Meshify
A control plane for WireGuard.
Requirements
- OIDC compliant OAuth2 implementation
- MongoDB
- Mail Server credentials for sending outgoing email
- golang
- nginx
- NodeJS / Vue 2
Features
- Self-hosted and web based management of wireguard networks
- Mesh define the configuration of the hosts in the network
- Invite people to network with email
- Authenticate them with OAuth2
- Generation of configuration files on demand
- User authentication (Oauth2 OIDC)
- Fully configure all aspects of your VPN
- Manage hosts remotely
- Simple
- Lightweight
- Secure
Running
Directly
Install dependencies
Sample NGINX Config:
server {
server_name meshifyvpn.com;
root /usr/share/meshify/ui/dist; index index.html; location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
# app2 reverse proxy settings follow
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host localhost;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/meshifyvpn.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/meshifyvpn.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = meshifyvpn.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name meshifyvpn.com;
listen 80;
return 404; # managed by Certbot
}
Example .env
file:
# IP address to listen to
SERVER=0.0.0.0
# port to bind
PORT=8080
# Gin framework release mode
GIN_MODE=release
# SMTP settings to send email to clients
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USERNAME=apikey
SMTP_PASSWORD=
SMTP_FROM=Meshify <info@meshifyvpn.com>
# MONGO settings
MONGODB_CONNECTION_STRING=mongodb://127.0.0.1:27017
# example with google
#OAUTH2_PROVIDER_NAME=google
#OAUTH2_PROVIDER=
#OAUTH2_CLIENT_ID=
#OAUTH2_CLIENT_SECRET=
#OAUTH2_REDIRECT_URL=
# example with github
#OAUTH2_PROVIDER_NAME=github
#OAUTH2_PROVIDER=https://github.com
#OAUTH2_CLIENT_ID=
#OAUTH2_CLIENT_SECRET=
#OAUTH2_REDIRECT_URL=
#OAUTH2_PROVIDER_NAME=oauth2oidc
#OAUTH2_PROVIDER=https://auth.meshifyvpn.com/
#OAUTH2_PROVIDER_URL=meshifyvpn.us.auth0.com
#OAUTH2_CLIENT_ID=
#OAUTH2_CLIENT_ID_WINDOWS=
#OAUTH2_CLIENT_SECRET=
#OAUTH2_REDIRECT_URL=https://dev.meshifyvpn.com
OAUTH2_PROVIDER_NAME=microsoft
OAUTH2_PROVIDER=https://login.microsoftonline.com/.../v2.0
OAUTH2_CLIENT_ID=
OAUTH2_CLIENT_ID_WINDOWS=
OAUTH2_CLIENT_SECRET=
OAUTH2_REDIRECT_URL=https://meshifyvpn.com
OAUTH2_TENET=...
# set provider name to fake to disable auth, also the default
OAUTH2_PROVIDER_NAME=microsoft
Create a systemd service for the API:
cat /lib/systemd/system/meshify-api.service
[Unit]
Description=Meshify API
ConditionPathExists=/usr/share/meshify/cmd/meshify
After=network.target
[Service]
Type=simple
User=root
Group=root
LimitNOFILE=1024000
Restart=on-failure
RestartSec=10
#startLimitIntervalSec=60
WorkingDirectory=/usr/share/meshify/
ExecStart=/usr/share/meshify/cmd/meshify/meshify
# make sure log directory exists and owned by syslog
PermissionsStartOnly=true
ExecStartPre=/bin/mkdir -p /var/log/meshify
ExecStartPre=/bin/chown syslog:adm /var/log/meshify
ExecStartPre=/bin/chmod 755 /var/log/meshify
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=meshify
[Install]
WantedBy=multi-user.target
Build the API
cd /usr/share/meshify/cmd/meshify
go build
Enable the service:
sudo systemctl enable meshify-api
sudo systemctl start meshify-api
Install NodeJS using NVM
nvm use lts-latest
Build the frontend
cd ui
npm install
npm run build
With the given nginx config, you should now be able to use your website. Don't forget
to get a cert using certbot
Need Help
mailto:support@meshify.app
License
- Released under MIT License
WireGuard® is a registered trademark of Jason A. Donenfeld.