vpn-gateway ghcr.io/prophetse7en/vpn-gateway:v1.4.2 https://github.com/prophetse7en/vpn-gateway/pkgs/container/vpn-gateway v1.4.2 Stable release (recommended) latest Stable release (recommended) dev Development builds — may contain bugs or breaking changes bash false https://discordapp.com/channels/492590071455940612/1486391669384417300 https://github.com/prophetse7en/vpn-gateway https://github.com/prophetse7en/vpn-gateway#readme Network: https://raw.githubusercontent.com/prophetse7en/unraid-templates/main/vpn-gateway.xml https://raw.githubusercontent.com/prophetse7en/vpn-gateway/main/icon.png 2026-04-24 ### 2026-04-24 - v1.4.2: Fix — completes the masked-credential fix from v1.4.1. The three-tier Port/Name/positional fallback couldn't recover because the snapshot of stored credentials was taken _after_ `json.Unmarshal` had already mutated the in-memory config via slice aliasing — so the lookup returned the masked placeholder instead of the real secret, and validation still rejected the save. Snapshot is now taken before the unmarshal. Also: toast notifications now linger longer (6 s for success, 9 s for errors) so the server message has time to be read. ### 2026-04-23 - v1.4.1: Fix — saving any Settings panel no longer 400's when a monitored port has a masked credential (the "API key must be entered" error after v1.4.0 for users with SABnzbd or similar configured). Toast notifications moved to top-center for visibility on wide screens. ### 2026-04-22 - v1.4.0: **Breaking change** — authentication now required, first boot redirects to /setup. Login + password (bcrypt), API key for Homepage/scripts, CSRF, Trusted Networks with env-var lock, credential masking on /api/config, atomic writes, generic 400 on malformed JSON. Full audit trail T1–T80 in docs/security-implementation-baseline.md. Homepage widget endpoint (/api/stats/widget) stays public so existing installs keep working. Base image bumped to alpinevpn 2026-04-17 (Alpine 3.21→3.22). Lost password: stop container, delete /config/auth.json, restart — setup wizard runs again. ### 2026-04-11 - v1.3.0: Multi-service monitoring — SABnzbd + Dispatcharr pollers alongside qBit. Dispatcharr Active Streams panel. nft byte counters for real-time Dispatcharr traffic without API spam. Settings sidebar redesign (Bandwidth / Schedule / Service Monitoring / Tools). Stats tab renamed Volume. Custom confirm modal. Multi-arch builds (amd64 + arm64). ### 2026-03-15 - v1.2.14: Homepage widget endpoint — /api/stats/widget returns pre-formatted dl/ul speeds + totals + daily values for Homepage dashboards. - v1.2.13: UI remembers last selected tab across reloads. - v1.2.12: Fix — container shutdown no longer waits the full 10s stop timeout. VPN gateway with nftables bandwidth limiting, scheduling, hot-reload, and web UI. Built on hotio/base:alpinevpn — all hotio VPN features (WireGuard, PIA, Proton) work out of the box. Route containers through WireGuard with per-service rate limits, time-based rules, and real-time traffic monitoring. First boot redirects to /setup to create an admin account — Radarr/Sonarr-style auth with API key for Homepage/scripts. Click Show more settings for all VPN variables. Generic provider requires a WireGuard config in /config/wireguard/wg0.conf. PIA/Proton auto-configure with credentials. First container start redirects to /setup — set a strong admin password (≥10 chars, 2+ of upper/lower/digit/symbol). Homepage widget uses /api/stats/widget (public, no auth needed); other /api/ endpoints need X-Api-Key header from Settings → Security. http://[IP]:[PORT:6050] --hostname=vpn-gateway.internal --cap-add=NET_ADMIN bridge