Closed corasaniti closed 1 week ago
eandersons
commented
1 week ago Did you pay attention to the all-caps error text?
DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
corasaniti
commented
1 week ago @eandersons I apologize I had not read the blog and the updated doc. I Closed this issue Thanks
FlavioB79
commented
1 week ago Hi and sorry for posting on a closed bug, but my docker knowledge is very limited. I'm facing the error about the "USE PASSWORD_HAS INSTEAD" as mentioned here. I'm running the docker on my Synology NAS. I've now executed the suggested command "docker run -it ghcr.io/wg-easy/wg-easy wgpw" and I just got the prompt back (of course, after entering sudo's password). Nothing seemed to happen, but looking at the docker list in my NAS GUI, I've noticed 2 additional ones had been created:
Can anybody help me understand what's happening here and how to get my original wg-easy (the third one from the top) to work again?
Thanks in advance!
corasaniti
commented
1 week ago @FlavioB79 Probably those created are execution attempts that are not able to start. You can delete them To help you I ask you to post your docker run command Thanks
FlavioB79
commented
1 week ago Ciao Piero - thanks for offering your help. I've deleted the two execution attempts created. Now, as it is running on my Synology NAS: where do I find the "docker run" command which is used to start wg-easy? I've found this for now:
corasaniti
commented
1 week ago @FlavioB79 I recommend you to install Portainer. It helps you a lot to manage your containers with the synology https://www.portainer.io/blog/how-to-install-portainer-on-a-synology-nas
FlavioB79
commented
1 week ago OK, you think the "3 nodes free" version is good enough? In the meantime: is there any way to find the "docker run" command used for running wg-easy on my Synology NAS? Where should I look for it?
FlavioB79
commented
1 week ago OK - I installed portainer. Now how do I get the "docker run" command you were requesting?
tomo2403
commented
1 week ago OK, you think the "3 nodes free" version is good enough? In the meantime: is there any way to find the "docker run" command used for running wg-easy on my Synology NAS? Where should I look for it?
I'm also currently using Portainer on Synology NAS and it enhanced the workflow with docker a lot. In a home environment, you don't need the business edition but you can obtain a free licence here.
OK - I installed portainer. Now how do I get the "docker run" command you were requesting?
You can connect to your NAS with SSH to execute the command, but the Portainer web interface would be better. Create a new container and fill out the form with the original command information: https://github.com/wg-easy/wg-easy?tab=readme-ov-file#2-run-wireguard-easy
[!TIP] I would recommend using docker-compose. You can access this in Portainer as "Stacks": https://github.com/wg-easy/wg-easy/blob/master/docker-compose.yml
[!IMPORTANT] You cannot use the Container Manager App in DSM for containers and projects/stacks created in Portainer anymore, only use Portainer!**
FlavioB79
commented
1 week ago Hi @tomo2403 - so you are suggesting to just forget about the actual Wireguard docker setup I got and begin from scratch? That's not really what I wanted to hear... I mean: I've upgraded lately and since the upgrade, the bug is hitting. I tried following the guide here but it didn't help. So I'm looking to get the already installed version back running - is this impossible to achieve?
tomo2403
commented
1 week ago Synology NAS and Docker are not the best combo, to be honest. I know this is a lot of work, but Container Manager in DSM is not the best. Portainer offers more functionality and is also easy to use.
The guide you linked should solve the problem if followed correctly. Please share the YAML-Configuration of your wireguard-easy project in Container Manager.
FlavioB79
commented
1 week ago Please find it here: version: "3.8" volumes: etc_wireguard:
services: wg-easy: environment:
# (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi)
- LANG=en
# ⚠️ Required:
# Change this to your host's public address
- WG_HOST=MYHOSTNAMEFQDN
# Optional:
- PASSWORD=MYPASSWORDOBVIOUSLY
# - PORT=51821
# - WG_PORT=51820
# - WG_DEFAULT_ADDRESS=10.8.0.x
# - WG_DEFAULT_DNS=1.1.1.1
# - WG_MTU=1420
- WG_ALLOWED_IPS=10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
# - WG_PERSISTENT_KEEPALIVE=25
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
# - UI_TRAFFIC_STATS=true
# - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
image: ghcr.io/wg-easy/wg-easy
container_name: wg-easy
volumes:
- etc_wireguard:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1Is the env PASSWORD your password like Admin#1234 or the hash of your password like $2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW?
FlavioB79
commented
1 week ago It is my password like Admin#1234
tomo2403
commented
1 week ago Connect to your NAS via SSH and follow the guide you visited earlier. Replace the line of env PASSWORD with the output of the command (e.g. - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG).
Before starting your project again, check for $ in your hash value and read the "Important" at the bottom of the guide. It will tell you how to deal with it.
FlavioB79
commented
1 week ago OK, we're getting closer. Now I commented the "PASSWORD" variable from the YAML file and added the "PASSWORD_HASH" one:
# Optional:
- PASSWORD_HASH=$$2a$$1276$$8Vr8jRZX0NfuuedCMkwer.139876QtMd4jCeF5aOiUiLXHvONGa
# - PASSWORD=MYPASSWORDOBVIOUSLY
# - PORT=51821
# - WG_PORT=51820I had to add some $ here and there (I got 3 occurrences of it in the generated HASH value). I got into the Container Manager and started it, but I received the same error again. Do I need to run some CLI command before, to tell wg-easy that the configuration has changed?
tomo2403
commented
1 week ago Open the General-Tab of your container. Check if PASSWORD_HASH is and PASSWORD is not listed in Environment variables.
FlavioB79
commented
1 week ago In the "General" tab I still see only "PASSWORD" - no "PASSWORD_HASH" there.
tomo2403
commented
1 week ago Stop the container and delete it (not the project). Then build the project again.
FlavioB79
commented
1 week ago I was able to replace "PASSWORD" with "PASSWORD_HASH" in the GUI -->
Then I started it and it is running.
Now I do have following issues:
FlavioB79
commented
1 week ago Here the most actual logs:
tomo2403
commented
1 week ago Your container is running again and there are no errors. The connection problem is most likely related to your client or network. Access the web interface from your local network and check if your config is still there or try to reconnect to your VPN.
FlavioB79
commented
1 week ago Can you confirm that I should connect via HTTP (no HTTPS) to the IP address of my NAS (172.17.17.218) on port 51821? Because that's what I was trying to do from within the same subnet. Also, now I stopped and restarted it and it won't run again anymore -->
tomo2403
commented
1 week ago When connecting to this service you have to use HTTP since no reverse proxy is installed. When your container is part of a project in Container Manager, try to only modify it through the YAML-Config and not in the container settings.
Delete the container again. In your project check if your YAML config contains PASSWORD_HASH and PASSWORD is removed. Then build the project again. Port 51821 should only be reachable in your home network. Also, check if port 51820 is still forwarded by your router to be able to connect to your VPN from outside your home network.
[!TIP] You are currently experiencing the trouble I mentioned earlier. Please consider switching to Portainer. You can follow this step-by-step tutorial. Skip the ad-blocker part.
FlavioB79
commented
1 week ago I think deleting the container and rebuilding it out of the project did the trick. I had to remove some tabs in the YAML file, then it was built and now it is running. Thank you very much for your support!
tomo2403
commented
1 week ago You're welcome. Don't forget to close your initial issue #1366.
Describe the bug
this is log error with this latest images
ghcr.io/wg-easy/wg-easy latest 417baa6ac0b3 12 hours ago 158MBNode.js v20.17.0 /app/lib/Server.js:311 throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md'); ^ Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD. See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md at new Server (/app/lib/Server.js:311:13) at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
Expected behavior
See log
Relevant log output