diff --git a/api/app.py b/api/app.py index d278f38..7ffba4c 100644 --- a/api/app.py +++ b/api/app.py @@ -474,6 +474,12 @@ def update_config(): n = len(peer_registry.list_peers()) if n: all_warnings.append(f'WireGuard endpoint changed — {n} peer(s) must reinstall VPN config') + # Keep identity.wireguard_port in sync with service config port + if 'port' in config: + _id = config_manager.configs.get('_identity', {}) + _id['wireguard_port'] = config['port'] + config_manager.configs['_identity'] = _id + config_manager._save_all_configs() # Apply cell identity domain to network and email services if identity_updates.get('domain'): @@ -542,11 +548,16 @@ def update_config(): f'{svc_key} {field}: {old_val} → {new_val}' ) - # wireguard_port in identity also drives WG_PORT env var + # wireguard_port in identity also drives WG_PORT env var; sync to service config if 'wireguard_port' in identity_updates: old_wg = old_identity.get('wireguard_port') new_wg = identity_updates['wireguard_port'] if old_wg is not None and old_wg != new_wg: + # Sync to wireguard service config and update wg0.conf + _wg_svc = config_manager.configs.get('wireguard', {}) + _wg_svc['port'] = new_wg + config_manager.update_service_config('wireguard', _wg_svc) + wireguard_manager.update_config({'port': new_wg}) port_changed_containers.add('wireguard') port_change_messages.append(f'wireguard_port: {old_wg} → {new_wg}') diff --git a/docker-compose.yml b/docker-compose.yml index 60c2615..99ca914 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -167,7 +167,7 @@ services: - PUID=${PUID:-1000} - PGID=${PGID:-1000} ports: - - "${WG_PORT:-51820}:51820/udp" + - "${WG_PORT:-51820}:${WG_PORT:-51820}/udp" volumes: - ./config/wireguard:/config - /lib/modules:/lib/modules diff --git a/webui/src/pages/Settings.jsx b/webui/src/pages/Settings.jsx index eaeac9b..7223b9f 100644 --- a/webui/src/pages/Settings.jsx +++ b/webui/src/pages/Settings.jsx @@ -287,7 +287,7 @@ function Settings() { const { refresh: refreshConfig } = useConfig(); // identity - const [identity, setIdentity] = useState({ cell_name: '', domain: '', ip_range: '', wireguard_port: 51820 }); + const [identity, setIdentity] = useState({ cell_name: '', domain: '', ip_range: '' }); const [identityDirty, setIdentityDirty] = useState(false); const [identitySaving, setIdentitySaving] = useState(false); @@ -315,7 +315,6 @@ function Settings() { cell_name: cfg.cell_name || '', domain: cfg.domain || '', ip_range: cfg.ip_range || '', - wireguard_port: cfg.wireguard_port || 51820, }); setServiceConfigs(cfg.service_configs || {}); setBackups(bkRes.data || []); @@ -360,6 +359,7 @@ function Settings() { const res = await cellAPI.updateConfig({ [key]: serviceConfigs[key] }); setServiceDirty((d) => ({ ...d, [key]: false })); _applyResult(res, key); + refreshConfig(); } catch { toast(`Failed to save ${key} config`, 'error'); } finally { @@ -482,13 +482,6 @@ function Settings() { placeholder="172.20.0.0/16" /> - - { setIdentity((i) => ({ ...i, wireguard_port: v })); setIdentityDirty(true); }} - min={1} max={65535} - /> -
-

UDP Port {serverConfig?.port || 51820}

+

UDP Port {configPort ?? serverConfig?.port ?? 51820}

{serverConfig ? ( - UDP port {serverConfig.port || 51820} appears closed. Check your router/firewall and forward this port to this machine. + UDP port {configPort ?? serverConfig.port ?? 51820} appears closed. Check your router/firewall and forward this port to this machine.
)}