Feat docs (#1814)

* improve docs and formatting * lint in ci avoid using bundled prettier from vscode extension * fix action, typos * remove header * remove unused deps
2025-10-07 08:31:02 +08:00 · 2025-04-15 12:43:57 +02:00
parent 2a32c1b9c0
commit 1cfe6404b2
26 changed files with 520 additions and 419 deletions
--- a/docs/content/examples/tutorials/auto-updates.md
+++ b/docs/content/examples/tutorials/auto-updates.md
@@ -19,13 +19,13 @@ File: `/etc/docker/containers/watchtower/docker-compose.yml`

 ```yaml
 services:
-  watchtower:
-    image: containrrr/watchtower:latest
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    env_file:
-      - watchtower.env
-    restart: unless-stopped
+    watchtower:
+        image: containrrr/watchtower:latest
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+        env_file:
+            - watchtower.env
+        restart: unless-stopped
 ```

 File: `/etc/docker/containers/watchtower/watchtower.env`
--- a/docs/content/examples/tutorials/basic-installation.md
+++ b/docs/content/examples/tutorials/basic-installation.md
@@ -19,22 +19,22 @@ Follow the Docs here: <https://docs.docker.com/engine/install/> and install Dock

 1. Create a directory for the configuration files (you can choose any directory you like):

-   ```shell
-   sudo mkdir -p /etc/docker/containers/wg-easy
-   ```
+    ```shell
+    sudo mkdir -p /etc/docker/containers/wg-easy
+    ```

 2. Download docker compose file

-   ```shell
-   sudo curl -o /etc/docker/containers/wg-easy/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
-   ```
+    ```shell
+    sudo curl -o /etc/docker/containers/wg-easy/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
+    ```

 3. Start `wg-easy`

-   ```shell
-    cd /etc/docker/containers/wg-easy
-    sudo docker-compose up -d
-   ```
+    ```shell
+     cd /etc/docker/containers/wg-easy
+     sudo docker-compose up -d
+    ```

 ## Setup Firewall

@@ -48,6 +48,7 @@ These ports can be changed, so if you change them you have to update your firewa

 - To setup traefik follow the instructions here: [Traefik](./traefik.md)
 - To setup caddy follow the instructions here: [Caddy](./caddy.md)
+- If you do not want to use a reverse proxy follow the instructions here: [No Reverse Proxy](./reverse-proxyless.md)

 ## Update `wg-easy`

--- a/docs/content/examples/tutorials/podman-nft.md
+++ b/docs/content/examples/tutorials/podman-nft.md
@@ -87,15 +87,15 @@ In the Admin Panel of your WireGuard server, go to the `Hooks` tab and add the f

 1. PostUp

-   ```shell
-   nft add table inet wg_table; nft add chain inet wg_table prerouting { type nat hook prerouting priority 100 \; }; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy accept \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy accept \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
-   ```
+    ```shell
+    nft add table inet wg_table; nft add chain inet wg_table prerouting { type nat hook prerouting priority 100 \; }; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy accept \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy accept \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
+    ```

 2. PostDown

-   ```shell
-   nft delete table inet wg_table
-   ```
+    ```shell
+    nft delete table inet wg_table
+    ```

 If you don't have iptables loaded on your server, you could see many errors in the logs or in the UI. You can ignore them.

--- a/docs/content/examples/tutorials/reverse-proxyless.md
+++ b/docs/content/examples/tutorials/reverse-proxyless.md
@@ -0,0 +1,29 @@
+---
+title: No Reverse Proxy
+---
+
+/// warning | Insecure
+
+This is insecure. You should use a reverse proxy to secure the connection.
+
+Only use this method if you know what you are doing.
+///
+
+If you only allow access to the web UI from your local network, you can skip the reverse proxy setup. This is not recommended, but it is possible.
+
+## Setup
+
+- Edit the `docker-compose.yml` file and uncomment `environment` and `INSECURE`
+
+- Set `INSECURE` to `true` to allow access to the web UI over a non-secure connection.
+
+- The `docker-compose.yml` file should look something like this:
+
+    ```yaml
+    environment:
+        - INSECURE=true
+    ```
+
+- Save the file and restart `wg-easy`.
+
+- Make sure that the Web UI is not accessible from outside your local network.
--- a/docs/content/examples/tutorials/traefik.md
+++ b/docs/content/examples/tutorials/traefik.md
@@ -20,25 +20,25 @@ File: `/etc/docker/containers/traefik/docker-compose.yml`

 ```yaml
 services:
-  traefik:
-    image: traefik:3.3
-    container_name: traefik
-    restart: unless-stopped
-    ports:
-      - "80:80"
-      - "443:443/tcp"
-      - "443:443/udp"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /etc/docker/volumes/traefik/traefik.yml:/traefik.yml:ro
-      - /etc/docker/volumes/traefik/traefik_dynamic.yml:/traefik_dynamic.yml:ro
-      - /etc/docker/volumes/traefik/acme.json:/acme.json
-    networks:
-      - traefik
+    traefik:
+        image: traefik:3.3
+        container_name: traefik
+        restart: unless-stopped
+        ports:
+            - '80:80'
+            - '443:443/tcp'
+            - '443:443/udp'
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+            - /etc/docker/volumes/traefik/traefik.yml:/traefik.yml:ro
+            - /etc/docker/volumes/traefik/traefik_dynamic.yml:/traefik_dynamic.yml:ro
+            - /etc/docker/volumes/traefik/acme.json:/acme.json
+        networks:
+            - traefik

 networks:
-  traefik:
-    external: true
+    traefik:
+        external: true
 ```

 ## Create traefik.yml
@@ -47,47 +47,47 @@ File: `/etc/docker/volumes/traefik/traefik.yml`

 ```yaml
 log:
-  level: INFO
+    level: INFO

 entryPoints:
-  web:
-    address: ":80/tcp"
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-  websecure:
-    address: ":443/tcp"
-    http:
-      middlewares:
-        - compress@file
-        - hsts@file
-      tls:
-        certResolver: letsencrypt
-    http3: {}
+    web:
+        address: ':80/tcp'
+        http:
+            redirections:
+                entryPoint:
+                    to: websecure
+                    scheme: https
+    websecure:
+        address: ':443/tcp'
+        http:
+            middlewares:
+                - compress@file
+                - hsts@file
+            tls:
+                certResolver: letsencrypt
+        http3: {}

 api:
-  dashboard: true
+    dashboard: true

 certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: $mail@example.com$
-      storage: acme.json
-      httpChallenge:
-        entryPoint: web
+    letsencrypt:
+        acme:
+            email: $mail@example.com$
+            storage: acme.json
+            httpChallenge:
+                entryPoint: web

 providers:
-  docker:
-    watch: true
-    network: traefik
-    exposedByDefault: false
-  file:
-    filename: traefik_dynamic.yml
+    docker:
+        watch: true
+        network: traefik
+        exposedByDefault: false
+    file:
+        filename: traefik_dynamic.yml

 serversTransport:
-  insecureSkipVerify: true
+    insecureSkipVerify: true
 ```

 ## Create traefik_dynamic.yml
@@ -96,33 +96,33 @@ File: `/etc/docker/volumes/traefik/traefik_dynamic.yml`

 ```yaml
 http:
-  middlewares:
-    services:
-      basicAuth:
-        users:
-          - "$username$:$password$"
-    compress:
-      compress: {}
-    hsts:
-      headers:
-        stsSeconds: 2592000
-  routers:
-    api:
-      rule: Host(`traefik.$example.com$`)
-      entrypoints:
-        - websecure
-      middlewares:
-        - services
-      service: api@internal
+    middlewares:
+        services:
+            basicAuth:
+                users:
+                    - '$username$:$password$'
+        compress:
+            compress: {}
+        hsts:
+            headers:
+                stsSeconds: 2592000
+    routers:
+        api:
+            rule: Host(`traefik.$example.com$`)
+            entrypoints:
+                - websecure
+            middlewares:
+                - services
+            service: api@internal

 tls:
-  options:
-    default:
-      cipherSuites:
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-      sniStrict: true
+    options:
+        default:
+            cipherSuites:
+                - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+                - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+                - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+            sniStrict: true
 ```

 ## Create acme.json