Wireguard_server

ruslan/Wireguard_server

Fork 0

Commit Graph

Author	SHA1	Message	Date
ruslan	904582e7fa	feat(gui): security hardening, UI overhaul, light theme - CSRF protection on all POST forms (session token) - ensure_schema() moved to module-level, removed from before_request - gunicorn now binds to 127.0.0.1 only, runs as unprivileged user wgadmin - nginx reverse proxy with HTTPS (Let's Encrypt, wg.4mont.ru) - HTTP → HTTPS redirect before Basic Auth prompt - Auth moved to nginx level (auth_basic), wg-peerctl called via sudo - ufw firewall: only 22/80/443/51820 open - fail2ban: SSH + nginx (5 attempts → 1h ban) - Add Enable/Disable toggle buttons in peer table - Add .conf file download route - Light theme: white background, blue accent, subtle shadows - Modern sidebar layout, styled badges, responsive forms Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-06 10:10:19 +03:00
Ruslan	ae3da04d4a	Server: replace wireguard-ui with built-in wg-admin-gui + PostgreSQL	2026-04-14 11:43:07 +03:00

Author

SHA1

Message

Date

ruslan

904582e7fa

feat(gui): security hardening, UI overhaul, light theme

- CSRF protection on all POST forms (session token)
- ensure_schema() moved to module-level, removed from before_request
- gunicorn now binds to 127.0.0.1 only, runs as unprivileged user wgadmin
- nginx reverse proxy with HTTPS (Let's Encrypt, wg.4mont.ru)
- HTTP → HTTPS redirect before Basic Auth prompt
- Auth moved to nginx level (auth_basic), wg-peerctl called via sudo
- ufw firewall: only 22/80/443/51820 open
- fail2ban: SSH + nginx (5 attempts → 1h ban)
- Add Enable/Disable toggle buttons in peer table
- Add .conf file download route
- Light theme: white background, blue accent, subtle shadows
- Modern sidebar layout, styled badges, responsive forms

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-06 10:10:19 +03:00

Ruslan

ae3da04d4a

Server: replace wireguard-ui with built-in wg-admin-gui + PostgreSQL

2026-04-14 11:43:07 +03:00

2 Commits