# Quick Start: VPN-Only Access Setup ⚠️ **IMPORTANT:** This application is configured for VPN-ONLY access. It will NOT be publicly accessible. ## Quick Setup Steps ### 1. Install Docker (on VPS) ```bash curl -fsSL https://get.docker.com | sh sudo usermod -aG docker $USER ``` ### 2. Clone & Configure ```bash git clone YOUR_GITEA_REPO/Teren-app.git cd Teren-app cp docker-compose.yaml.example docker-compose.yaml cp .env.production.example .env ``` ### 3. Edit Configuration ```bash vim .env ``` **Required changes:** - `WG_SERVERURL` = Your VPS public IP (e.g., `123.45.67.89`) - `WG_UI_PASSWORD` = Strong password for WireGuard dashboard - `DB_DATABASE`, `DB_USERNAME`, `DB_PASSWORD` = Database credentials - `PGADMIN_EMAIL`, `PGADMIN_PASSWORD` = pgAdmin credentials ### 4. Start WireGuard First ```bash # Enable kernel module sudo modprobe wireguard # Start WireGuard docker compose up -d wireguard # Wait 10 seconds sleep 10 # Check status docker compose logs wireguard ``` ### 5. Setup VPN Client (on your laptop/desktop) **Access WireGuard Dashboard:** `http://YOUR_VPS_IP:51821` 1. Login with password from step 3 2. Click "New Client" 3. Name it (e.g., "MyLaptop") 4. Download config or scan QR code **Install WireGuard Client:** - Windows: https://www.wireguard.com/install/ - macOS: App Store - Linux: `sudo apt install wireguard` - Mobile: App Store / Play Store **Import config and CONNECT** ### 6. Verify VPN Works ```bash # From your local machine (while connected to VPN) ping 10.13.13.1 ``` Should get responses ✅ ### 7. Secure WireGuard Dashboard Edit `docker-compose.yaml`: ```yaml # Find wireguard service, change: ports: - "51821:51821/tcp" # To: ports: - "10.13.13.1:51821:51821/tcp" ``` ```bash docker compose down docker compose up -d wireguard ``` ### 8. Start All Services ```bash # Make sure you're connected to VPN! docker compose up -d ``` ### 9. Initialize Application ```bash # Generate app key docker compose exec app php artisan key:generate # Run migrations docker compose exec app php artisan migrate --force # Cache config docker compose exec app php artisan config:cache ``` ### 10. Access Your Services **While connected to VPN:** | Service | URL | |---------|-----| | **Laravel App** | http://10.13.13.1 | | **Portainer** | http://10.13.13.1:9000 | | **pgAdmin** | http://10.13.13.1:5050 | | **WireGuard UI** | http://10.13.13.1:51821 | ## Firewall Configuration ```bash sudo ufw allow 22/tcp # SSH sudo ufw allow 51820/udp # WireGuard VPN sudo ufw enable ``` **That's it!** ✅ ## Adding More VPN Clients 1. Connect to VPN 2. Open: `http://10.13.13.1:51821` 3. Click "New Client" 4. Download config 5. Import on new device ## Troubleshooting **Can't connect to VPN:** ```bash docker compose logs wireguard sudo ufw status ``` **Can't access app after VPN connection:** ```bash ping 10.13.13.1 docker compose ps docker compose logs nginx ``` **Check which ports are exposed:** ```bash docker compose ps sudo netstat -tulpn | grep 10.13.13.1 ``` ## Full Documentation See `DEPLOYMENT_GUIDE.md` for complete setup instructions, SSL configuration, automated deployments, and troubleshooting.