VPN/panel
1
0
Fork 0
mirror of https://github.com/remnawave/panel.git synced 2026-04-13 01:34:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into main

Browse Source
This commit is contained in:
Sergey Kutovoy
2025-05-06 00:29:48 +05:00
committed by GitHub
parent 2fbda555d4 ca293753a6
commit 2e37028cc6
17 changed files with 315 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
docs/awesome-remnawave/index.md
View File

@@ -8,7 +8,7 @@ title: ❤️ Awesome Remnawave
### Xray Checker
Xray Checker is a tool for monitoring proxy server availability with support for VLESS, VMess, Trojan, and Shadowsocks protocols. It automatically tests connections through Xray Core and provides metrics for Prometheus, as well as API endpoints for integration with monitoring systems.
Xray Checker is a tool for monitoring proxy server availability with support for VLESS, VMess, Trojan, and Shadowsocks protocols. It automatically tests connections through Xray Core and provides metrics for Prometheus, as well as API endpoints for integration with various monitoring systems.
Author: [kutovoys](https://github.com/kutovoys)
@@ -26,7 +26,7 @@ Author: [kutovoys](https://github.com/kutovoys)
### Remnawave Node installation script
Bash script to fast install Remnawave node
Bash script to quickly install Remnawave node
Author: [DigneZzZ](https://github.com/dignezzz)
@@ -36,13 +36,13 @@ Author: [DigneZzZ](https://github.com/dignezzz)
sudo bash -c "$(curl -sL https://github.com/DigneZzZ/remnawave-scripts/raw/main/remnanode.sh)" @ install --dev
```
If you want the latest branch, delete `--dev`.
If you want to use the latest branch, delete `--dev`.
Working directory: `/opt/remnanode`
App directory for custom `xray`: `/var/lib/remnanode`
After install, use `remnanode help` for more information.
After installation, use `remnanode help` for more information.
<br />
<div style={{ display: 'flex', justifyContent: 'center', gap: '1rem' }}>
@@ -58,7 +58,7 @@ After install, use `remnanode help` for more information.
### Remnawave Reverse Proxy from eGames
Server Using NGINX Reverse Proxy. This script is designed to streamline the setup of a reverse proxy server using NGINX and Xray, as well as to automate the installation of the Remnawave control panel and node. In this configuration, Xray operates directly on port 443, forwarding traffic through a socket that NGINX listens to.
Server Setup Using NGINX Reverse Proxy. This script is designed to streamline the setup of a reverse proxy server using NGINX and Xray, as well as to automate the installation of the Remnawave control panel and node. In this configuration, Xray operates directly on port 443, forwarding traffic through a socket that NGINX listens to.
Author: [eGamesAPI](https://github.com/eGamesAPI)
@@ -163,7 +163,7 @@ Features:
Author: [maposia](https://github.com/maposia)
### Environment Variables
#### Environment Variables
The application requires the following environment variables to be set:
@@ -178,13 +178,13 @@ The application requires the following environment variables to be set:
#### Install and Run
1. Create new directory for mini app
1. Create a new directory for the mini app
```bash
mkdir /opt/remnawave-telegram-sub-mini-app && cd /opt/remnawave-telegram-sub-mini-app
```
2. Download and configure the environment variables.
2. Download the sample environment variables.
```bash
curl -o .env https://raw.githubusercontent.com/maposia/remnawave-telegram-mini-bot/refs/heads/main/.env.example
@@ -202,7 +202,7 @@ nano .env
nano docker-compose.yml
```
Example below.
Example below:
```yaml
services:
@@ -228,7 +228,7 @@ remnawave-mini-app:
```
Uncomment if you want to use your own template downloaded from the Remnawave panel.
P.S. file must be placed in the same directory with this `docker-compose.yml` file
P.S. File must be placed in the same directory as this `docker-compose.yml` file
```yaml
volumes:
@@ -255,7 +255,7 @@ docker compose up -d && docker compose logs -f
```
2. Mini app is now running on http://127.0.0.1:3020
Now we are ready to move on the Reverse Proxy installation.
Now we are ready to move on to Reverse Proxy installation.
<div style={{ display: 'flex', justifyContent: 'center', gap: '1rem' }}>
<Button label="Github repository" link="https://github.com/maposia/remnawave-telegram-sub-mini-app" variant="secondary" size="md" outline />
@@ -265,21 +265,76 @@ docker compose up -d && docker compose logs -f
<div style={{ display: 'flex', justifyContent: 'center' }}>
<img src="/awesome/remnawave-telegram-sub-mini-app.webp" alt="Remnawave Telegram Subscription Mini App" width="600" />
</div>
---
### Ansible playbook for Install Remnawave
This project helps install Remnawave via Ansible.
Author: [iphizic](https://github.com/iphizic)
#### Clone repo and change dir
```bash
git clone https://github.com/iphizic/remna-playbook.git
cd remna-playbook
```
#### Now make Python .env:
```bash
python3 -m venv .env
```
#### Activate .env:
```bash
source .env/bin/activate
```
#### Install Ansible and requirements:
```bash
pip install -r requirements.txt
ansible-galaxy install -r requirements.yml
```
#### Make inventory and other vars
Make inventory like inventory.yml.example in inventory dir
In directory group_vars make all.yml like all.yml.example
#### `Optional` Make some user but not root
:::warning
To run this playbook, the GitHub username must match the username in all.yml
:::
```bash
ansible-playbook prepare-playbook.yml -u root -k
```
First question it is root password
Second question it is password for the created user
#### Run install Remnaware:
```bash
ansible-playbook playbook.yml -K
```
<div style={{ display: 'flex', justifyContent: 'center', gap: '1rem' }}>
<Button label="Github repository" link="https://github.com/iphizic/remna-playbook" variant="secondary" size="md" outline />
</div>
<br />
<div style={{ display: 'flex', justifyContent: 'center' }}>
<img src="/awesome/ansible.webp" alt="Ansible playbook for installation" width="600" />
</div>
---
## Add project to the list
If you want to add project to the list, please open a PR on [GitHub](https://github.com/remnawave/panel/blob/main/docs/awesome-remnawave/index.md).
If you want to add your project to the list, please open a PR on [GitHub](https://github.com/remnawave/panel/blob/main/docs/awesome-remnawave/index.md).
Make sure that is your target branch is `main`.
Make sure that the target branch is `main`.
Also, the following pre-requisites must be met:
Also, the following requirements must be met:
- [x] Project must be open source.
- [x] Project must be related to Remnawave or **useful for Remnawave users**.
Following format must be used:
The following format must be used:
```md
### Project name
@@ -296,6 +351,6 @@ Use the examples above to add your project to the list.
:::info
Please, use [https://squoosh.app/](https://squoosh.app/) to compress the image. Format must be `webp`.
Place the image to folder `static/awesome`.
Add the image to the `static/awesome` directory.
:::

42
docs/features/hwid-device-limit.md
View File

@@ -5,7 +5,7 @@ title: HWID device limit
---
:::info
This feature work only with a few applications, which currently support sending HWID header.
This feature works only with a few client applications (which currently support sending a HWID header when receiving the subscription content).
:::
@@ -16,19 +16,17 @@ This feature work only with a few applications, which currently support sending
## Overview
HWID Device Limit is a feature that allows you to restrict the number of devices that can request a subscription.
HWID Device Limit is a feature that allows you to restrict the number of devices that can use a subscription.
If the `HWID_DEVICE_LIMIT_ENABLED` variable is set to `true`,
Remnawave will use HWID and other headers to limit the number of devices that can request a subscription.
Remnawave will use HWID and other headers to limit the number of devices that can use a subscription.
Remnawave will strictly enforce the limit on the number of devices that can request a subscription.
Remnawave will strictly enforce the limit on the number of devices that can add the subscription.
:::danger
If `HWID_DEVICE_LIMIT_ENABLED` is set to `true`, it will be **impossible** to get a subscription if the client application does not send the HWID.
If `HWID_DEVICE_LIMIT_ENABLED` is set to `true` and you do not disable the HWID limit for a user in the panel, it will be **impossible** for them to get a subscription if their client application does not send a HWID header.
Enable only if you will use only supported applications.
Remnawave will return `404` error if the HWID is not sent.
Remnawave will return a `404` error if no HWID header is sent.
:::
### .env configuration
@@ -37,7 +35,7 @@ Remnawave will return `404` error if the HWID is not sent.
### HWID DEVICE DETECTION AND LIMITATION ###
HWID_DEVICE_LIMIT_ENABLED=true
HWID_FALLBACK_DEVICE_LIMIT=5
HWID_MAX_DEVICES_ANNOUNCE="You have reached the maximum number of devices for your subscription."
HWID_MAX_DEVICES_ANNOUNCE="You have reached the maximum number of allowed devices for your subscription."
### HWID DEVICE DETECTION PROVIDER ID ###
@@ -48,15 +46,15 @@ PROVIDER_ID="123456"
`HWID_DEVICE_LIMIT_ENABLED` - enables device limit restriction.
`HWID_FALLBACK_DEVICE_LIMIT` - device limit that will be used if the user does not have their own limit set.
`HWID_FALLBACK_DEVICE_LIMIT` - the default device limit that will be used if a user does not have their own limit set.
`HWID_MAX_DEVICES_ANNOUNCE` - message that will be displayed to the user if they exceed the device limit. (Header: `announce`)
`HWID_MAX_DEVICES_ANNOUNCE` - the message that will be displayed to the user if they exceed the device limit. (Header: `announce`)
### User limits
There is a option to set custom limit for each user. If is no value set, fallback(`HWID_FALLBACK_DEVICE_LIMIT`) limit will be used.
You have the option to set a custom limit for each user. If no value is specified, the fallback limit (`HWID_FALLBACK_DEVICE_LIMIT`) will be used.
There also an option to disable HWID Device Limit for specific user.
There is also an option to disable HWID Device Limit for each user.
<div style={{ display: 'flex', justifyContent: 'center' }}>
<img src="/features/hwid-device-limit/hwid-user-limits.webp" alt="HWID User Limits" width="800" />
@@ -64,7 +62,7 @@ There also an option to disable HWID Device Limit for specific user.
---
In user card, you can see list of devices, which user used to get the subscription. You can delete any device from the list and simple search for device by HWID is also available.
In the user card, you can see the list of devices that user has added the subscription onto. You have the option to delete devices from the list. Searching for devices by HWID is also available.
<div style={{ display: 'flex', justifyContent: 'center' }}>
<img src="/features/hwid-device-limit/hwid-user-devices-list.webp" alt="HWID Device Limit Settings" width="800" />
@@ -75,15 +73,15 @@ In user card, you can see list of devices, which user used to get the subscripti
```bash
HWID_DEVICE_LIMIT_ENABLED=true
HWID_FALLBACK_DEVICE_LIMIT=1
HWID_MAX_DEVICES_ANNOUNCE="You have reached the maximum number of devices for your subscription."
HWID_MAX_DEVICES_ANNOUNCE="You have reached the maximum number of allowed devices for your subscription."
```
In this case, user will be able to use only one device and only in application, which will send `x-hwid` header.
In this case, the user will be able to use only one device - only in applications that support sending the `x-hwid` header.
### Supported applications
:::info
Not all client applications send HWID header. Here is the list of applications, which currently support this feature.
Not all client applications send a HWID header. Here is the list of applications which currently support this feature.
:::
- [Happ](https://happ.su)
@@ -92,12 +90,12 @@ Not all client applications send HWID header. Here is the list of applications,
## For app developers
:::info
Initial header standart is offered by [Happ](https://happ.su).
A standard for providing headers is offered by [Happ](https://happ.su).
:::
Remnawave is using this headers to identify HWID and device.
Remnawave is using these headers to identify the HWID and the device.
Your applicatoins should send this headers when user is adding the subscription.
To enable support for the HWID feature in your client, the application should send the following headers when the user is adding the subscription.
```bash
x-hwid: vfjdhk66csdjhk
@@ -107,9 +105,9 @@ x-device-model: Iphone 14 Pro Max
user-agent: <user_agent>
```
The only required header is `x-hwid`. Other headers are optional and can be used to identify the device more accurately.
The only required item is `x-hwid`. Other headers are optional and can be used to identify the device more accurately.
If your application use some additonal features, Remnawave will send provider id in the response headers.
If your application has the ability to enable additional features based on where the subscription is coming from, Remnawave can send a provider id in the response headers, which you can use to figure out where the subscription is coming from.
```bash
providerid: 12345

64
docs/installation/env-variables.md
View File

@@ -8,7 +8,7 @@ title: Env variables
### App Port
Port for the main panel inside Docker container.
Port for the main panel inside the Docker container.
```bash
APP_PORT=3000
@@ -16,7 +16,7 @@ APP_PORT=3000
### Metrics port
Port for the metrics inside Docker container.
Port for the metrics inside the Docker container.
```bash
METRICS_PORT=3001
@@ -37,15 +37,15 @@ Number of API instances to run.
Possible values:
- `max` (start instances on all cores)
- `<number>` (start instances on number of cores)
- `-1` (start instances on all cores - 1)
- `max` (start instances on all cores - one instance per core)
- `<number>` (start instances on a specific number of cores - one instance per core)
- `-1` (start instances on all cores - 1 - one instance per core)
Leave default value to start 1 instance. \
Most users will not need to change this value, it can help to achieve better performance with 40k+ users.
Leave it on the default value to start only 1 instance. \
Most users will not need to change this value but it can help achieve better performance with 40k+ users.
:::warning
Do not set this value more that physical cores count in your machine.
Do not set this value to a number greater than the number of CPU cores in your machine.
:::
```bash
@@ -54,7 +54,7 @@ API_INSTANCES=1
### DATABASE_URL
Database URL. Supported only Postgres.
Database URL. Supports only Postgres.
Format: `postgresql://{user}:{password}@{host}:{port}/{database}`
@@ -64,20 +64,20 @@ DATABASE_URL="postgresql://postgres:postgres@remnawave-db:5432/postgres"
### JWT
Be sure to change the secrets.
Make sure to change the secrets.
It is recommended to use a random string generator to create the secrets with a minimum length of 64 characters.
It is recommended to use a random string generator to create secrets with a minimum length of 64 characters.
This values are used to sign/verify the JWT tokens.
These values are used to sign/verify the JWT tokens.
:::danger
Do not use default credentials in production.
Be sure to generate strong secrets!
Do not use the default credentials in production.
Make sure to generate strong secrets!
:::
You can generate secrets with the following command:
You can use the following command to generate secrets:
```bash
openssl rand -hex 64
@@ -90,13 +90,13 @@ JWT_API_TOKENS_SECRET=change_me
### Telegram
This values are used to send notifications to the Telegram bot.
These values are used to set up the Telegram bot.
You can set up the same `chat id` for `TELEGRAM_ADMIN_ID` and `NODES_NOTIFY_CHAT_ID`.
`IS_TELEGRAM_ENABLED` is used for enabling/disabling Telegram notifications. Possible values: `true`, `false`.
`NODES_NOTIFY_CHAT_ID` is used to send notifications of nodes status changes, so it is recommended to set it up to a channel with turned on notifications.
It's possible to set the same `chat id` for `TELEGRAM_ADMIN_ID` and `NODES_NOTIFY_CHAT_ID`.
`IS_TELEGRAM_ENABLED` is used to enable/disable Telegram notifications. Possible values: `true`, `false`.
`NODES_NOTIFY_CHAT_ID` is used to send notifications for changes in the status of the nodes, so it is recommended to set it to the Id of a channel with turned on notifications.
```bash
IS_TELEGRAM_ENABLED=false
@@ -124,11 +124,11 @@ FRONT_END_DOMAIN=*
### SUBSCRIPTION PUBLIC DOMAIN
Default path for subscription URL is `/api/sub/<sub uuid>`.
Default path for the subscription URL is `/api/sub/<sub uuid>`.
This value is used for a easy access to subscription URL in Frontend and API.
This value is used for easy access to the subscription URL in Frontend and API.
Must be a valid domain, without http/https. Do not place `/` to end of domain/path.
Must be a valid domain without http/https. Do not place `/` at the end of domain/path.
```bash
SUB_PUBLIC_DOMAIN=example.com/api/sub
@@ -144,11 +144,11 @@ IS_DOCS_ENABLED=true
If `IS_DOCS_ENABLED` is `true`, you can set up the paths to SwaggerUI and Scalar.
You can freely explore all the API routes and endpoints.
You can use SwaggerUI and Scalar to freely explore all of the API routes and endpoints.
:::tip
Check out `API Keys` page in admin dashboard with enabled `IS_DOCS_ENABLED` for quick route to documentation.
You can use the `API Keys` page in the admin dashboard (when `IS_DOCS_ENABLED` is set to true) for a quick link to the documentation.
:::
@@ -159,17 +159,17 @@ SCALAR_PATH=/scalar
### PROMETHEUS
Metrics are enabled by default, currently you can't disable them.
Metrics are enabled by default and currently you cannot disable them.
You can set up the credentials to access the metrics.
:::danger
Do not use default credentials in production.
Do not use the default credentials in production.
:::
You can generate secrets with the following command:
You can use the following command to generate secrets:
```bash
openssl rand -hex 64
@@ -211,17 +211,17 @@ Possible values: `true`, `false`.
WEBHOOK_ENABLED=false
```
If webhook is enabled, you must set up the URL and secret.
If webhook is enabled, you must set up the URL and the secret.
:::danger
Do not use default credentials in production.
Do not use the default credentials in production.
:::
`WEBHOOK_SECRET_HEADER` is used to sign the webhook payload, must be at least 32 characters. Only a-z, 0-9, A-Z are allowed.
`WEBHOOK_SECRET_HEADER` is used to sign the webhook payload. It must be at least 32 characters long. Only a-z, 0-9, A-Z are allowed.
You can generate secrets with the following command:
You can use the following command to generate secrets:
```bash
openssl rand -base64 64
@@ -234,7 +234,7 @@ WEBHOOK_SECRET_HEADER=vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHk
### Shared environment variables
These variables are not used by Remnawave iteself, but can be used by Postgres database or Cloudflare Tunnel, if you will run them from the same `docker-compose.yml` file.
These variables are not used by Remnawave itself, but can be used by the Postgres database or Cloudflare Tunnel, if you run them from the same `docker-compose.yml` file.
```bash
CLOUDFLARE_TOKEN=ey...

2
docs/installation/node/_category_.yml
View File

@@ -1,5 +1,5 @@
position: 3 # float position is supported
label: 'Node install'
label: 'Node installation'
collapsible: true # make the category collapsible
collapsed: true # keep the category open by default
className: red

26
docs/installation/node/quick-start.md
View File

@@ -6,9 +6,9 @@ title: Quick start
## Installation
Remnanode consists of one part:
Remnanode consists of only one part:
- Node (with XRay Core inside)
- Node (with Xray Core inside)
Minimum requirements for Node:
@@ -25,22 +25,22 @@ You can find the list of all environment variables in the [Environment Variables
## Installation
:::info
This guide is written for Debian 12, instructions may vary for other distributions.
This guide was written for Debian 12, instructions may vary for other distributions.
:::
1. First of all, you need to install docker.
1. To use Remnanode you will need to install docker, if not already.
```bash
sudo curl -fsSL https://get.docker.com | sh
```
2. Create separate directory for the project.
2. Create a directory for the project files.
```bash
mkdir -p /opt/remnanode && cd /opt/remnanode
```
3. Create and configure the environment variables.
3. Create and edit the `.env` file.
```bash
nano .env
@@ -49,8 +49,8 @@ nano .env
4. Add the following content to the .env file:
:::info
SSL_CERT can be found in the main panel under the Nodes tab, after clicking the Create node button.
APP_PORT can be customized, make sure it's not used by other services.
SSL_CERT can be found in the main panel under the Nodes tab, Management page, after clicking the Create new node button.
APP_PORT can be customized, make sure it's not being used by other services.
:::
```bash title=".env"
@@ -61,10 +61,10 @@ SSL_CERT=CERT_FROM_MAIN_PANEL
:::warning
Do not use port 61001 as APP_PORT - it is a service port!
Ensure that APP_PORT is only accessible from your panel IP!
Make sure APP_PORT is only accessible from your panel IP!
:::
5. Create `docker-compose.yml` file, example below.
5. Create a `docker-compose.yml` file, example below:
```yaml title="docker-compose.yml"
services:
@@ -78,7 +78,7 @@ services:
- .env
```
6. Run containers.
6. Run the container.
```bash
docker compose up -d
@@ -92,7 +92,7 @@ docker compose logs -f
8. Remnanode is now running.
Now we are ready to create a Node in the main panel.
Now we are ready to create a new node in the main panel.
## Advanced usage
@@ -101,7 +101,7 @@ Now we are ready to create a Node in the main panel.
You can mount additional geosite files into the `/usr/local/share/xray/` directory in the container.
:::caution
Do not mount the entire folder. Otherwise, you will overwrite the xray geosite files. Mount files individually.
Do not mount the entire folder. Otherwise, you will overwrite the default Xray geosite files. Mount each file individually.
:::
Add the following to the `docker-compose.yml` file:

26
docs/installation/quick-start.md
View File

@@ -33,7 +33,7 @@ You can find the list of all environment variables in the [Environment Variables
:::warning
Be sure to change the default credentials in the environment variables.
Make sure to change the default credentials in the environment variables.
:::
@@ -43,22 +43,22 @@ Be sure to change the default credentials in the environment variables.
:::info
This guide written for Ubuntu 22.04, instructions may vary for other distributions.
This guide was written for Ubuntu 22.04, instructions may vary for other distributions.
:::
1. First of all, you need to install docker.
1. In order to use Remnawave you will need to install docker, if not already.
```bash
sudo curl -fsSL https://get.docker.com | sh
```
2. Create separate directory for the project.
2. Create a directory for the project files.
```bash
mkdir /opt/remnawave && cd /opt/remnawave
```
3. Download and configure the environment variables.
3. Download the environment variables sample file.
```bash
curl -o .env https://raw.githubusercontent.com/remnawave/backend/refs/heads/main/.env.sample
@@ -70,15 +70,15 @@ curl -o .env https://raw.githubusercontent.com/remnawave/backend/refs/heads/main
nano .env
```
5. Create `docker-compose.yml` file, example below.
5. Create a `docker-compose.yml` file for the panel, you can use the example below.
:::danger
Do not expose the services to the public internet, use only `127.0.0.1` for Remnawave services.
Do not expose the services to the public internet; use only `127.0.0.1` for Remnawave services.
You must use Nginx/Caddy/Apache/etc. to expose the services to the public internet.
You should use a reverse proxy like Nginx, Caddy, Apache, etc. to expose the services publicly.
This guide does not cover the configuration of the reverse proxy, but just a bit later we will use Cloudflare Tunnel to expose the services to the public internet.
The documentation provides guides on using these reverse proxies or Cloudflare Tunnel in combination with Remnawave.
:::
@@ -157,7 +157,7 @@ volumes:
name: remnawave-redis-data
```
6. Run containers.
6. Run the containers.
```bash
docker compose up -d
@@ -171,13 +171,13 @@ docker compose logs -f
8. Remnawave is now running on `http://127.0.0.1:3000`.
Now we are ready to move on the Reverse Proxy installation.
Now we are ready to move on to Reverse Proxy installation.
:::danger
Do not expose the services to the public internet, use only `127.0.0.1` for Remnawave services.
Do not expose the services to the public internet; use only `127.0.0.1` for Remnawave services.
You must use Nginx/Caddy/Apache/etc. to expose the services to the public internet.
You should use a reverse proxy like Nginx, Caddy, Apache, etc. to expose the services publicly.
<Button label="Continue to Reverse Proxy installation" link="/installation/rp/nginx" variant="secondary" size="md" outline style={{ marginBottom: '1rem' }} />

46
docs/installation/reverse-proxies/caddy.md
View File

@@ -6,29 +6,27 @@ title: Caddy
## Overview
In this guide we will use Caddy as a reverse proxy for requests to Remnawave.
We will redirect a domain to our server and configure Caddy. Caddy will handle issue of SSL certificates by itself.
In this guide we will be using Caddy as a reverse proxy to access the Remnawave panel.
We will point a domain name to our server and configure Caddy. Caddy will handle issuance of the SSL certificates by itself.
Complete [Quick Start](/installation/quick-start) and [Env Variables](/installation/env) before continuing.
## Configuration
## Prerequisites
Requirements:
- Completed [Quick Start](/installation/quick-start)
- Completed [Env Variables](/installation/env)
- Completing [Quick Start](/installation/quick-start)
- Completing [Env Variables](/installation/env)
- Registered domain name (e.g. `my-super-panel.com`)
:::warning
You should have a registered domain name to continue.
You need to have a registered domain name to continue.
:::
## Point domain to your server
Check out your server IP address, it is better to use a static IPv4 address.
Check your server's IP address. It is better to use a static IPv4 address.
Now, you need to point your domain to your server.
Now, you need to point your domain name to this IP address.
For example, it will be `my-super-panel.com` -> `193.122.122.122`.
@@ -39,48 +37,46 @@ There are two ways to do this:
### DNS provider
If you use Cloudflare, you need to add a record to your DNS.
If you are using Cloudflare, you need to add a A/AAAA record (for IPv4 and IPv6 respectively) to your DNS records.
Log in to your Cloudflare account [here](https://dash.cloudflare.com/login).
Select domain, which you want to point to your server.
Select the desired domain.
On the left side of the page, click on `DNS` and then click on `Records`.
Click on `Create record`.
Select `Type` as `A` and `Name` as `@`.
Set the `Type` to `A` and the `Name` to `@`.
:::info
If you want to use subdomains, you should write subdomain name (e.g. `panel`) in the `Name` field.
If you want to use subdomains, you should enter the subdomain name (e.g. `panel`) in the `Name` field.
:::
In the `IPv4 address` field, you should write your server IP address.
Enter your server's IP address in the `IPv4 address` field.
Click on `Save`.
Now, you need to wait for the DNS to be updated.
Now you need to wait a while for the DNS records to be updated.
:::info
There are a big difference between yellow cloud (domain is proxied with Cloudflare) and grey cloud (domain is not proxied with Cloudflare) in the Cloudflare control panel.
There is a big difference between yellow cloud (domain is proxied by Cloudflare) and grey cloud (domain is not proxied by Cloudflare) in the Cloudflare control panel.
We will return later to this topic in this guide, but for now it really depends on you.
If Cloudflare works fine in your region, it is better to proxy the domain with Cloudflare. (Yellow cloud)
If Cloudflare works fine in your region, it is better to proxy the domain through Cloudflare. (Yellow cloud)
:::
![static](/reverse-proxies/nginx/cloudflare-dns.webp)
Some DNS providers have a different interface, but the process is the same.
Some DNS providers have a different interface, but the overall process is the same.
## Caddy configuration
### Simple configuration
Create a file `Caddyfile` in the `/opt/remnawave/caddy` folder.
Create a file called `Caddyfile` in the `/opt/remnawave/caddy` directory.
```bash
mkdir -p /opt/remnawave/caddy && cd /opt/remnawave/caddy && nano Caddyfile
@@ -92,7 +88,7 @@ Paste the following configuration.
Please, replace `REPLACE_WITH_YOUR_DOMAIN` with your domain name.
Review configuration below, look for red highlighted lines.
Review the configuration below, look for red highlighted lines.
:::
@@ -109,7 +105,7 @@ https://REPLACE_WITH_YOUR_DOMAIN {
### Create docker-compose.yml
Create a file `docker-compose.yml` in the `/opt/remnawave/caddy` folder.
Create a `docker-compose.yml` file in the `/opt/remnawave/caddy` directory.
```bash
cd /opt/remnawave/caddy && nano docker-compose.yml
@@ -153,7 +149,7 @@ docker compose up -d && docker compose logs -f -t
### Open the panel in the browser
Open the configured domain name in the browser and you will see login page.
Open the configured domain name in the browser and you will see the login page.
![login-page](/reverse-proxies/nginx/login-page.webp)

60
docs/installation/reverse-proxies/nginx.md
View File

@@ -6,29 +6,27 @@ title: Nginx
## Overview
In this guide we will use Nginx as a reverse proxy for requests to Remnawave.
We will redirect a domain to our server, issue a SSL certificate and configure Nginx.
Complete [Quick Start](/installation/quick-start) and [Env Variables](/installation/env) before continuing.
In this guide we will be using Nginx as a reverse proxy to access the Remnawave panel.
We will point a domain name to our server, issue a SSL certificate and configure Nginx.
You should complete [Quick Start](/installation/quick-start) and [Env Variables](/installation/env) before continuing.
## Configuration
## Prerequisites
Requirements:
- Completed [Quick Start](/installation/quick-start)
- Completed [Env Variables](/installation/env)
- Completing [Quick Start](/installation/quick-start)
- Completing [Env Variables](/installation/env)
- Registered domain name (e.g. `my-super-panel.com`)
:::warning
You should have a registered domain name to continue.
You need to have a registered domain name to continue.
:::
## Point domain to your server
Check out your server IP address, it is better to use a static IPv4 address.
Check your server's IP address. It is better to use a static IPv4 address.
Now, you need to point your domain to your server.
Now, you need to point your domain name to this IP address.
For example, it will be `my-super-panel.com` -> `193.122.122.122`.
@@ -39,42 +37,40 @@ There are two ways to do this:
### DNS provider
If you use Cloudflare, you need to add a record to your DNS.
If you are using Cloudflare, you need to add a A/AAAA record (for IPv4 and IPv6 respectively) to your DNS records.
Log in to your Cloudflare account [here](https://dash.cloudflare.com/login).
Select domain, which you want to point to your server.
Select the desired domain.
On the left side of the page, click on `DNS` and then click on `Records`.
Click on `Create record`.
Select `Type` as `A` and `Name` as `@`.
Set the `Type` to `A` and the `Name` to `@`.
:::info
If you want to use subdomains, you should write subdomain name (e.g. `panel`) in the `Name` field.
If you want to use subdomains, you should enter the subdomain name (e.g. `panel`) in the `Name` field.
:::
In the `IPv4 address` field, you should write your server IP address.
Enter your server's IP address in the `IPv4 address` field.
Click on `Save`.
Now, you need to wait for the DNS to be updated.
Now you need to wait a while for the DNS records to be updated.
:::info
There are a big difference between yellow cloud (domain is proxied with Cloudflare) and grey cloud (domain is not proxied with Cloudflare) in the Cloudflare control panel.
There is a big difference between yellow cloud (domain is proxied by Cloudflare) and grey cloud (domain is not proxied by Cloudflare) in the Cloudflare control panel.
We will return later to this topic in this guide, but for now it really depends on you.
If Cloudflare works fine in your region, it is better to proxy the domain with Cloudflare. (Yellow cloud)
If Cloudflare works fine in your region, it is better to proxy the domain through Cloudflare. (Yellow cloud)
:::
![static](/reverse-proxies/nginx/cloudflare-dns.webp)
Some DNS providers have a different interface, but the process is the same.
Some DNS providers have a different interface, but the overall process is the same.
## Issue an SSL certificate
@@ -97,7 +93,7 @@ sudo apt-get install cron socat
:::info
You can use any email address to issue the certificate, but it is recommended to use a valid email address.
You can use any email address to issue the certificate, but it is recommended to use a valid one.
:::
@@ -115,7 +111,7 @@ mkdir -p /opt/remnawave/nginx && cd /opt/remnawave/nginx
### Issue a certificate
Replace `DOMAIN` with your domain name, which you want to issue a certificate for.
Replace `DOMAIN` with the domain name you want to issue a certificate for.
:::warning
Do not use domain zones: .ru, .su, .рф. Currently ZeroSSL does not support these zones.
@@ -126,26 +122,26 @@ acme.sh --issue --standalone -d 'DOMAIN' --key-file /opt/remnawave/nginx/privkey
```
:::info
Make sure that you have a **8443** port open on your server, it is used for the certificate issuance.
Make sure that port **8443** is open on your server. It is required for certificate issuance.
:::
![](/reverse-proxies/nginx/issue-cert.webp)
This screenshot shows that the certificate is issued.
This shows that the certificate is issued.
Acme.sh will take care of renewing the certificate automatically every 60 days, just make sure that you have a **8443** port open (and not busy) on your server.
Acme.sh will take care of automatically renewing the certificate every 60 days, just make sure that you have a **8443** port open (and not busy) on your server.
## Nginx configuration
### Simple configuration
Also, we need to generate a dhparam.pem file.
We are going to need a dhparam.pem file.
```bash
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /opt/remnawave/nginx/dhparam.pem
```
Create a file `nginx.conf` in the `/opt/remnawave/nginx` folder.
Create a file called `nginx.conf` in the `/opt/remnawave/nginx` directory.
```bash
cd /opt/remnawave/nginx && nano nginx.conf
@@ -157,7 +153,7 @@ Paste the following configuration.
Please, replace `REPLACE_WITH_YOUR_DOMAIN` with your domain name.
Review configuration below, look for red highlighted lines.
Review the configuration below, look for red highlighted lines.
:::
@@ -260,7 +256,7 @@ server {
### Create docker-compose.yml
Create a file `docker-compose.yml` in the `/opt/remnawave/nginx` folder.
Create a `docker-compose.yml` file in the `/opt/remnawave/nginx` directory.
```bash
cd /opt/remnawave/nginx && nano docker-compose.yml
@@ -300,7 +296,7 @@ docker compose up -d && docker compose logs -f -t
### Open the panel in the browser
Open the configured domain name in the browser and you will see login page.
Open the configured domain name in the browser and you will see the login page.
![login-page](/reverse-proxies/nginx/login-page.webp)

67
docs/installation/reverse-proxies/traefik.md
View File

@@ -6,27 +6,28 @@ title: Traefik
## Overview
In this guide we will use Traefik as a reverse proxy for requests to Remnawave. We will redirect a domain to our server and configure Traefik. Traefik will handle issue of SSL certificates by itself.
In this guide we will be using Traefik as a reverse proxy to access the Remnawave panel. We will point a domain name to our server and configure Traefik. Traefik will handle the issuance of SSL certificates by itself.
Complete [Quick Start](/installation/quick-start) and [Env Variables](/installation/env) before continuing.
## Prerequisites
- Completed [Quick Start](/installation/quick-start)
- Completed [Env Variables](/installation/env)
- Completing [Quick Start](/installation/quick-start)
- Completing [Env Variables](/installation/env)
- Registered domain name (e.g. `my-super-panel.com`)
:::warning
You should have a registered domain name to continue.
You need to have a registered domain name to continue.
:::
## Point domain to your server
Check out your server IP address, it is better to use a static IPv4 address.
Check your server's IP address. It is better to use a static IPv4 address.
Now, you need to point your domain to your server.
Now, you need to point your domain name to this IP address.
For example, it will be my-super-panel.com -> 193.122.122.122.
For example, it will be `my-super-panel.com` -> `193.122.122.122`.
There are two ways to do this:
@@ -35,48 +36,46 @@ There are two ways to do this:
### DNS provider
If you use Cloudflare, you need to add a record to your DNS.
If you are using Cloudflare, you need to add a A/AAAA record (for IPv4 and IPv6 respectively) to your DNS records.
Log in to your Cloudflare account [here](https://dash.cloudflare.com/login).
Select domain, which you want to point to your server.
Select the desired domain.
On the left side of the page, click on `DNS` and then click on `Records`.
Click on `Create record`.
Select `Type` as `A` and `Name` as `@`.
Set the `Type` to `A` and the `Name` to `@`.
:::info
If you want to use subdomains, you should write subdomain name (e.g. `panel`) in the `Name` field.
If you want to use subdomains, you should enter the subdomain name (e.g. `panel`) in the `Name` field.
:::
In the `IPv4 address` field, you should write your server IP address.
Enter your server's IP address in the `IPv4 address` field.
Click on `Save`.
Now, you need to wait for the DNS to be updated.
Now you need to wait a while for the DNS records to be updated.
:::info
There are a big difference between yellow cloud (domain is proxied with Cloudflare) and grey cloud (domain is not proxied with Cloudflare) in the Cloudflare control panel.
There is a big difference between yellow cloud (domain is proxied by Cloudflare) and grey cloud (domain is not proxied by Cloudflare) in the Cloudflare control panel.
We will return later to this topic in this guide, but for now it really depends on you.
If Cloudflare works fine in your region, it is better to proxy the domain with Cloudflare. (Yellow cloud)
If Cloudflare works fine in your region, it is better to proxy the domain through Cloudflare. (Yellow cloud)
:::
![static](/reverse-proxies/nginx/cloudflare-dns.webp)
Some DNS providers have a different interface, but the process is the same.
Some DNS providers have a different interface, but the overall process is the same.
## Traefik configuration
### Create docker-compose.yml
Create a file `docker-compose.yml` in the `/opt/remnawave/traefik` folder.
Create a `docker-compose.yml` file in the `/opt/remnawave/traefik` directory.
```bash
mkdir -p /opt/remnawave/traefik && cd /opt/remnawave/traefik && nano docker-compose.yml
@@ -114,7 +113,7 @@ networks:
### Create static configuration file
Creating a static configuration file `traefik.yml` in the `/opt/remnawave/traefik` folder.
Creating a static configuration file called `traefik.yml` in the `/opt/remnawave/traefik` directory.
```bash
cd /opt/remnawave/traefik && nano traefik.yml
@@ -124,9 +123,9 @@ Paste the following configuration.
:::warning
Please, replace `REPLACE_WITH_YOUR_EMAIL` with your email.
Please replace `REPLACE_WITH_YOUR_EMAIL` with your email.
Review configuration below, look for yellow highlighted lines.
Review the configuration below, look for yellow highlighted lines.
:::
@@ -168,7 +167,7 @@ accessLog:
### Create dynamic configuration file
Create a file `remnawave.yml` in the `/opt/remnawave/traefik/config` folder.
Create a file called `remnawave.yml` in the `/opt/remnawave/traefik/config` directory.
```bash
mkdir -p /opt/remnawave/traefik/config && cd /opt/remnawave/traefik/config && nano remnawave.yml
@@ -178,9 +177,9 @@ Paste the following configuration.
:::warning
Please, replace `REPLACE_WITH_YOUR_DOMAIN` with your domain name.
Please replace `REPLACE_WITH_YOUR_DOMAIN` with your domain name.
Review configuration below, look for yellow highlighted lines.
Review the configuration below, look for yellow highlighted lines.
:::
@@ -226,13 +225,13 @@ docker compose up -d && docker compose logs -f -t
### Open the panel in the browser
Open the configured domain name in the browser and you will see login page.
Open the configured domain name in the browser and you will see the login page.
![login-page](/reverse-proxies/nginx/login-page.webp)
### Restricting access to the panel by IP
If you want to restrict access to the panel by IP, create a middleware named `ip_allow_list.yml`
If you want to restrict access to the panel by IP, you can create a middleware file named `ip_allow_list.yml`
```bash
cd /opt/remnawave/traefik/config && nano ip_allow_list.yml
@@ -242,17 +241,17 @@ Paste the following configuration.
:::warning
Please, replace `REPLACE_WITH_YOUR_IP` with your allowed IPs (or ranges of allowed IPs by using CIDR notation).
Please replace `REPLACE_WITH_YOUR_IP` with your allowed IP address (or ranges of allowed IPs by using CIDR notation).
Review configuration below, look for yellow highlighted lines.
Review the configuration below, look for yellow highlighted lines.
:::
:::info
If your domain is proxied by Cloudflare, then you need to specify the IP ranges belonging to Cloudflare in the `excludedIPs` list.
If your domain name is proxied by Cloudflare, then you need to specify the IP ranges belonging to Cloudflare in the `excludedIPs` list.
Cloudflare regularly updates its IP ranges. To do this, you can use the [official Cloudflare page](https://www.cloudflare.com/ips/) to make sure that you have an up-to-date list.
Cloudflare regularly updates its IP ranges so it's a good practice to use the [official Cloudflare page](https://www.cloudflare.com/ips/) to make sure that you have an up-to-date list.
:::
@@ -283,13 +282,13 @@ http:
- 131.0.72.0/22
```
Then you need to connect the middleware `ip-allow-list` to the configuration file `remnawave.yml`
Then you need to add the middleware `ip-allow-list` to the `remnawave.yml` configuration file.
```bash
nano remnawave.yml
```
Pay attention to the green line, they are the ones you need to add.
Pay attention to the green line which is the one you need to add.
```yaml title="remnawave.yml"
http:
@@ -337,6 +336,7 @@ Open the file `remnawave.yml` again:
```bash
nano /opt/remnawave/traefik/config/remnawave.yml
```
And update the router configuration as follows:
```yaml title="remnawave.yml"
@@ -377,6 +377,7 @@ http:
This configuration makes the /api/sub/ path publicly accessible, while the rest of the panel remains IP-restricted.
## Troubleshooting
<Button label="Ask community" link="https://t.me/+YxzE4bOmEog2Zjhi" variant="secondary" size="md" outline style={{ marginBottom: '1rem' }} />

18
docs/installation/reverse-proxies/try-cloudflare.md
View File

@@ -6,12 +6,12 @@ title: Try Cloudflare
## Overview
In this guide we will use trial version of Cloudflare Tunnel to expose Remnawave to the public internet.
In this guide we will be using the trial version of Cloudflare Tunnel to expose Remnawave to the public internet.
## Prerequisites
- Completed [Quick Start](/installation/quick-start)
- Completed [Env Variables](/installation/env)
- Completing [Quick Start](/installation/quick-start)
- Completing [Env Variables](/installation/env)
:::warning
@@ -31,13 +31,13 @@ Do not use TryCloudflare in production, it is only for development and testing p
## Setup
Firstly lets create a folder for our docker-compose.yml file.
Firstly let's create a directory for our docker-compose.yml file.
```bash
mkdir -p /opt/remnawave/try-cloudflare && cd /opt/remnawave/try-cloudflare
```
Create a file `docker-compose.yml` and paste the following configuration.
Create a file called `docker-compose.yml` and paste the following configuration inside of it.
```bash
nano docker-compose.yml
@@ -67,7 +67,7 @@ networks:
docker compose up -d && docker compose logs -f
```
Check out the logs, and find the following lines:
Check out the logs, and look for the following lines:
```
@@ -77,15 +77,15 @@ INF | https://usually-43434-wow-poor.trycloudflare.com
INF +--------------------------------------------------------------------------------------------+
```
Open the following URL in the browser to access Remnawave.
Open the displayed URL in the browser to access Remnawave.
:::danger
Do not use TryCloudflare in production, it is only for development and testing purposes!
TryCloudflare has a few limitations.
TryCloudflare has limitations.
If you need similar setup for production, please use Cloudflare Tunnel or Nginx/Caddy/etc.
If you need a similar setup for production, please use Cloudflare Tunnel or Nginx/Caddy/etc.
:::

6
docs/migrating/marzban.md
View File

@@ -12,7 +12,7 @@ This guide walks you through migrating your data from a Marzban panel to a Remna
### 1.1. Installing Required Dependencies
Ensure your server has the necessary tools installed by updating the system packages and installing Git and wget.
Make sure your server has the necessary tools installed by updating the system packages and installing Git and wget.
```bash
# Update system packages
@@ -42,7 +42,7 @@ wget https://github.com/remnawave/migrate/releases/download/v1.3.0/remnawave-mig
### 2.2. Extracting the Tool
Unpack the downloaded archive to access the migration binary.
Unpack the downloaded archive to access the binary.
```bash
# Extract the tarball
@@ -57,7 +57,7 @@ After extraction, you should see the `remnawave-migrate` binary in your director
### 3.1. Setting Up Migration Parameters
The migration tool uses command-line flags to configure the migration. Below is an example command with all required parameters. Replace the placeholder values with your actual server details.
The migration tool uses command-line flags for configuration. Below is an example command with all the required parameters. Replace the placeholder values with your actual server details.
```bash
./remnawave-migrate \

2
docs/panel-overview/home.md
View File

@@ -4,4 +4,4 @@ slug: /panel-overview/home
title: Home
---
Work in progress, page will be updated soon.
Work in progress, this page will be updated soon.

40
docs/panel-security/caddy-with-custom-path.md
View File

@@ -14,7 +14,7 @@ First of all, create a directory for Caddy.
mkdir -p ~/opt/remnawave/caddy && cd ~/opt/remnawave/caddy
```
And create a `docker-compose.yml` file.
Then create a `docker-compose.yml` file.
```bash
touch docker-compose.yml && nano docker-compose.yml
@@ -65,22 +65,22 @@ volumes:
## Configuring .env variables
Need to be set as domain for your Remnawave panel. Caddy will automatically create a certificate for this domain.
You need to set a domain name for your Remnawave panel. Caddy will automatically issue a certificate for it.
```bash
REMNAWAVE_PANEL_DOMAIN=panel.domain.com
```
Custom login route.
This path will be used for ONLY login page. There is will be no redirect if you open dashboard without previously authenticated.
Only person who knows this path will be able to access the panel.
This path will be used ONLY for the login page. There will be no redirect if you open the dashboard without being previously authenticated.
Only people who know this path will be able to access the panel.
```bash
REMNAWAVE_CUSTOM_LOGIN_ROUTE=supersecretroute
```
Admin credentials.
Be sure to set strong password.
Make sure to use a strong password.
```bash
AUTHP_ADMIN_USER=admin
@@ -102,7 +102,7 @@ First of all, you need to select one of our predefined setups.
:::info
We recommend to use [full security setup with MFA](#full) for production environments with issuing API-keys.
We recommend using [full security setup with MFA](#full) for production environments where you will be issuing API-keys.
:::
@@ -120,7 +120,7 @@ You will able to login only via this path (REMNAWAVE_CUSTOM_LOGIN_ROUTE).
- [x] Special API-keys can be issued for /api/\* endpoints.
- [x] Full domain protection.
Run command below to download the Caddyfile.
Run the command below to download the Caddyfile.
```bash
curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/refs/heads/main/examples/custom-webpath-with-auth-and-protected-api-route/Caddyfile
@@ -134,15 +134,15 @@ curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/re
:::danger
This setup exposes `/api/*` endpoints to the public internet.
This setup exposes the `/api/*` endpoints to the public internet.
All endpoint will no require authentication, but still using Remnawave security features.
All endpoints will not require authentication, but will still use the Remnawave security features.
We recommend to use [full security setup with MFA](#full) for production environments with issuing API-keys.
We recommend using [full security setup with MFA](#full) for production environments where you will be issuing API-keys.
:::
Run command below to download the Caddyfile.
Run the command below to download the Caddyfile.
```bash
curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/refs/heads/main/examples/custom-webpath-with-auth-with-api-without-auth/Caddyfile
@@ -156,13 +156,13 @@ curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/re
:::danger
This setup exposes `/api/sub/*` endpoints to the public internet.
This setup exposes the `/api/sub/*` endpoints to the public internet.
We recommend to use [full security setup with MFA](#full) for production environments with issuing API-keys and using [@remnawave/subscription-page](/subscription-templating/installation) for public subscription page.
We recommend using [full security setup with MFA](#full) for production environments where you will be issuing API-keys and use [@remnawave/subscription-page](/subscription-templating/installation) for public subscription page.
:::
Run command below to download the Caddyfile.
Run the command below to download the Caddyfile.
```bash
curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/refs/heads/main/examples/custom-webpath-with-auth-with-opened-api-sub/Caddyfile
@@ -170,7 +170,7 @@ curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/re
## Running the container
After you selected one of the setups above, you can start the container with the following command.
After you have selected one of the setups above, you can start the container with the following command.
```bash
docker compose up -d && docker compose logs -f
@@ -180,13 +180,13 @@ docker compose up -d && docker compose logs -f
After the container is running, you can access the panel at `https://panel.domain.com/REMNAWAVE_CUSTOM_LOGIN_ROUTE`.
On the first start, you will be promted to create an MFA.
On the first start, you will be prompted to add a MFA method.
We recommend to use [Google Authenticator](https://www.google.com/search?q=google+authenticator) for this.
We recommend using [Google Authenticator](https://www.google.com/search?q=google+authenticator).
### Disable MFA
If you want to completly disable MFA, you can do this by editing the `Caddyfile`.
If you want to completely disable MFA, you can do this by editing the `Caddyfile`.
Open the `Caddyfile` and change the following line:
@@ -221,9 +221,9 @@ You can access the Auth Portal page at `https://<your-domain>/REMNAWAVE_CUSTOM_L
![Auth Portal page](/security/auth-portal.webp)
Here you can quickly go to Remnawave dashboard or manage some of Auth Portal settings.
Here you can quickly go to the Remnawave dashboard or manage some of Auth Portal settings.
In the MFA section, you can delete or add new MFA devices.
In the MFA section, you can delete or add new MFA methods.
## Issuing API-keys

24
docs/panel-security/caddy-with-minimal-setup.md
View File

@@ -63,14 +63,14 @@ volumes:
## Configuring .env variables
Need to be set as domain for your Remnawave panel. Caddy will automatically create a certificate for this domain.
You need to set a domain name for your Remnawave panel. Caddy will automatically issue a certificate for this domain.
```bash
REMNAWAVE_PANEL_DOMAIN=panel.domain.com
```
Admin credentials.
Be sure to set strong password.
Make sure to use a strong password.
```bash
AUTHP_ADMIN_USER=admin
@@ -98,7 +98,7 @@ First of all, you need to select one of our predefined setups.
- [x] Special API-keys can be issued for /api/\* endpoints.
- [x] Full domain protection.
Run command below to download the Caddyfile.
Run the command below to download the Caddyfile.
```bash
curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/refs/heads/main/examples/minimal-security-setup-with-mfa/Caddyfile
@@ -112,15 +112,15 @@ curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/re
:::danger
This setup exposes `/api/*` endpoints to the public internet.
This setup exposes the `/api/*` endpoints to the public internet.
All endpoint will no require authentication, but still using Remnawave security features.
All endpoints will not require authentication, but will still use the Remnawave security features.
We recommend to use [full security setup with MFA](#full) for production environments with issuing API-keys.
We recommend using [full security setup with MFA](#full) for production environments where you will be issuing API-keys.
:::
Run command below to download the Caddyfile.
Run the command below to download the Caddyfile.
```bash
curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/refs/heads/main/examples/minimal-security-setup-with-mfa-with-api-without-auth/Caddyfile
@@ -134,13 +134,13 @@ curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/re
:::danger
This setup exposes `/api/sub/*` endpoints to the public internet.
This setup exposes the `/api/sub/*` endpoints to the public internet.
We recommend to use [full security setup with MFA](#full) for production environments with issuing API-keys and using [@remnawave/subscription-page](/subscription-templating/installation) for public subscription page.
We recommend using [full security setup with MFA](#full) for production environments where you will be issuing API-keys and using [@remnawave/subscription-page](/subscription-templating/installation) for public subscription page.
:::
Run command below to download the Caddyfile.
Run the command below to download the Caddyfile.
```bash
curl -o Caddyfile https://raw.githubusercontent.com/remnawave/caddy-with-auth/refs/heads/main/examples/minimal-security-setup-with-mfa-with-api-without-auth/Caddyfile
@@ -160,9 +160,9 @@ After the container is running, you can access the panel at `https://panel.domai
After that, you will be redirected to the login page of Caddy Auth.
On the first start, you will be promted to create an MFA.
On the first start, you will be prompted to create a MFA method.
We recommend to use [Google Authenticator](https://www.google.com/search?q=google+authenticator) for this.
We recommend using [Google Authenticator](https://www.google.com/search?q=google+authenticator) for this.
### Disable MFA

4
docs/subscription-templating/client-configuration.md
View File

@@ -93,7 +93,7 @@ export interface IPlatformConfig {
## Usage Guide
This guide explains how to configure client applications for different platforms in Remnawave.
This guide explains how to add client applications for different platforms to the Remnawave subscription page.
### Configuration Structure
@@ -123,7 +123,7 @@ Each platform contains an array of application configurations that follow the `I
| `name` | string | Yes | Display name of the application |
| `isFeatured` | boolean | Yes | Whether the app should be featured in the UI |
| `isNeedBase64Encoding` | boolean | No | Whether the subscription URL needs Base64 encoding |
| `urlScheme` | string | Yes | App URL scheme for launching app with subscription |
| `urlScheme` | string | Yes | URL scheme for launching the app with subscription |
| `installationStep` | object | Yes | Instructions for installing the application |
| `addSubscriptionStep` | object | Yes | Instructions for adding a subscription |
| `connectAndUseStep` | object | Yes | Instructions for connecting to VPN |

70
docs/subscription-templating/subscription-templates.md
View File

@@ -6,9 +6,9 @@ title: Subscription templates [beta]
## Prerequisites
- Completed [Quick Start](/installation/quick-start)
- Completed [Env Variables](/installation/env)
- Completed [Reverse Proxies](/category/reverse-proxies)
- Completing [Quick Start](/installation/quick-start)
- Completing [Env Variables](/installation/env)
- Completing [Reverse Proxies](/category/reverse-proxies)
## Page screenshot
@@ -16,13 +16,13 @@ title: Subscription templates [beta]
## Installation
Firstly, make sure you have completed [Quick Start](/installation/quick-start) and [Env Variables](/installation/env).
Please pay attention to the prerequisites above.
This guide requires you have already configured Remnawave Dashboard and Reverse Proxies.
This guide requires that you have already configured Remnawave Dashboard and Reverse Proxies.
### Change Remnawave Dashboard port
### Change the Subscription Page Environment Variable
Open `~/opt/remnawave/.env` file and change `SUB_PUBLIC_DOMAIN` to your subscription page domain name.
Edit the `~/opt/remnawave/.env` file and change `SUB_PUBLIC_DOMAIN` to your subscription page domain name.
```bash
cd ~/opt/remnawave && nano .env
@@ -32,7 +32,7 @@ cd ~/opt/remnawave && nano .env
SUB_PUBLIC_DOMAIN=subdomain.panel.com
```
### Step 1: Creating docker-compose.yml file
### Step 1: Create a docker-compose.yml file
```bash
mkdir -p /opt/remnawave/subscription && cd /opt/remnawave/subscription && nano docker-compose.yml
@@ -66,7 +66,7 @@ networks:
:::warning
Please, replace `panel.com` with URL which Remnawave Dashboard is available at. Only plain domain name without any path or port is not allowed!
Please replace `panel.com` with the URL at which the Remnawave Dashboard is available. Only plain domain name without any path or port is allowed!
:::
@@ -78,7 +78,7 @@ You can replace it parameter with, for example,
```
to get an additional nested path for the subscription page.
But in that case, in `.env` for the `remnawave` container, you will need to set the corresponding parameter correctly: `SUB_PUBLIC_DOMAIN=link.domain.com/sub`.
But in that case, in the `.env` file for the `remnawave` container, you will need to set the corresponding parameter correctly: `SUB_PUBLIC_DOMAIN=link.domain.com/sub`.
And you will need to specify similar changes to the valid path in your configurations for nginx or caddy.
:::
@@ -89,17 +89,17 @@ And you will need to specify similar changes to the valid path in your configura
docker compose up -d && docker compose logs -f
```
## Configuration of reverse proxy
## Reverse Proxy Configuration
:::warning
You need create a subdomain or use another domain name for the subscription page.
You need to create a subdomain or use a separate domain name for the subscription page.
:::
### Nginx
If you have already configured Nginx, you need to add a new location block to your configuration file.
If you have already configured Nginx, all you need to do is add a new location block to your configuration file.
Issue a certificate for the subscription page domain name:
@@ -115,17 +115,17 @@ cd /opt/remnawave/nginx && nano nginx.conf
:::warning
Please, replace `SUBSCRIPTION_PAGE_DOMAIN` with your subscription page domain name.
Please replace `SUBSCRIPTION_PAGE_DOMAIN` with your subscription page domain name.
:::
:::danger
Do not fully replace the existing configuration, only add a new location block to your configuration file.
Do not fully replace the existing configuration, only add a new location block to your existing configuration file.
:::
Firstly, add a new upstream block to the top of configuration file.
Add a new upstream block to the top of the configuration file.
Pay attention to the green lines, they are the ones you need to add.
@@ -142,7 +142,7 @@ upstream remnawave-subscription-page {
}
```
And now add new server block to the bottom of configuration file.
Now add a new server block to the bottom of the configuration file.
```nginx title="nginx.conf"
server {
@@ -222,7 +222,7 @@ server {
}
```
Now lets modify docker-compose.yml file to add new certificate path.
Now lets modify the docker-compose.yml for Nginx to mount the new certificate files.
```bash
cd /opt/remnawave/nginx && nano docker-compose.yml
@@ -256,7 +256,7 @@ networks:
external: true
```
Now, you need to restart Nginx container.
Now you need to restart Nginx container.
```bash
docker compose down && docker compose up -d && docker compose logs -f
@@ -264,9 +264,9 @@ docker compose down && docker compose up -d && docker compose logs -f
### Caddy
If you have already configured Caddy, you need to add a new site block to Caddyfile.
If you have already configured Caddy all you need to do is add a new site block to the Caddyfile.
Open Caddyfile:
Edit the Caddyfile:
```bash
cd /opt/remnawave/caddy && nano Caddyfile
@@ -274,19 +274,19 @@ cd /opt/remnawave/caddy && nano Caddyfile
:::warning
Please, replace `SUBSCRIPTION_PAGE_DOMAIN` with your domain name.
Please replace `SUBSCRIPTION_PAGE_DOMAIN` with your domain name.
Review configuration below, look for green highlighted lines.
Review the configuration below, look for green highlighted lines.
:::
:::danger
Do not fully replace the existing configuration, only add a new site block to Caddyfile.
Do not fully replace the existing configuration, only add a new site block to the existing Caddyfile.
:::
Firstly, add a new site block to the end of configuration file.
Add a new site block to the end of configuration file.
Pay attention to the green lines, they are the ones you need to add.
@@ -307,7 +307,7 @@ https://SUBSCRIPTION_PAGE_DOMAIN {
}
```
Now, you need to restart Caddy container.
Now you need to restart Caddy container.
```bash
docker compose down && docker compose up -d && docker compose logs -f
@@ -329,10 +329,10 @@ cd /opt/remnawave/subscription && nano docker-compose.yml
:::warning
Please use the docker container name and port `remnawave:3000` instead of the URL `panel.com` which Remnawave Dashboard is available at.
And also add the `REQUEST_REMNAWAVE_SCHEME` variable so that the subscription page can send requests to the panel API inside the docker network via the `http` protocol.
Please use the docker container name and port (`remnawave:3000`) instead of the panel URL (`panel.com`).
You also need to add the `REQUEST_REMNAWAVE_SCHEME` variable so that the subscription page can send requests to the panel API inside the docker network via the `http` protocol.
Review configuration below, look for yelow highlighted line and make the changes into it. Then copy the entire line highlighted in green and add it to the `docker-compose` file.
Review the configuration below, look for yellow highlighted line and make the necessary changes. Then copy the entire line highlighted in green and add it to the `docker-compose` file.
:::
```yaml title="docker-compose.yml"
@@ -342,7 +342,7 @@ environment: // highlight-next-line-yellow
- REQUEST_REMNAWAVE_SCHEME=http
```
Now, you need to restart Subscription Page container.
Now, you need to restart the Subscription Page container.
```bash
docker compose down && docker compose up -d && docker compose logs -f
@@ -350,7 +350,7 @@ docker compose down && docker compose up -d && docker compose logs -f
### Traefik
If you have already configured Traefik, you need create a new dynamic configuration file `remnawave-sub-page.yml` in the `/opt/remnawave/traefik/config` folder.
If you have already configured Traefik, you need to create a new dynamic configuration file called `remnawave-sub-page.yml` in the `/opt/remnawave/traefik/config` directory.
```bash
cd /opt/remnawave/traefik/config && nano remnawave-sub-page.yml
@@ -360,9 +360,9 @@ Paste the following configuration.
:::warning
Please, replace `SUBSCRIPTION_PAGE_DOMAIN` with your subscription page domain name.
Please replace `SUBSCRIPTION_PAGE_DOMAIN` with your subscription page domain name.
Review configuration below, look for yellow highlighted lines.
Review the configuration below, look for yellow highlighted lines.
:::
@@ -402,6 +402,6 @@ http:
## Usage
Now, you can use subscription templates.
Now you can use subscription templates.
Subscription page will be available at `https://subdomain.panel.com/<shortUuid>`.
The subscription page will be available at `https://subdomain.panel.com/<shortUuid>`.

BIN
static/awesome/ansible.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 KiB