Michael Schiemer
95147ff23e
Remove WireGuard integration from production deployment to simplify infrastructure: - Remove docker-compose-direct-access.yml (VPN-bound services) - Remove VPN-only middlewares from Grafana, Prometheus, Portainer - Remove WireGuard middleware definitions from Traefik - Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers All monitoring services now publicly accessible via subdomains: - grafana.michaelschiemer.de (with Grafana native auth) - prometheus.michaelschiemer.de (with Basic Auth) - portainer.michaelschiemer.de (with Portainer native auth) All services use Let's Encrypt SSL certificates via Traefik.
1014 B
1014 B
WireGuard Client Configurations
This directory stores generated client configuration files.
Security Notice
⚠️ NEVER commit client configs to Git!
Client configs contain:
- Private keys
- Preshared keys
- Network topology information
.gitignore is configured to exclude all .conf, .key, .qr.txt, and .qr.png files.
Generate New Client
cd ../../scripts
sudo ./generate-client-config.sh <device-name>
Configs will be created here:
<device-name>.conf- WireGuard configuration<device-name>.qr.txt- QR code (ASCII)<device-name>.qr.png- QR code (PNG)
Backup Client Configs
# Securely backup configs (encrypted)
tar -czf - *.conf | gpg --symmetric --cipher-algo AES256 -o wireguard-clients-backup-$(date +%Y%m%d).tar.gz.gpg
Revoke Client Access
# On server
sudo nano /etc/wireguard/wg0.conf
# Remove [Peer] section for client
# Reload WireGuard
sudo systemctl reload wg-quick@wg0
# Delete client config
rm <device-name>.*