1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-22 15:20:09 +01:00

Progress so far.

This commit is contained in:
Dselen 2024-08-20 09:58:25 -05:00
parent 3c50e4768a
commit 00611ef9dc
4 changed files with 90 additions and 57 deletions

View File

@ -1,5 +1,5 @@
# Pull from small Debian stable image. # Pull from small Debian stable image.
FROM debian:stable-slim FROM debian:stable-slim AS build
LABEL maintainer="dselen@nerthus.nl" LABEL maintainer="dselen@nerthus.nl"
# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
@ -9,46 +9,52 @@ ENV wg_net="10.0.0.1"
# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. # Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info.
ENV tz="Europe/Amsterdam" ENV tz="Europe/Amsterdam"
ENV global_dns="1.1.1.1" ENV global_dns="1.1.1.1"
ENV enable_wg0="false" ENV enable="(`none`)"
ENV isolated_peers="true" ENV isolated_peers="true"
ENV public_ip="0.0.0.0" ENV public_ip="0.0.0.0"
# Doing basic system maintenance. Change the timezone to the desired timezone. # Doing basic system maintenance. Change the timezone to the desired timezone.
RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime
# Doing package management operations, such as upgrading
RUN apt-get update && apt-get upgrade -y \
&& apt-get install -y --no-install-recommends curl \
git \
iproute2 \
iptables \
iputils-ping \
openresolv \
procps \
python3 \
python3-pip \
python3-venv \
traceroute \
wireguard \
wireguard-tools \
&& apt-get remove linux-image-* --autoremove -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
ENV WGDASH=/opt/wireguarddashboard ENV WGDASH=/opt/wireguarddashboard
RUN python3 -m venv ${WGDASH}/venv
# Doing package management operations, such as upgrading
RUN apt-get update && \
apt-get install -y --no-install-recommends \
curl \
git \
iproute2 \
iptables \
iputils-ping \
openresolv \
procps \
python3 \
python3-pip \
python3-venv \
traceroute \
wireguard \
wireguard-tools \
sudo && \
apt-get remove -y linux-image-* && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
RUN . ${WGDASH}/venv/bin/activate \ RUN git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH} \
&& git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \ && rm ${WGDASH}/.git -rdf \
&& pip3 install -r ${WGDASH}/app/src/requirements.txt \ && python3 -m venv ${WGDASH}/src/venv \
&& chmod +x ${WGDASH}/app/src/wgd.sh \ && . ${WGDASH}/src/venv/bin/activate \
&& .${WGDASH}/app/src/wgd.sh install && chmod +x ${WGDASH}/src/wgd.sh \
&& cd ${WGDASH}/src \
&& ./wgd.sh install
# Set the volume to be used for persistency. # Set the volume to be used for WireGuard configuration persistency.
VOLUME /etc/wireguard VOLUME /etc/wireguard
VOLUME ${WGDASH}
# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
@ -67,7 +73,9 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
&& rm /etc/wireguard/wg0_privatekey && rm /etc/wireguard/wg0_privatekey
# Defining a way for Docker to check the health of the container. In this case: checking the login URL. # Defining a way for Docker to check the health of the container. In this case: checking the login URL.
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1
# Copy the basic entrypoint.sh script. # Copy the basic entrypoint.sh script.
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh

View File

@ -1,12 +1,12 @@
services: services:
wireguard-dashboard: wireguard-dashboard:
image: repo.nerthus.nl/app/wireguard-dashboard:latest image: dselen/wgdashboard:dev
restart: unless-stopped restart: unless-stopped
container_name: wire-dash container_name: wire-dash
environment: environment:
#- tz= # <--- Set container timezone, default: Europe/Amsterdam. #- tz= # <--- Set container timezone, default: Europe/Amsterdam.
#- global_dns= # <--- Set global DNS address, default: 1.1.1.1. #- global_dns= # <--- Set global DNS address, default: 1.1.1.1.
- enable_wg0=true # <--- If true, wg0 will be started on container startup. default: false. - enable=wg0,wg1 # <--- If true, wg0 will be started on container startup. default: false.
- isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
#- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
ports: ports:
@ -14,7 +14,7 @@ services:
- 51820:51820/udp - 51820:51820/udp
volumes: volumes:
- conf:/etc/wireguard - conf:/etc/wireguard
- app:/opt/wireguarddashboard/app - app:/opt/wireguarddashboard
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN

View File

@ -1,30 +1,48 @@
#!/bin/bash #!/bin/bash
echo "Starting the WireGuard Dashboard Docker container." echo "Starting the WireGuard Dashboard Docker container."
# === CLEAN UP ===
clean_up() { clean_up() {
echo "--------------------- CLEAN UP -----------------------"
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
echo "Looking for remains of previous instances..." echo "Looking for remains of previous instances..."
if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then local pid_file="${WGDASH}/src/gunicorn.pid"
if [ -f $pid_file ]; then
echo "Found old .pid file, removing." echo "Found old .pid file, removing."
rm /opt/wireguarddashboard/app/src/gunicorn.pid rm $pid_file
else else
echo "No remains found, continuing." echo "No pid remains found, continuing."
fi
local pycache="${WGDASH}/src/__pycache__"
if [ -d "$pycache" ]; then
local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l)
if [ "$pycache_filecount" -gt 0 ]; then
echo "Found old pycaches, removing."
rm -rf "$pycache"/*
else
echo "No pycaches found, continuing."
fi
else
echo "No pycaches found, continuing."
fi fi
} }
# === CORE SERVICES ===
start_core() { start_core() {
echo "--------------------- STARTING CORE -----------------------"
# This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage.
if [ ! -f "/etc/wireguard/wg0.conf" ]; then if [ ! -f "/etc/wireguard/wg0.conf" ]; then
cp "/wg0.conf" "/etc/wireguard/wg0.conf" cp "/wg0.conf" "/etc/wireguard/wg0.conf"
echo "WireGuard interface file copied over." echo "Standard WG0 Configuration file not found, grabbing template."
else else
echo "WireGuard interface file looks to already be existing." echo "Standard WG0 Configuration file found, using that."
fi fi
echo "Activating Python venv and executing the WireGuard Dashboard service." echo "Activating Python venv and executing the WireGuard Dashboard service."
. "${WGDASH}"/src/venv/bin/activate
. "${WGDASH}"/venv/bin/activate cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
cd "${WGDASH}"/app/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
bash wgd.sh start bash wgd.sh start
# The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface. # The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface.
@ -45,17 +63,22 @@ start_core() {
fi fi
# The following section takes care of # The following section takes care of enabling wireguard interfaces on startup.
if [ "${enable_wg0,,}" = "true" ]; then IFS=',' read -r -a enable_array <<< "${enable}"
echo "Preference for wg0 to be turned on found." for interface in "${enable_array[@]}"; do
echo "Preference for $interface to be turned on found."
wg-quick up wg0 if [ -f "/etc/wireguard/${interface}.conf" ]; then
else echo "Found corresponding configuration file, activating..."
echo "Preference for wg0 to be turned off found." wg-quick up $interface
fi else
echo "No corresponding configuration file found for $interface doing nothing."
fi
done
} }
# === SET ENV VARS ===
set_envvars() { set_envvars() {
echo "------------------------------------------------------------"
echo "Setting relevant variables for operation." echo "Setting relevant variables for operation."
# If the timezone is different, for example in North-America or Asia. # If the timezone is different, for example in North-America or Asia.
@ -67,11 +90,11 @@ set_envvars() {
fi fi
# Changing the DNS used for clients and the dashboard itself. # Changing the DNS used for clients and the dashboard itself.
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Changing default dns." echo "Changing default dns."
#sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level.
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini
fi fi
# Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me.
@ -79,22 +102,24 @@ set_envvars() {
default_ip=$(curl -s ifconfig.me) default_ip=$(curl -s ifconfig.me)
echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Setting the Public-IP using given variable: ${public_ip}" echo "Setting the Public-IP using given variable: ${public_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
fi fi
} }
# === CLEAN UP ===
ensure_blocking() { ensure_blocking() {
echo "------------------------------------------------------------"
sleep 1s sleep 1s
echo "Ensuring container continuation." echo "Ensuring container continuation."
# This function checks if the latest error log is created and tails it for docker logs uses. # This function checks if the latest error log is created and tails it for docker logs uses.
if find "/opt/wireguarddashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
latestErrLog=$(find /opt/wireguarddashboard/app/src/log -name "error_*.log" | head -n 1) latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1)
latestAccLog=$(find /opt/wireguarddashboard/app/src/log -name "access_*.log" | head -n 1) latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1)
tail -f "${latestErrLog}" "${latestAccLog}" tail -f "${latestErrLog}" "${latestAccLog}"
fi fi