mkdir /etc/wireguard cd /etc/wireguard umask 077 wg genkey | tee privatekey | wg pubkey > publickey
I wanted to create a WireGuard VPN with 2 subnets in different physical places, each with their own server. I couldn’t find an example how to do that, so I wrote this one.
I’m going to use the IP range fd69::/48 for the VPN, fd69:0:0:1::/64 for
subnet 1 and fd69:0:0:2::/64 for subnet 2. I’m going to call the server of
subnet 1 server1, its first client client1a, the second one client1b and
so on.
All clients in subnet 1 will connect to server1 and all clients in subnet 2
will connect to server2. server1 and server2 will be connected. If
client1a wants to connect to client2a, the route will be:
client1a → server1 → server2 → client2a.
Install WireGuard, create /etc/wireguard
and generate a key-pair on each participating peer.
mkdir /etc/wireguard cd /etc/wireguard umask 077 wg genkey | tee privatekey | wg pubkey > publickey
server1:/etc/wireguard/wg0.conf:# This peer [Interface] Address = fd69:0:0:1::1/48 PrivateKey = <PRIVATE KEY OF server1> ListenPort = 51820 # Server of subnet 2 [Peer] PublicKey = <PUBLIC KEY OF server2> Endpoint = server2:51820 AllowedIPs = fd69:0:0:2::/64 # Clients of subnet 1 [Peer] PublicKey = <PUBLIC KEY OF client1a> AllowedIPs = fd69:0:0:1::a/128 [Peer] PublicKey = <PUBLIC KEY OF client1b> AllowedIPs = fd69:0:0:1::b/128
server2:/etc/wireguard/wg0.conf:# This peer [Interface] Address = fd69:0:0:2::1/48 PrivateKey = <PRIVATE KEY OF server2> ListenPort = 51820 # Server of subnet 1 [Peer] PublicKey = <PUBLIC KEY OF server1> Endpoint = server1:51820 AllowedIPs = fd69:0:0:1::/64 # Clients of subnet 2 [Peer] PublicKey = <PUBLIC KEY OF client2a> AllowedIPs = fd69:0:0:2::a/128
client1a:/etc/wireguard/wg0.conf:[Interface] Address = fd69:0:0:1::a/48 PrivateKey = <PRIVATE KEY OF client1a> [Peer] PublicKey = <PUBLIC KEY OF server1> Endpoint = server1:51820 AllowedIPs = fd69::/48 PersistentKeepalive = 25
client1b:/etc/wireguard/wg0.conf:[Interface] Address = fd69:0:0:1::b/48 PrivateKey = <PRIVATE KEY OF client1b> [Peer] PublicKey = <PUBLIC KEY OF server1> Endpoint = server1:51820 AllowedIPs = fd69::/48 PersistentKeepalive = 25
client2a:/etc/wireguard/wg0.conf:[Interface] Address = fd69:0:0:2::a/48 PrivateKey = <PRIVATE KEY OF client2a> [Peer] PublicKey = <PUBLIC KEY OF server2> Endpoint = server1:51820 AllowedIPs = fd69::/48 PersistentKeepalive = 25
The AllowedIPs setting acts as a routing table. When a peer tries to send a
packet to an IP, it will check AllowedIPs, and if the IP appears in the list,
it will send it through the WireGuard interface.
The PersistentKeepalive setting ensures that the connection is maintained and
that the peer continues to be reachable, even behind a NAT.
Run wg-quick up wg0 on each peer.
The article How to easily configure WireGuard by Stavros Korokithakis helped me a great deal in understanding WireGuard.
In this blogpost I describe what I did to get AsciiDoc support into Gitea. If you want more than syntax highlighting and basic formatting, Gitea has to be patched unfortunately(this issue has already been reported). But I think most people will only need to edit 1 configuration file and are done.
Asciidoctor has inbuilt support for highlight.js, the solution Gitea uses and is therefore the best choice in most scenarios. If you can’t or don’t want to use it you can use AsciiDoc.
Add the following section to conf/app.ini in your Gitea path. The change
causes .adoc files to be rendered with asciidoctor.
[markup.asciidoc] ENABLED = true ; List of file extensions that should be rendered by an external command FILE_EXTENSIONS = .adoc,.asciidoc ; External command to render all matching extensions RENDER_COMMAND = "asciidoctor --backend=html5 --no-header-footer --attribute source-highlighter=highlightjs --out-file=- -" ; Don't pass the file on STDIN, pass the filename as argument instead. IS_INPUT_FILE = false
If you want to use asciidoc instead the command would be:
asciidoc --backend=xhtml11 --no-header-footer --attribute
source-highlighter=highlight --out-file=- -. I would choose the xhtml11
backend because it is the only one that encloses code snippets with <code>
tags. Instead of
highlight you can
use source-highlight or
Pygments.
If you use asciidoctor and don’t need tables or other fancy stuff you’re now done! If you use asciidoc, you’ll have to patch Gitea to get syntax highlighting.
The sanitizer strips almost all attributes from HTML-tags, as a security precaution. I’ve added exceptions for:
class attributes on all the tags Asciidoctor introduces,
Numerous attributes on table tags,
align and valign on td tags,
style attributes on span tags, but only if they contain nothing more than
color and font definitions.
If you use Asciidoctor with highlight.js output, you don’t need to allow style
attributes, if you don’t use tables you can omit the lines that deal with them
and the class exception is only useful if you add custom CSS to use them.
Apply the patch with patch -p1 < gitea_relax-sanitizer.patch.
diff -ur a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go --- a/modules/markup/sanitizer.go 2019-01-26 16:04:56.014108339 +0100 +++ b/modules/markup/sanitizer.go 2019-01-26 16:03:21.776401012 +0100 @@ -38,6 +38,16 @@ // Custom URL-Schemes sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) + // Allow style on span tags + sanitizer.policy.AllowAttrs("style").Matching(regexp.MustCompile(`^(background-)?color:[^;]+(; ?font[^;]+)?;?$`)).OnElements("span") + + // Allow class attribute + sanitizer.policy.AllowAttrs("class").OnElements("code", "pre", "span", "div", "p", "table", "td") + + // Allow table attributes + sanitizer.policy.AllowAttrs("width", "frame", "rules", "cellspacing", "cellpadding").OnElements("table") + sanitizer.policy.AllowAttrs("width").OnElements("col") + sanitizer.policy.AllowAttrs("align", "valign").OnElements("td") }) }
I used tables without borders in a manpage I wrote for the list of options. Gitea insist on drawing borders around them, so I had to create a custom CSS snippet.
In your Gitea directory, create custom/templates/custom/header.tmpl.
<style> /* Additions for asciidoc */ .markdown:not(code) table.frame-none { border: 0 !important; } .markdown:not(code) table.grid-none * { border: 0 !important; } </style>