Closed corasaniti closed 1 week ago
Did you pay attention to the all-caps error text?
DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
@eandersons I apologize I had not read the blog and the updated doc. I Closed this issue Thanks
Hi and sorry for posting on a closed bug, but my docker knowledge is very limited. I'm facing the error about the "USE PASSWORD_HAS INSTEAD" as mentioned here. I'm running the docker on my Synology NAS. I've now executed the suggested command "docker run -it ghcr.io/wg-easy/wg-easy wgpw" and I just got the prompt back (of course, after entering sudo's password). Nothing seemed to happen, but looking at the docker list in my NAS GUI, I've noticed 2 additional ones had been created:
Can anybody help me understand what's happening here and how to get my original wg-easy (the third one from the top) to work again?
Thanks in advance!
@FlavioB79 Probably those created are execution attempts that are not able to start. You can delete them To help you I ask you to post your docker run command Thanks
Ciao Piero - thanks for offering your help. I've deleted the two execution attempts created. Now, as it is running on my Synology NAS: where do I find the "docker run" command which is used to start wg-easy? I've found this for now:
@FlavioB79 I recommend you to install Portainer. It helps you a lot to manage your containers with the synology https://www.portainer.io/blog/how-to-install-portainer-on-a-synology-nas
OK, you think the "3 nodes free" version is good enough? In the meantime: is there any way to find the "docker run" command used for running wg-easy on my Synology NAS? Where should I look for it?
OK - I installed portainer. Now how do I get the "docker run" command you were requesting?
OK, you think the "3 nodes free" version is good enough? In the meantime: is there any way to find the "docker run" command used for running wg-easy on my Synology NAS? Where should I look for it?
I'm also currently using Portainer on Synology NAS and it enhanced the workflow with docker a lot. In a home environment, you don't need the business edition but you can obtain a free licence here.
OK - I installed portainer. Now how do I get the "docker run" command you were requesting?
You can connect to your NAS with SSH to execute the command, but the Portainer web interface would be better. Create a new container and fill out the form with the original command information: https://github.com/wg-easy/wg-easy?tab=readme-ov-file#2-run-wireguard-easy
[!TIP] I would recommend using docker-compose. You can access this in Portainer as "Stacks": https://github.com/wg-easy/wg-easy/blob/master/docker-compose.yml
[!IMPORTANT] You cannot use the Container Manager App in DSM for containers and projects/stacks created in Portainer anymore, only use Portainer!**
Hi @tomo2403 - so you are suggesting to just forget about the actual Wireguard docker setup I got and begin from scratch? That's not really what I wanted to hear... I mean: I've upgraded lately and since the upgrade, the bug is hitting. I tried following the guide here but it didn't help. So I'm looking to get the already installed version back running - is this impossible to achieve?
Synology NAS and Docker are not the best combo, to be honest. I know this is a lot of work, but Container Manager in DSM is not the best. Portainer offers more functionality and is also easy to use.
The guide you linked should solve the problem if followed correctly. Please share the YAML-Configuration of your wireguard-easy
project in Container Manager.
Please find it here: version: "3.8" volumes: etc_wireguard:
services: wg-easy: environment:
# (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi)
- LANG=en
# ⚠️ Required:
# Change this to your host's public address
- WG_HOST=MYHOSTNAMEFQDN
# Optional:
- PASSWORD=MYPASSWORDOBVIOUSLY
# - PORT=51821
# - WG_PORT=51820
# - WG_DEFAULT_ADDRESS=10.8.0.x
# - WG_DEFAULT_DNS=1.1.1.1
# - WG_MTU=1420
- WG_ALLOWED_IPS=10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
# - WG_PERSISTENT_KEEPALIVE=25
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
# - UI_TRAFFIC_STATS=true
# - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
image: ghcr.io/wg-easy/wg-easy
container_name: wg-easy
volumes:
- etc_wireguard:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
Is the env PASSWORD
your password like Admin#1234
or the hash of your password like $2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW
?
It is my password like Admin#1234
Connect to your NAS via SSH and follow the guide you visited earlier. Replace the line of env PASSWORD
with the output of the command (e.g. - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG
).
Before starting your project again, check for $
in your hash value and read the "Important" at the bottom of the guide. It will tell you how to deal with it.
OK, we're getting closer. Now I commented the "PASSWORD" variable from the YAML file and added the "PASSWORD_HASH" one:
# Optional:
- PASSWORD_HASH=$$2a$$1276$$8Vr8jRZX0NfuuedCMkwer.139876QtMd4jCeF5aOiUiLXHvONGa
# - PASSWORD=MYPASSWORDOBVIOUSLY
# - PORT=51821
# - WG_PORT=51820
I had to add some $ here and there (I got 3 occurrences of it in the generated HASH value). I got into the Container Manager and started it, but I received the same error again. Do I need to run some CLI command before, to tell wg-easy that the configuration has changed?
Open the General-Tab of your container. Check if PASSWORD_HASH
is and PASSWORD
is not listed in Environment variables.
In the "General" tab I still see only "PASSWORD" - no "PASSWORD_HASH" there.
Stop the container and delete it (not the project). Then build the project again.
I was able to replace "PASSWORD" with "PASSWORD_HASH" in the GUI -->
Then I started it and it is running.
Now I do have following issues:
Here the most actual logs:
Your container is running again and there are no errors. The connection problem is most likely related to your client or network. Access the web interface from your local network and check if your config is still there or try to reconnect to your VPN.
Can you confirm that I should connect via HTTP (no HTTPS) to the IP address of my NAS (172.17.17.218) on port 51821? Because that's what I was trying to do from within the same subnet. Also, now I stopped and restarted it and it won't run again anymore -->
When connecting to this service you have to use HTTP since no reverse proxy is installed. When your container is part of a project in Container Manager, try to only modify it through the YAML-Config and not in the container settings.
Delete the container again. In your project check if your YAML config contains PASSWORD_HASH
and PASSWORD
is removed. Then build the project again. Port 51821
should only be reachable in your home network. Also, check if port 51820
is still forwarded by your router to be able to connect to your VPN from outside your home network.
[!TIP] You are currently experiencing the trouble I mentioned earlier. Please consider switching to Portainer. You can follow this step-by-step tutorial. Skip the ad-blocker part.
I think deleting the container and rebuilding it out of the project did the trick. I had to remove some tabs in the YAML file, then it was built and now it is running. Thank you very much for your support!
You're welcome. Don't forget to close your initial issue #1366.
Describe the bug
this is log error with this latest images
ghcr.io/wg-easy/wg-easy latest 417baa6ac0b3 12 hours ago 158MB
Node.js v20.17.0 /app/lib/Server.js:311 throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md'); ^ Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD. See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md at new Server (/app/lib/Server.js:311:13) at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
/app/lib/Server.js:311
throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
^
Error: DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.
See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
at new Server (/app/lib/Server.js:311:13)
at Object. (/app/services/Server.js:5:18)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1548:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Module.require (node:internal/modules/cjs/loader:1311:19)
at require (node:internal/modules/helpers:179:18)
at Object. (/app/server.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1469:14)
Node.js v20.17.0
Expected behavior
See log
Relevant log output