Skip to Content
🚀 Wiredoor 1.0.0 now available - Ready to expose your private services? Get Started →
DocumentationFAQ

Frequently Asked Questions (FAQ)

This page answers common questions about Wiredoor, how it works, and how to troubleshoot basic setup or usage issues.

General

Do I need a public IP to use Wiredoor?

Not necessarily — while the Wiredoor Server works best on a machine with a public IP address or publicly reachable domain (especially for exposing TCP services to the internet), it can also be used in corporate or internal networks where all nodes can reach the server.

Do my services need public IPs?

No — your internal services do not need to be publicly accessible. Wiredoor connects to them through a reverse VPN tunnel using WireGuard, which allows exposure from completely private networks.

Is Wiredoor open-source?

Yes! Both the server and CLI are fully open source. You can self-host everything and have full control over your infrastructure.

Can I use Wiredoor without a public domain?

Yes, but:

  • You will receive a self-signed SSL certificate
  • Browsers may show security warnings unless you manually trust the cert
  • You won’t be able to use Let’s Encrypt

Can I expose multiple services on the same domain?

Yes. You can:

  • Expose multiple services on different paths using HTTP (e.g., /app1, /app2)
  • Or expose different services on different subdomains (e.g., api.example.com, admin.example.com)

Can I run Wiredoor on a VPS?

Absolutely. In fact, a Linux VPS is the recommended environment for hosting the Wiredoor Server.

Can I use Wiredoor in air-gapped environments?

Yes, if the node can initiate outbound connections to the Wiredoor Server (even via a proxy or firewall rule). However, features like Let’s Encrypt won’t work without internet access.

Is there a limit to how many services I can expose?

No fixed limit. It depends on your server’s capacity and how many ports or domains you configure.

What happens if I restart the server or a node?

If you restart the Wiredoor server, all connected nodes will automatically reconnect once the server is back online. If you restart a node, it will only reconnect and restore its exposed services if the wiredoor service is enabled and running (daemon mode).

To ensure automatic recovery after a reboot, make sure you’ve run:

systemctl enable --now wiredoor

This keeps the connection alive and handles reconnections automatically.

Connecting and managing nodes

How do I connect a node to Wiredoor?

Use the command and follow the steps:

wiredoor login --url https://wiredoor_ip_or_domain

You can also create the node use Wiredoor Server UI and connect to that node using the generated token:

wiredoor connect --url https://wiredoor_ip_or_domain --token XXXXXXXXXXXX

What is the difference between wiredoor connect and wiredoor login?

  • wiredoor login is used by admins to authenticate and create a node directly from the CLI and connect to it.
  • wiredoor connect is used to connect your service to an already created node using an existing token.

Where is the Wiredoor config file located?

By default, it is located at:

/etc/wiredoor/config.ini

Exposing Services

How do I expose a local HTTP or TCP service?

Use:

wiredoor http my-service --port 3000 --domain service.example.com

or

wiredoor tcp my-ssh --port 22

Wiredoor assign unused port automatically in the range defined by TCP_SERVICES_PORT_RANGE

Can I expose multiple services from the same node?

Yes, you can expose multiple HTTP or TCP services from a single node.

Can I expose multiple services from the same node?

Yes, you can expose multiple HTTP or TCP services from a single node.

Is it possible to restrict access to certain IPs or countries?

Yes, Wiredoor supports access control using the --allow and --block flags when exposing services. You can restrict access to specific subnets or IP address like this:

wiredoor tcp my-ssh --port 22 --allow 94.173.54.0/24 --allow 94.173.59.54/32

This allows only the defined subnets. If at least one --allow rule is specified, all other traffic is blocked by default. These flags work for both HTTP and TCP services.

Security

Is the Wiredoor connection secure?

Yes. All connections are established over an encrypted WireGuard tunnel.

What kind of encryption does Wiredoor use?

Wiredoor uses WireGuard, which relies on modern cryptographic primitives like Curve25519, ChaCha20, and Poly1305.

Can I rotate the connection token or credentials?

Yes. You can revoke and regenerate tokens from the server dashboard or CLI.

How do I revoke access to a node?

You can manually delete or revoke access token and disable or delete the node.

Status and Monitoring

How can I check the connection status of a node?

Use:

wiredoor status

It shows connection status, active services, and health check.

How do I know if a service is active or disabled?

Use wiredoor status or check in the Wiredoor Server Dashboard.

Deployment and Maintenance

How is deployed wiredoor server?

Wiredoor server is deployed using a docker image with simple configuration through environment variables.

How do I back up my Wiredoor configuration and data?

Back up the local volumes wiredoor-data and wiredoor-certbot.

Last updated on
SecurityTroubleshooting