free to create a PR and add them here.
+
+<!-- TODO -->
--- a/docs/content/examples/tutorials/docker-run.md
+++ b/docs/content/examples/tutorials/docker-run.md
@@ -39,5 +39,3 @@ docker run -d \
 ```

 The Web UI will now be available at <http://0.0.0.0:51821>.
-
-> 💡 Your configuration files will be saved in `~/.wg-easy`
--- a/docs/content/examples/tutorials/dockerless.md
+++ b/docs/content/examples/tutorials/dockerless.md
@@ -2,4 +2,6 @@
 title: Without Docker
 ---

-TODO
+This is currently not yet supported.
+
+<!-- TODO -->
--- a/docs/content/examples/tutorials/nginx.md
+++ b/docs/content/examples/tutorials/nginx.md
@@ -1,5 +0,0 @@
---
-title: NGINX
---
-
-TODO
--- a/docs/content/examples/tutorials/podman-nft.md
+++ b/docs/content/examples/tutorials/podman-nft.md
@@ -1,5 +1,5 @@
 ---
-title: Podman
+title: Podman + nftables
 ---

 This guide will show you how to run `wg-easy` with rootful Podman and nftables.
@@ -88,7 +88,7 @@ In the Admin Panel of your WireGuard server, go to the `Hooks` tab and add the f
 1. PostUp

   ```shell
-   apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy drop \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy drop \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
+   nft add table inet wg_table; nft add chain inet wg_table prerouting { type nat hook prerouting priority 100 \; }; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy accept \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy accept \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
   ```

 2. PostDown
@@ -106,8 +106,3 @@ Restart the container to apply the new hooks:
 ```shell
 sudo systemctl restart wg-easy
 ```
-
-<!--
-TODO: improve docs after better nftables support
-TODO: fix accept web ui port
-->
--- a/docs/content/examples/tutorials/traefik.md
+++ b/docs/content/examples/tutorials/traefik.md
@@ -2,4 +2,183 @@
 title: Traefik
 ---

-TODO
+/// note | Opinionated
+
+This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
+///
+
+## Create docker compose project
+
+```shell
+sudo mkdir -p /etc/docker/containers/traefik
+cd /etc/docker/containers/traefik
+```
+
+## Create docker compose file
+
+File: `/etc/docker/containers/traefik/docker-compose.yml`
+
+```yaml
+services:
+  traefik:
+    image: traefik:3.3
+    container_name: traefik
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443/tcp"
+      - "443:443/udp"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/docker/volumes/traefik/traefik.yml:/traefik.yml:ro
+      - /etc/docker/volumes/traefik/traefik_dynamic.yml:/traefik_dynamic.yml:ro
+      - /etc/docker/volumes/traefik/acme.json:/acme.json
+    networks:
+      - traefik
+
+networks:
+  traefik:
+    external: true
+```
+
+## Create traefik.yml
+
+File: `/etc/docker/volumes/traefik/traefik.yml`
+
+```yaml
+log:
+  level: INFO
+
+entryPoints:
+  web:
+    address: ":80/tcp"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ":443/tcp"
+    http:
+      middlewares:
+        - compress@file
+        - hsts@file
+      tls:
+        certResolver: letsencrypt
+    http3: {}
+
+api:
+  dashboard: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: $mail@example.com$
+      storage: acme.json
+      httpChallenge:
+        entryPoint: web
+
+providers:
+  docker:
+    watch: true
+    network: traefik
+    exposedByDefault: false
+  file:
+    filename: traefik_dynamic.yml
+
+serversTransport:
+  insecureSkipVerify: true
+```
+
+## Create traefik_dynamic.yml
+
+File: `/etc/docker/volumes/traefik/traefik_dynamic.yml`
+
+```yaml
+http:
+  middlewares:
+    services:
+      basicAuth:
+        users:
+          - "$username$:$password$"
+    compress:
+      compress: {}
+    hsts:
+      headers:
+        stsSeconds: 2592000
+  routers:
+    api:
+      rule: Host(`traefik.$example.com$`)
+      entrypoints:
+        - websecure
+      middlewares:
+        - services
+      service: api@internal
+
+tls:
+  options:
+    default:
+      cipherSuites:
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+      sniStrict: true
+```
+
+## Create acme.json
+
+```shell
+sudo touch /etc/docker/volumes/traefik/acme.json
+sudo chmod 600 /etc/docker/volumes/traefik/acme.json
+```
+
+## Create network
+
+```shell
+sudo docker network create traefik
+```
+
+## Start traefik
+
+```shell
+sudo docker-compose up -d
+```
+
+You can no access the Traefik dashboard at `https://traefik.$example.com$` with the credentials you set in `traefik_dynamic.yml`.
+
+## Add Labels to `wg-easy`
+
+To add labels to your `wg-easy` service, you can add the following to your `docker-compose.yml` file:
+
+File: `/etc/docker/containers/wg-easy/docker-compose.yml`
+
+```yaml
+services:
+  wg-easy:
+    ...
+    container_name: wg-easy
+    networks:
+      ...
+      traefik: {}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wg-easy.rule=Host(`wg-easy.$example.com$`)"
+      - "traefik.http.routers.wg-easy.entrypoints=websecure"
+      - "traefik.http.routers.wg-easy.service=wg-easy"
+      - "traefik.http.services.wg-easy.loadbalancer.server.port=51821"
+    ...
+
+networks:
+  ...
+  traefik:
+    external: true
+```
+
+## Restart `wg-easy`
+
+```shell
+cd /etc/docker/containers/wg-easy
+sudo docker-compose up -d
+```
+
+You can now access `wg-easy` at `https://wg-easy.$example.com$` and start the setup.