D3V-Server/README.md

# D3V-NPMWG — xGat3 + WireGuard VPN

A powerful, all-in-one Docker container that combines **xGat3** (reverse proxy with SSL) and **WireGuard VPN** management in a single web interface.

## Features

### xGat3
- Reverse proxy management with SSL (Let's Encrypt)
- Proxy hosts, redirection hosts, streams, and 404 hosts
- Access control lists and audit logging

### WireGuard VPN Manager
- Create, enable, disable, and delete VPN clients
- QR code generation for mobile clients
- Download `.conf` configuration files
- Real-time client status (connected, idle, data transfer)
- Client expiration support
- Auto-sync WireGuard configs
- Client isolation (block inter-client traffic)
- Encrypted per-client file storage

### Forgejo Integration (optional)
- Self-hosted Git server on the same VPS
- Accessible only via domain through NPM proxy
- CI/CD via Forgejo Runner for automated Docker builds

---

## Quick Start

```bash
curl -sSL https://src.d3v.ac/xtcnet/D3V-Server/raw/branch/master/install.sh -o install.sh
chmod +x install.sh
sudo ./install.sh
```

**Menu options:**
- `1` Install D3V-NPMWG
- `2` Uninstall D3V-NPMWG
- `3` Uninstall D3V-NPMWG + Docker (Purge)
- `4` Reset Admin Password
- `5` Update D3V-NPMWG
- `6` Manage Custom Stream Ports
- `7` Toggle Admin Port 81 (Block/Unblock)
- `8` Forgejo → Install / Uninstall / Update / Install Runner / Uninstall Runner

You can also run commands directly:
```bash
sudo ./install.sh {install|uninstall|purge|reset|update|manage-ports|toggle-port|forgejo}
```

---

## Manual Docker Compose

```yaml
services:
  d3v-npmwg:
    image: src.d3v.ac/xtcnet/d3v-server:latest
    container_name: d3v-npmwg
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      - "80:80"
      - "81:81"
      - "443:443"
      - "51820-51830:51820-51830/udp"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
      - ./wireguard:/etc/wireguard
    environment:
      WG_HOST: "your.server.ip"   # REQUIRED
```

---

## Environment Variables

| Variable | Default | Description |
|----------|---------|-------------|
| `WG_HOST` | *(required)* | Public IP or domain of your server |
| `WG_ENABLED` | `true` | Enable/disable WireGuard |
| `WG_PORT` | `51820` | WireGuard UDP listen port |
| `WG_DEFAULT_ADDRESS` | `10.8.0.0/24` | VPN subnet CIDR |
| `WG_DNS` | `1.1.1.1, 8.8.8.8` | DNS servers for VPN clients |
| `WG_MTU` | `1420` | MTU value |
| `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | Default allowed IPs for clients |
| `WG_PERSISTENT_KEEPALIVE` | `25` | Keepalive interval in seconds |

## Ports

| Port | Protocol | Description |
|------|----------|-------------|
| `80` | TCP | HTTP |
| `81` | TCP | Admin Web UI |
| `443` | TCP | HTTPS |
| `51820–51830` | UDP | WireGuard Multi-Server |

---

## Building from Source

```bash
git clone https://src.d3v.ac/xtcnet/D3V-Server.git
cd D3V-Server

cd frontend && yarn install && yarn locale-compile && yarn build && cd ..
docker build -t d3v-npmwg -f docker/Dockerfile .
```

### CI/CD

Pushes to `master` that touch `backend/`, `frontend/`, or `docker/` automatically build and push the Docker image to `src.d3v.ac/xtcnet/d3v-server:latest` via Forgejo Actions.

---

## Requirements

- Docker with Linux containers
- Host kernel with WireGuard support (Linux 5.6+)
- `NET_ADMIN` and `SYS_MODULE` capabilities
- `net.ipv4.ip_forward=1`

## Credits

- [xGat3](https://github.com/NginxProxyManager/nginx-proxy-manager) — Original proxy manager
- [wg-easy](https://github.com/wg-easy/wg-easy) — WireGuard management inspiration

## License

MIT License