My Wireguard install wasn't detected - make it easy to restart my Vector instance
Opened this issue · 4 comments
bmcgonag commented
sometimes a restart of the Vector instance is needed, but not a full reinstall of the system...so it would be nice to have an admin function (button) to restart the instance.
Restart should
- Kill node
pkill -f node - delete logs
- forever log
rm ~/.forever/forever.log - output log
rm ~/Vector-Production/bundle/output.log - error log
rm ~/Vector-Production/bundle/error.log
- forever log
- re-run the forever command to restart node
cd ~/vector-Production/bundleforever start -l forever.log -o output.log -e error.log main.js
bodzio4749 commented
Brian, my love. your recovery instructions do not work.
- cd ~/vector-Production/bundle should read "cd ~/Vector-Production/bundle" (upper case "V'
- The last step "run forever start" didn't work for me, but got fixed after reboot. 😏 HOWEVER, the reboot the forever was found, BUT 🤣 the error.log went wild with all kinds of errors bitching about missing ROOT_URL in the server environment. Well, I did export this, but (you guessed it) if forgot to export MANGO and the remaining values. 3rd time was a charm.
And finally, the automatic server interface was discovered 😍! - So, after that the website recovered nicely, and the wiregard wg0 was "discovered". Ir was it? The information from my wg0.config was ignored, and you replaced them with own defaults. This may be not a big deal, but I could not change it. Your program somehow caches your defaults and copies them to the /etc/wireguard directory with MULTIPLE default entries for your default values (ok, the private keys are different, but mine from the /etc/wireguard are ignored .
My question is = where and how do you recreate wg0 interface? Are you using wg status to discover the values? Maybe (if I may suggest) you should require standard names for the server, same as ssh-keygen does? Anyway, I am going to give up on this now, as it is almost 1:00am. Bad time - Finally, wireguard support for windows clients SUCKS. it requires the user to be part of the administrative group {!} They must be NUTS or incompetent. They obviously don't care about security at all. I wonder how many of them run as root on their iMacs?
This may kill wireguard for me. I know, I can still use it on raspberry PIs, but why should I?
Thanks for your work and videos. I do enjoy them.
Bogdan
PS. I am running this on Ubuntu 20.04 using DigitalOcean. I wasted free coupon that will expire by the end of the month. Oh well. Will create couple of other droples because I can. Three more weeks 🤣
bmcgonag commented
Thanks @bodzio4749 for the pointing out that I made a spelling error. I won't do it in the code, and if I do my testing will fail. Feel free to make code changes and update with a pull request as well.
For #2, yes, I need to include the environment variables.
For #3, yes, I only creae a new interface, I don't read in an existing one today. I can add that as an enhancement request though, if you'd like.
For #4, yes, I'm not real pleased with having to run this as root as it's a pain, and not super secure, but thus far haven't found another way. I need to see if there's a wireguard group created that can run it without sudo / root privileges - kind of like adding your user to the docker group.
bodzio4749 commented
Thanks for the reply. I hope you look at my comments only an attempt to be constructive. From time to time I "get pregnant with a thought", and have a hard time to resit to not share it with others.
Anyways, How about having a json configuration file that could be imported to your app? For some reason I couldn't make the manual configuration to work. Wireguard speed and simplicity is on one hand a blessing, but on other a impediment.
What forced me to start playing with the Vector, is an urge to use my $100 bucks of credit on DigitalOcean and my "cheapness". It was also a great experience on working with NGINX an certbot script (which has a major bug related to an old authentication method removed by LetsEncrypt folks due to the security problems, and the script had to be changed).
One thing that I still have no idea how Nginx fines your application. I looked at the configuration file, and still can't figure it out. One suggestion for the future installation script improvement is to write physical configuration file in the "available" subfolder, and create a static link in the "enabled" one. I didn't come out with the idea. This is how the "default" file was set by the installation script. As a Windows user, I must admit, it is a very slick way to deal with configurations.
Thanks again for this email, will be testing your apps as soon as you release new version.
Bogdan
On Friday, May 8, 2020, 4:19:38 AM PDT, Brian McGonagill <notifications@github.com> wrote:
Thanks @bodzio4749 for the pointing out that I made a spelling error. I won't do it in the code, and if I do my testing will fail. Feel free to make code changes and update with a pull request as well.
For #2, yes, I need to include the environment variables.
For #3, yes, I only creae a new interface, I don't read in an existing one today. I can add that as an enhancement request though, if you'd like.
For #4, yes, I'm not real pleased with having to run this as root as it's a pain, and not super secure, but thus far haven't found another way. I need to see if there's a wireguard group created that can run it without sudo / root privileges - kind of like adding your user to the docker group.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
bodzio4749 commented
I apologize for replying through my email client instead of coming here in this app. Obviously this created long "quote". Newbie, but will do better in the future.
In a meantime, I reran the installation script and tested the Server configuration again.
- The manual configuration took, and the program created wg0 with correct custom settings. However,
- The Server status still shows the default values of 10.100.100.1 for the network and completely different public key. It seems that this should be a quick and easy fix ☺
- I have a issue with email, but will create a new ticket (if I can)