Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result
Compare
Name Last commit Last update
api
vendor
.gitignore
.htaccess
README.md
composer.json
composer.lock
composer.phar
emailtest.php
index.php
syncnetwork.php
test.php
verify.php
README.md

Server setup for wireguard && rest api

Prerequisites

  • Apache 2
  • PHP 8.3
  • MySQL Server 8

Step 1: Log in as Root

Run the following command to switch to the root user:

sudo su

Step 2: Update Package Information

Update the available package information:

sudo apt update

Step 3: Install Apache 2 and MySQL Server

Install the Apache 2 web server:

sudo apt install apache2 gedit

Install MySQL Server:

sudo apt install mysql-server

Step 4: Configure MySQL

After the MySQL database server is installed, log in to the MySQL shell:

mysql -uroot

Create a new user with the following commands:

CREATE USER 'vpnuser'@'%' IDENTIFIED BY 'vpnuser@321?';
GRANT ALL PRIVILEGES ON *.* TO 'vpnuser'@'%' WITH GRANT OPTION;

Optional: Restrict Privileges

If you are concerned about user privileges, you can limit them as follows:

GRANT SELECT, INSERT, UPDATE, DELETE ON my_database.* TO 'vpnuser'@'%';

Apply the changes:

FLUSH PRIVILEGES;

Verify the user:

SELECT User, Host FROM mysql.user WHERE User = 'vpnuser';

Exit the MySQL shell:

exit

Step 5: Install PHP 8.3 and Necessary Libraries

Add the PHP repository:

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

Install PHP 8.3 and required libraries:

sudo apt install php8.3 libapache2-mod-php8.3 php8.3-curl php8.3-intl php8.3-zip php8.3-soap php8.3-xml php8.3-gd php8.3-mbstring php8.3-bcmath php8.3-common php8.3-xml php8.3-mysqli

Step 6: Enable Apache Mods and Restart

Enable the necessary Apache modules and restart the web server:

sudo a2enmod php8.3
sudo a2enmod rewrite
sudo service apache2 restart

You have successfully set up a LAMP stack with Apache 2, PHP 8.3, and MySQL Server 8. Enjoy building your applications!

Setting Up WireGuard as a VPN Server

WireGuard is a modern, fast, and secure VPN protocol that is simple to configure. This guide walks you through setting up WireGuard as a VPN server on a Linux system.

---# Setting Up WireGuard as a VPN Server and REST API Server

This guide combines setting up a WireGuard VPN server with configuring a LAMP stack (Linux, Apache, MySQL, PHP) for hosting REST APIs. Follow the steps below for a complete setup.

Prerequisites

  1. A Linux server (e.g., Ubuntu, Debian, or CentOS).
  2. Root or sudo access to the server.
  3. A client device to connect to the VPN.
  4. Basic understanding of networking and Linux commands.
  5. Apache 2, PHP 8.3, and MySQL Server 8 installed on the server.

Part 1: Setting Up WireGuard as a VPN Server

Step 1: Install WireGuard

On Ubuntu/Debian

sudo apt update
sudo apt install wireguard -y

On CentOS/Red Hat

First, enable the EPEL repository:

sudo yum install epel-release -y

Then install WireGuard:

sudo yum install kmod-wireguard wireguard-tools -y

Step 2: Generate Keys

WireGuard requires a pair of private and public keys for both the server and clients. Run the following commands to generate the keys:

Generate Server Keys

wg genkey | tee server_private.key | wg pubkey > server_public.key
  • server_private.key: The server's private key (keep this secure).
  • server_public.key: The server's public key (shared with clients).

Generate Client Keys (Example for One Client)

wg genkey | tee client_private.key | wg pubkey > client_public.key

Step 3: Configure the WireGuard Server

Create the Configuration File

WireGuard’s default configuration directory is /etc/wireguard/. Create a file named wg0.conf:

sudo nano /etc/wireguard/wg0.conf

Add the following configuration:

[Interface]
PrivateKey = <server_private_key> # Replace with the server's private key
Address = 10.0.0.1/24            # VPN network range
ListenPort = 51820               # Default WireGuard port

# Enable IP forwarding
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client_public_key>  # Replace with the client's public key
AllowedIPs = 10.0.0.2/32         # Assign an IP address to the client

Enable IP Forwarding

Edit the system configuration to enable IP forwarding:

sudo nano /etc/sysctl.conf

Uncomment or add the following line:

net.ipv4.ip_forward=1

Apply the changes:

sudo sysctl -p

Step 4: Start and Enable the WireGuard Server

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Verify the WireGuard interface is up:

sudo wg show

Step 5: Configure the Client

Create the Client Configuration File

On the client device, create a configuration file named wg0-client.conf:

[Interface]
PrivateKey = <client_private_key> # Replace with the client's private key
Address = 10.0.0.2/24            # The client's assigned IP address
DNS = 8.8.8.8                    # Optional: Set a DNS server

[Peer]
PublicKey = <server_public_key>  # Replace with the server's public key
Endpoint = <server_ip>:51820     # Replace with the server's public IP and port
AllowedIPs = 0.0.0.0/0           # Route all traffic through the VPN

Start the Client

Install WireGuard on the client (if not already installed) and start the VPN:

sudo wg-quick up wg0-client.conf

Step 6: Test the Connection

  1. Verify the VPN is working by checking the client’s public IP address:

    curl ifconfig.me

    The IP address should match the server’s public IP.

  2. Use ping to test connectivity between the server and client:

    ping 10.0.0.1

Step 7: Troubleshooting

  • Check WireGuard Status:

    sudo systemctl status wg-quick@wg0

  • Check Logs:

    sudo journalctl -u wg-quick@wg0

  • Verify Firewall Rules: Ensure the port (e.g., 51820) is open on your server.

  • Ensure Correct Key Pairs: Verify the private/public keys for both server and client.

Step 8: Add More Clients

For additional clients, generate new keys and append new [Peer] sections to the server's wg0.conf. Update the clients with their corresponding configurations.

Conclusion

You have successfully set up WireGuard as a VPN server! Enjoy a secure and fast VPN connection.

Part 2: Setting Up REST API Server with LAMP Stack

Step 1: Log in as Root

Run the following command to switch to the root user:

sudo su

Step 2: Update Package Information

Update the available package information:

sudo apt update

Step 3: Install Apache 2 and MySQL Server

Install the Apache 2 web server:

sudo apt install apache2 gedit

Install MySQL Server:

sudo apt install mysql-server

Step 4: Configure MySQL

After the MySQL database server is installed, log in to the MySQL shell:

mysql -uroot

Create a new user with the following commands:

CREATE USER 'vpnuser'@'%' IDENTIFIED BY 'vpnuser@321?';
GRANT ALL PRIVILEGES ON *.* TO 'vpnuser'@'%' WITH GRANT OPTION;

Optional: Restrict Privileges

If you are concerned about user privileges, you can limit them as follows:

GRANT SELECT, INSERT, UPDATE, DELETE ON my_database.* TO 'vpnuser'@'%';

Apply the changes:

FLUSH PRIVILEGES;

Verify the user:

SELECT User, Host FROM mysql.user WHERE User = 'vpnuser';

Exit the MySQL shell:

exit

Step 5: Install PHP 8.3 and Necessary Libraries

Add the PHP repository:

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

Install PHP 8.3 and required libraries:

sudo apt install php8.3 libapache2-mod-php8.3 php8.3-curl php8.3-intl php8.3-zip php8.3-soap php8.3-xml php8.3-gd php8.3-mbstring php8.3-bcmath php8.3-common php8.3-xml php8.3-mysqli

Step 6: Enable Apache Mods and Restart

Enable the necessary Apache modules and restart the web server:

sudo a2enmod php8.3
sudo a2enmod rewrite
sudo service apache2 restart

You have successfully set up a LAMP stack with Apache 2, PHP 8.3, and MySQL Server 8. You are now ready to deploy REST APIs!

Prerequisites

  1. A Linux server (e.g., Ubuntu, Debian, or CentOS).
  2. Root or sudo access to the server.
  3. A client device to connect to the VPN.
  4. Basic understanding of networking and Linux commands.

Step 1: Install WireGuard

On Ubuntu/Debian

sudo apt update
sudo apt install wireguard -y

On CentOS/Red Hat

First, enable the EPEL repository:

sudo yum install epel-release -y

Then install WireGuard:

sudo yum install kmod-wireguard wireguard-tools -y

Step 2: Generate Keys

WireGuard requires a pair of private and public keys for both the server and clients. Run the following commands to generate the keys:

Generate Server Keys

wg genkey | tee server_private.key | wg pubkey > server_public.key
  • server_private.key: The server's private key (keep this secure).
  • server_public.key: The server's public key (shared with clients).

Generate Client Keys (Example for One Client)

wg genkey | tee client_private.key | wg pubkey > client_public.key

Step 3: Configure the WireGuard Server

Create the Configuration File

WireGuard’s default configuration directory is /etc/wireguard/. Create a file named wg0.conf:

sudo nano /etc/wireguard/wg0.conf

Add the following configuration:

[Interface]
PrivateKey = <server_private_key> # Replace with the server's private key
Address = 10.0.0.1/24            # VPN network range
ListenPort = 51820               # Default WireGuard port

# Enable IP forwarding
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client_public_key>  # Replace with the client's public key
AllowedIPs = 10.0.0.2/32         # Assign an IP address to the client

Enable IP Forwarding

Edit the system configuration to enable IP forwarding:

sudo nano /etc/sysctl.conf

Uncomment or add the following line:

net.ipv4.ip_forward=1

Apply the changes:

sudo sysctl -p

Step 4: Start and Enable the WireGuard Server

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Verify the WireGuard interface is up:

sudo wg show

Step 5: Configure the Client

Create the Client Configuration File

On the client device, create a configuration file named wg0-client.conf:

[Interface]
PrivateKey = <client_private_key> # Replace with the client's private key
Address = 10.0.0.2/24            # The client's assigned IP address
DNS = 8.8.8.8                    # Optional: Set a DNS server

[Peer]
PublicKey = <server_public_key>  # Replace with the server's public key
Endpoint = <server_ip>:51820     # Replace with the server's public IP and port
AllowedIPs = 0.0.0.0/0           # Route all traffic through the VPN

Start the Client

Install WireGuard on the client (if not already installed) and start the VPN:

sudo wg-quick up wg0-client.conf

Step 6: Test the Connection

  1. Verify the VPN is working by checking the client’s public IP address:

    curl ifconfig.me

    The IP address should match the server’s public IP.

  2. Use ping to test connectivity between the server and client:

    ping 10.0.0.1

Step 7: Troubleshooting

  • Check WireGuard Status:

    sudo systemctl status wg-quick@wg0

  • Check Logs:

    sudo journalctl -u wg-quick@wg0

  • Verify Firewall Rules: Ensure the port (e.g., 51820) is open on your server.

  • Ensure Correct Key Pairs: Verify the private/public keys for both server and client.

Step 8: Add More Clients

For additional clients, generate new keys and append new [Peer] sections to the server's wg0.conf. Update the clients with their corresponding configurations.

Conclusion

You have successfully set up WireGuard as a VPN server! Enjoy a secure and fast VPN connection.