wireguard-ui icon indicating copy to clipboard operation
wireguard-ui copied to clipboard

Published 20 hours ago verified publisher icon ngoduykhanh

Allow Unix sockets

Open mnsilva opened this issue 1 year ago • 2 comments

Hello,

is it possible to allow support for Unix sockets so we can expose the application behind a reverse proxy like NGINX without risking to expose plain traffic over a network interface?

Currently my setup is a NGNIX doing TLS termination (and a PKCS#12 authorization) reverse proxying to Wireguard-UI using HTTP. I also have Firewall rules to drop all traffic directly targeted at Wireguard-UI default port in case bind configuration is removed. If I could use Unix sockets instead (and that being the default), I'd not have to worry about the risk of exposing Wireguard-UI in a non-controlled environment.

mnsilva avatar Sep 01 '23 20:09 mnsilva

You can bind to localhost interface like me -bind-address 127.0.0.1:5000 and no problem with direct traffic from network to ui And for access you can simply use ssh -L 5000:localhost:5000 your.host and access on your comp to http://localhost:5000 Strong security and no traffic from others to wireguard-ui

Nill-R avatar Oct 04 '23 05:10 Nill-R

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Dec 15 '23 04:12 stale[bot]