how to start the service at boot time - bare metal. about wg-manager HOT 5 OPEN

I'm actually looking at this too. :P

EDIT: A bit more information about my setup here, we're running this inside of a VM, and so far your management interface appears to be the best one, if ONLY because it will sit there and take existing Wireguard configs.

I HAVE gotten it working on our CentOS 7 server (and I'd be happy to share my methods for your docs!), which is great! But I need it to be able to start up if our cluster goes down and comes back up, etc. A way to run it as a system service would be ideal.

EDIT 3 Feb 2020: I'm making some progress on this!

from wg-manager.

Note, this is all on CentOS 7 - you may need to adapt the instructions below to your distro. @perara, @tony1661, your input here on any security considerations or "best practices" would be much appreciated - but I think I got it right!

I created a systemd unit file:

$ cat /etc/systemd/system/wg-manager.service:

[Unit]
Description=WireGuard Manager
After=syslog.target
After=network.target

[Service]
Type=simple
Environment=ADMIN_USERNAME=admin
Environment=ADMIN_PASSWORD=password
WorkingDirectory=/opt/wg-manager/wg_dashboard_backend
ExecStart=/opt/wg-manager/wg_dashboard_backend/venv/bin/gunicorn -k uvicorn.workers.UvicornWorker -b 0.0.0.0:8000 main:app
User=vpn
Group=vpn
Restart=always

[Install]
WantedBy=multi-user.target

I also installed Caddy, and used it to proxy to the server via HTTPS with custom certs from our internal CA.

$ cat /etc/caddy/Caddyfile:

wg.example.com {
  reverse_proxy localhost:8000

  tls /home/vpn/wg.example.com/cert.pem /home/vpn/wg.example.com/key.key {
    ca_root /home/vpn/wg.example.com/ca.pem
  }
}

Then, just do:

# systemctl enable wg-manager
# systemctl start wg-manager
# systemctl enable caddy
# systemctl start caddy

...and your service should be served up via HTTPS and should come right up after a server reboot!

from wg-manager.

from wg-manager.

Ah, yes, you probably need to do pip install gunicorn after the part of the setup instructions where you install uvicorn. From my reading, gunicorn is a preferred way of running a server like this in production, so I went ahead and figured out how to work with it. That will put gunicorn in the venv/bin directory, where you can then reference it. I didn't use uvicorn for my service file, as it seems like it's generally considered to be a development server - not a production one.

from wg-manager.

Any progress on this, my dude @pw44?

Another aspect I found was to be sure to never use anything BUT your final ADMIN_USERNAME and ADMIN_PASSWORD credentials during setup. Doing so will conflict with the database, and all will be lost (well not really you can just use the initial creds you started with, but).

from wg-manager.