Skip to content

Commit 145814a

Browse files
devlikeprodevlikepro
committed
Deploying to gh-pages from @ 12c4903 🚀
1 parent 8844677 commit 145814a

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

docs/how-to/security/index.html

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -67,13 +67,13 @@
6767
Swagger panel with <code>admin / admin</code> credentials. This does not affect API access.</li></ul><div class="callout callout-tip d-flex flex-row mt-4 mb-4 pt-4 pe-4 pb-2 ps-3"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="outline/info-circle svg-inline callout-icon me-2 mb-3" id="svg-info-circle" role="img"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M3 12a9 9 0 1018 0A9 9 0 003 12"/><path d="M12 9h.01"/><path d="M11 12h1v4h1"/></svg><div class=callout-content><div class=callout-body><p>You can also set <a href=/docs/how-to/swagger/#white-label><strong>Swagger White Label</strong></a>
6868
options instead of hiding the Swagger panel.</p></div></div></div><h2 id=dashboard-security>Dashboard Security<a href=#dashboard-security class=anchor aria-hidden=true>#</a></h2><p>Read more about <a href=/docs/how-to/dashboard/><strong>📊 Dashboard</strong></a></p><p>When running WAHA you can set the following environment variables to configure the dashboard:</p><ul><li><code>WAHA_DASHBOARD_ENABLED=true</code> - enable or disable the dashboard, by default <code>true</code>. Set to <code>false</code> to disable the dashboard.</li><li><code>WAHA_DASHBOARD_USERNAME=waha</code> - username used to log in, by default <code>admin</code> or <code>waha</code></li><li><code>WAHA_DASHBOARD_PASSWORD=waha</code> - password used to log in, generated random.</li></ul><h2 id=webhook-security>Webhook security<a href=#webhook-security class=anchor aria-hidden=true>#</a></h2><p>To make sure that you get a webhook from your WAHA instance - you can use <strong>HMAC authentication</strong>.</p><p>Read more about
6969
<a href=/docs/how-to/events/#hmac-authentication><strong>🔄 Events</strong></a>.</p><h2 id=https>HTTPS<a href=#https class=anchor aria-hidden=true>#</a></h2><p>After you set up the security options - you should set up HTTPS to protect the data in transit and prevent <a href=https://en.wikipedia.org/wiki/Man-in-the-middle_attack>Man-in-the-middle attacks</a>.</p><p>That&rsquo;s fine to run it on the <strong>local network</strong> without HTTPS, but for <strong>the production</strong> environment, HTTPS is a must-have.</p><div></div><div class="callout callout-tip d-flex flex-row mt-4 mb-4 pt-4 pe-4 pb-2 ps-3"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="outline/shield-check svg-inline callout-icon me-2 mb-3" id="svg-shield-check" role="img"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M11.46 20.846A12 12 0 013.5 6 12 12 0 0012 3a12 12 0 008.5 3 12 12 0 01-.09 7.06"/><path d="M15 19l2 2 4-4"/></svg><div class=callout-content><div class=callout-title><p>Use Nginx to handle HTTPS</p></div><div class=callout-body><p>We <strong>recommend</strong> handling HTTPS termination with <strong>a reverse proxy</strong> like Nginx.</p><p>Follow
70-
<a href=/docs/how-to/install/#nginx><strong>🔧 Install & Update - Nginx</strong></a> to set up <strong>Nginx with Let&rsquo;s Encrypt</strong>.</p></div></div></div><p>WAHA supports HTTPS out of the box if you don&rsquo;t want to use a reverse proxy like Nginx (<strong>using Nginx is recommended</strong>)</p><p>You can set up the following environment variables to enable HTTPS:</p><ul><li><code>WAHA_HTTPS_ENABLED=true</code>: Set this variable to <code>true</code> to enable HTTPS. By default, it&rsquo;s <code>false</code>.</li><li><code>WAHA_HTTPS_PATH_KEY=/path/to/key.pem</code>: The path to the key file for HTTPS. By default <code>./.secrets/privkey.pem</code></li><li><code>WAHA_HTTPS_PATH_CERT=/path/to/cert.pem</code>: The path to the certificate file for HTTPS. By default <code>./.secrets/cert.pem</code></li><li><code>WAHA_HTTPS_PATH_CA=/path/to/ca.pem</code>: The path to the CA file for HTTPS. By default <code>./.secrets/chain.pem</code></li></ul><h2 id=faq>FAQ<a href=#faq class=anchor aria-hidden=true>#</a></h2><h3 id=how-to-disable-security>How To Disable Security?<a href=#how-to-disable-security class=anchor aria-hidden=true>#</a></h3><p>By default, WAHA checks those variables and if it&rsquo;s not set - generates a random one (check your console/logs output):</p><ul><li><code>WAHA_API_KEY</code></li><li><code>WAHA_DASHBOARD_PASSWORD</code></li><li><code>WHATSAPP_SWAGGER_PASSWORD</code></li></ul><p>Even if you set this to "" (empty string) or &ldquo;admin/waha/123&rdquo; - WAHA generates a new value.</p><p>If you <strong>100% know what you are doing</strong> - you can disable this explicilty and set to <code>.env</code> file:</p><div class=expressive-code><figure class="frame not-content"><figcaption class=header><span class=title></span></figcaption><pre tabindex=0><code class=language-dotenv data-lang=dotenv># Api Key - Off
71-
WAHA_API_KEY=
72-
WAHA_NO_API_KEY=True
73-
# Dashboard - Auth Off
74-
WAHA_DASHBOARD_PASSWORD=
75-
WAHA_DASHBOARD_NO_PASSWORD=True
76-
# Swagger - Auth Off
77-
WHATSAPP_SWAGGER_PASSWORD=
78-
WHATSAPP_SWAGGER_NO_PASSWORD=True</code></pre></figure></div><div class="page-footer-meta d-flex flex-column flex-md-row justify-content-between"><div class=edit-page><a href=https://github.com/devlikeapro/waha-docs/blob/main/content//docs/how-to/security/index.md><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-2"><path d="M17 3a2.828 2.828.0 114 4L7.5 20.5 2 22l1.5-5.5L17 3z"/></svg>
70+
<a href=/docs/how-to/install/#nginx><strong>🔧 Install & Update - Nginx</strong></a> to set up <strong>Nginx with Let&rsquo;s Encrypt</strong>.</p></div></div></div><p>WAHA supports HTTPS out of the box if you don&rsquo;t want to use a reverse proxy like Nginx (<strong>using Nginx is recommended</strong>)</p><p>You can set up the following environment variables to enable HTTPS:</p><ul><li><code>WAHA_HTTPS_ENABLED=true</code>: Set this variable to <code>true</code> to enable HTTPS. By default, it&rsquo;s <code>false</code>.</li><li><code>WAHA_HTTPS_PATH_KEY=/path/to/key.pem</code>: The path to the key file for HTTPS. By default <code>./.secrets/privkey.pem</code></li><li><code>WAHA_HTTPS_PATH_CERT=/path/to/cert.pem</code>: The path to the certificate file for HTTPS. By default <code>./.secrets/cert.pem</code></li><li><code>WAHA_HTTPS_PATH_CA=/path/to/ca.pem</code>: The path to the CA file for HTTPS. By default <code>./.secrets/chain.pem</code></li></ul><h2 id=faq>FAQ<a href=#faq class=anchor aria-hidden=true>#</a></h2><h3 id=how-to-disable-security>How To Disable Security?<a href=#how-to-disable-security class=anchor aria-hidden=true>#</a></h3><p>By default, WAHA checks those variables and if it&rsquo;s not set - generates a random one (check your console/logs output):</p><ul><li><code>WAHA_API_KEY</code></li><li><code>WAHA_DASHBOARD_PASSWORD</code></li><li><code>WHATSAPP_SWAGGER_PASSWORD</code></li></ul><p>Even if you set this to "" (empty string) or &ldquo;admin/waha/123&rdquo; - WAHA generates a new value.</p><p>If you <strong>100% know what you are doing</strong> - you can disable this explicilty and set to <code>.env</code> file:</p><div class=expressive-code><figure class="frame is-terminal not-content"><figcaption class=header><span class=title></span></figcaption><div class=highlight><pre tabindex=0 class=chroma><code class=language-bash data-lang=bash><span class=line><span class=cl><span class=c1># Api Key - Off</span>
71+
</span></span><span class=line><span class=cl><span class=nv>WAHA_API_KEY</span><span class=o>=</span>
72+
</span></span><span class=line><span class=cl><span class=nv>WAHA_NO_API_KEY</span><span class=o>=</span>True
73+
</span></span><span class=line><span class=cl><span class=c1># Dashboard - Auth Off</span>
74+
</span></span><span class=line><span class=cl><span class=nv>WAHA_DASHBOARD_PASSWORD</span><span class=o>=</span>
75+
</span></span><span class=line><span class=cl><span class=nv>WAHA_DASHBOARD_NO_PASSWORD</span><span class=o>=</span>True
76+
</span></span><span class=line><span class=cl><span class=c1># Swagger - Auth Off</span>
77+
</span></span><span class=line><span class=cl><span class=nv>WHATSAPP_SWAGGER_PASSWORD</span><span class=o>=</span>
78+
</span></span><span class=line><span class=cl><span class=nv>WHATSAPP_SWAGGER_NO_PASSWORD</span><span class=o>=</span>True</span></span></code></pre></div></figure></div><div class="page-footer-meta d-flex flex-column flex-md-row justify-content-between"><div class=edit-page><a href=https://github.com/devlikeapro/waha-docs/blob/main/content//docs/how-to/security/index.md><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-2"><path d="M17 3a2.828 2.828.0 114 4L7.5 20.5 2 22l1.5-5.5L17 3z"/></svg>
7979
Edit this page on GitHub</a></div></div><div class="page-nav d-flex flex-column flex-sm-row"><div class="card w-100"><div class="card-body d-flex"><div class="d-flex flex-column justify-content-center"><svg class="icon icon-tabler icon-tabler-arrow-left" width="20" height="20" viewBox="0 0 24 24" stroke-width="2" stroke="currentcolor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M5 12h14"/><path d="M5 12l6 6"/><path d="M5 12l6-6"/></svg></div><div class="d-flex flex-column"><div class=text-body-secondary>Prev</div><a href=/docs/engines/venom/ class="stretched-link text-reset text-decoration-none">VENOM</a></div></div></div><div class=m-2></div><div class="card text-end w-100"><div class="card-body d-flex justify-content-end"><div class="d-flex flex-column"><div class=text-body-secondary>Next</div><a href=/docs/how-to/storages/ class="stretched-link text-reset text-decoration-none">🗄️ Storages</a></div><div class="d-flex flex-column justify-content-center"><svg class="icon icon-tabler icon-tabler-arrow-right" width="20" height="20" viewBox="0 0 24 24" stroke-width="2" stroke="currentcolor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M5 12h14"/><path d="M13 18l6-6"/><path d="M13 6l6 6"/></svg></div></div></div></div></main></div></div></div><footer class="footer text-muted mt-4" style=background-color:#e9f7e3><div class=container-xxl><div class=row><div class="col-lg-12 order-last order-lg-first"><ul class=list-inline><li class=list-inline-item></li></ul></div><div class="col-lg-12 order-first order-lg-last text-lg-end"><ul class=list-inline></ul></div></div></div></footer><script async src=/js/bootstrap.762a854b81bfcb87f28131336dd2100fd1fd244f287fdd722d891edd756d463b.js integrity="sha256-diqFS4G/y4fygTEzbdIQD9H9JE8of91yLYke3XVtRjs="></script><script async src=/js/app.c17553444ec7c62f781ddbaa011948f6d85a1bab49420047d68a2b89852a8b36.js integrity="sha256-wXVTRE7Hxi94HduqARlI9thaG6tJQgBH1ooriYUqizY="></script><script async src=/js/docsearch.cfae25fd02560b1d08c4065fa744efbf59bdaf3e4d6a7bf8652794f322a813c9.js integrity="sha256-z64l/QJWCx0IxAZfp0Tvv1m9rz5Nanv4ZSeU8yKoE8k="></script><div class="d-inline-flex fixed-bottom-right pb-4 pe-4"><button id=toTop type=button class="btn btn-primary rounded-circle ms-auto p-2"><span class=visually-hidden>Top</span><svg class="icon icon-tabler icon-tabler-chevron-up" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentcolor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M6 15l6-6 6 6"/></svg></button></div></body></html>

0 commit comments

Comments
 (0)