mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2024-11-06 07:50:13 +01:00
Progress so far.
This commit is contained in:
parent
3c50e4768a
commit
00611ef9dc
@ -1,5 +1,5 @@
|
|||||||
# Pull from small Debian stable image.
|
# Pull from small Debian stable image.
|
||||||
FROM debian:stable-slim
|
FROM debian:stable-slim AS build
|
||||||
LABEL maintainer="dselen@nerthus.nl"
|
LABEL maintainer="dselen@nerthus.nl"
|
||||||
|
|
||||||
# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
|
# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
|
||||||
@ -9,46 +9,52 @@ ENV wg_net="10.0.0.1"
|
|||||||
# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info.
|
# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info.
|
||||||
ENV tz="Europe/Amsterdam"
|
ENV tz="Europe/Amsterdam"
|
||||||
ENV global_dns="1.1.1.1"
|
ENV global_dns="1.1.1.1"
|
||||||
ENV enable_wg0="false"
|
ENV enable="(`none`)"
|
||||||
ENV isolated_peers="true"
|
ENV isolated_peers="true"
|
||||||
ENV public_ip="0.0.0.0"
|
ENV public_ip="0.0.0.0"
|
||||||
|
|
||||||
# Doing basic system maintenance. Change the timezone to the desired timezone.
|
# Doing basic system maintenance. Change the timezone to the desired timezone.
|
||||||
RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime
|
RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime
|
||||||
|
|
||||||
# Doing package management operations, such as upgrading
|
|
||||||
RUN apt-get update && apt-get upgrade -y \
|
|
||||||
&& apt-get install -y --no-install-recommends curl \
|
|
||||||
git \
|
|
||||||
iproute2 \
|
|
||||||
iptables \
|
|
||||||
iputils-ping \
|
|
||||||
openresolv \
|
|
||||||
procps \
|
|
||||||
python3 \
|
|
||||||
python3-pip \
|
|
||||||
python3-venv \
|
|
||||||
traceroute \
|
|
||||||
wireguard \
|
|
||||||
wireguard-tools \
|
|
||||||
&& apt-get remove linux-image-* --autoremove -y \
|
|
||||||
&& apt-get clean \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
|
|
||||||
|
|
||||||
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
|
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
|
||||||
ENV WGDASH=/opt/wireguarddashboard
|
ENV WGDASH=/opt/wireguarddashboard
|
||||||
RUN python3 -m venv ${WGDASH}/venv
|
|
||||||
|
# Doing package management operations, such as upgrading
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
curl \
|
||||||
|
git \
|
||||||
|
iproute2 \
|
||||||
|
iptables \
|
||||||
|
iputils-ping \
|
||||||
|
openresolv \
|
||||||
|
procps \
|
||||||
|
python3 \
|
||||||
|
python3-pip \
|
||||||
|
python3-venv \
|
||||||
|
traceroute \
|
||||||
|
wireguard \
|
||||||
|
wireguard-tools \
|
||||||
|
sudo && \
|
||||||
|
apt-get remove -y linux-image-* && \
|
||||||
|
apt-get autoremove -y && \
|
||||||
|
apt-get clean && \
|
||||||
|
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||||
|
|
||||||
|
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
|
||||||
|
|
||||||
# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
|
# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
|
||||||
RUN . ${WGDASH}/venv/bin/activate \
|
RUN git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH} \
|
||||||
&& git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \
|
&& rm ${WGDASH}/.git -rdf \
|
||||||
&& pip3 install -r ${WGDASH}/app/src/requirements.txt \
|
&& python3 -m venv ${WGDASH}/src/venv \
|
||||||
&& chmod +x ${WGDASH}/app/src/wgd.sh \
|
&& . ${WGDASH}/src/venv/bin/activate \
|
||||||
&& .${WGDASH}/app/src/wgd.sh install
|
&& chmod +x ${WGDASH}/src/wgd.sh \
|
||||||
|
&& cd ${WGDASH}/src \
|
||||||
|
&& ./wgd.sh install
|
||||||
|
|
||||||
# Set the volume to be used for persistency.
|
# Set the volume to be used for WireGuard configuration persistency.
|
||||||
VOLUME /etc/wireguard
|
VOLUME /etc/wireguard
|
||||||
|
VOLUME ${WGDASH}
|
||||||
|
|
||||||
# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
|
# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
|
||||||
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
|
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
|
||||||
@ -67,7 +73,9 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
|
|||||||
&& rm /etc/wireguard/wg0_privatekey
|
&& rm /etc/wireguard/wg0_privatekey
|
||||||
|
|
||||||
# Defining a way for Docker to check the health of the container. In this case: checking the login URL.
|
# Defining a way for Docker to check the health of the container. In this case: checking the login URL.
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
||||||
|
CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1
|
||||||
|
|
||||||
|
|
||||||
# Copy the basic entrypoint.sh script.
|
# Copy the basic entrypoint.sh script.
|
||||||
COPY entrypoint.sh /entrypoint.sh
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
services:
|
services:
|
||||||
wireguard-dashboard:
|
wireguard-dashboard:
|
||||||
image: repo.nerthus.nl/app/wireguard-dashboard:latest
|
image: dselen/wgdashboard:dev
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
container_name: wire-dash
|
container_name: wire-dash
|
||||||
environment:
|
environment:
|
||||||
#- tz= # <--- Set container timezone, default: Europe/Amsterdam.
|
#- tz= # <--- Set container timezone, default: Europe/Amsterdam.
|
||||||
#- global_dns= # <--- Set global DNS address, default: 1.1.1.1.
|
#- global_dns= # <--- Set global DNS address, default: 1.1.1.1.
|
||||||
- enable_wg0=true # <--- If true, wg0 will be started on container startup. default: false.
|
- enable=wg0,wg1 # <--- If true, wg0 will be started on container startup. default: false.
|
||||||
- isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
|
- isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
|
||||||
#- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
|
#- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
|
||||||
ports:
|
ports:
|
||||||
@ -14,7 +14,7 @@ services:
|
|||||||
- 51820:51820/udp
|
- 51820:51820/udp
|
||||||
volumes:
|
volumes:
|
||||||
- conf:/etc/wireguard
|
- conf:/etc/wireguard
|
||||||
- app:/opt/wireguarddashboard/app
|
- app:/opt/wireguarddashboard
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
|
|
||||||
|
@ -1,30 +1,48 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
echo "Starting the WireGuard Dashboard Docker container."
|
echo "Starting the WireGuard Dashboard Docker container."
|
||||||
|
|
||||||
|
# === CLEAN UP ===
|
||||||
clean_up() {
|
clean_up() {
|
||||||
|
echo "--------------------- CLEAN UP -----------------------"
|
||||||
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
|
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
|
||||||
echo "Looking for remains of previous instances..."
|
echo "Looking for remains of previous instances..."
|
||||||
if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then
|
local pid_file="${WGDASH}/src/gunicorn.pid"
|
||||||
|
if [ -f $pid_file ]; then
|
||||||
echo "Found old .pid file, removing."
|
echo "Found old .pid file, removing."
|
||||||
rm /opt/wireguarddashboard/app/src/gunicorn.pid
|
rm $pid_file
|
||||||
else
|
else
|
||||||
echo "No remains found, continuing."
|
echo "No pid remains found, continuing."
|
||||||
|
fi
|
||||||
|
|
||||||
|
local pycache="${WGDASH}/src/__pycache__"
|
||||||
|
if [ -d "$pycache" ]; then
|
||||||
|
local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l)
|
||||||
|
if [ "$pycache_filecount" -gt 0 ]; then
|
||||||
|
echo "Found old pycaches, removing."
|
||||||
|
rm -rf "$pycache"/*
|
||||||
|
else
|
||||||
|
echo "No pycaches found, continuing."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "No pycaches found, continuing."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# === CORE SERVICES ===
|
||||||
start_core() {
|
start_core() {
|
||||||
|
echo "--------------------- STARTING CORE -----------------------"
|
||||||
|
|
||||||
# This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage.
|
# This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage.
|
||||||
if [ ! -f "/etc/wireguard/wg0.conf" ]; then
|
if [ ! -f "/etc/wireguard/wg0.conf" ]; then
|
||||||
cp "/wg0.conf" "/etc/wireguard/wg0.conf"
|
cp "/wg0.conf" "/etc/wireguard/wg0.conf"
|
||||||
echo "WireGuard interface file copied over."
|
echo "Standard WG0 Configuration file not found, grabbing template."
|
||||||
else
|
else
|
||||||
echo "WireGuard interface file looks to already be existing."
|
echo "Standard WG0 Configuration file found, using that."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Activating Python venv and executing the WireGuard Dashboard service."
|
echo "Activating Python venv and executing the WireGuard Dashboard service."
|
||||||
|
. "${WGDASH}"/src/venv/bin/activate
|
||||||
. "${WGDASH}"/venv/bin/activate
|
cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
|
||||||
cd "${WGDASH}"/app/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
|
|
||||||
bash wgd.sh start
|
bash wgd.sh start
|
||||||
|
|
||||||
# The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface.
|
# The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface.
|
||||||
@ -45,17 +63,22 @@ start_core() {
|
|||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# The following section takes care of
|
# The following section takes care of enabling wireguard interfaces on startup.
|
||||||
if [ "${enable_wg0,,}" = "true" ]; then
|
IFS=',' read -r -a enable_array <<< "${enable}"
|
||||||
echo "Preference for wg0 to be turned on found."
|
for interface in "${enable_array[@]}"; do
|
||||||
|
echo "Preference for $interface to be turned on found."
|
||||||
wg-quick up wg0
|
if [ -f "/etc/wireguard/${interface}.conf" ]; then
|
||||||
else
|
echo "Found corresponding configuration file, activating..."
|
||||||
echo "Preference for wg0 to be turned off found."
|
wg-quick up $interface
|
||||||
fi
|
else
|
||||||
|
echo "No corresponding configuration file found for $interface doing nothing."
|
||||||
|
fi
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# === SET ENV VARS ===
|
||||||
set_envvars() {
|
set_envvars() {
|
||||||
|
echo "------------------------------------------------------------"
|
||||||
echo "Setting relevant variables for operation."
|
echo "Setting relevant variables for operation."
|
||||||
|
|
||||||
# If the timezone is different, for example in North-America or Asia.
|
# If the timezone is different, for example in North-America or Asia.
|
||||||
@ -67,11 +90,11 @@ set_envvars() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Changing the DNS used for clients and the dashboard itself.
|
# Changing the DNS used for clients and the dashboard itself.
|
||||||
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
||||||
echo "Changing default dns."
|
echo "Changing default dns."
|
||||||
|
|
||||||
#sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level.
|
#sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level.
|
||||||
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
|
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me.
|
# Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me.
|
||||||
@ -79,22 +102,24 @@ set_envvars() {
|
|||||||
default_ip=$(curl -s ifconfig.me)
|
default_ip=$(curl -s ifconfig.me)
|
||||||
echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}"
|
echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}"
|
||||||
|
|
||||||
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
|
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
|
||||||
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
||||||
echo "Setting the Public-IP using given variable: ${public_ip}"
|
echo "Setting the Public-IP using given variable: ${public_ip}"
|
||||||
|
|
||||||
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
|
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# === CLEAN UP ===
|
||||||
ensure_blocking() {
|
ensure_blocking() {
|
||||||
|
echo "------------------------------------------------------------"
|
||||||
sleep 1s
|
sleep 1s
|
||||||
echo "Ensuring container continuation."
|
echo "Ensuring container continuation."
|
||||||
|
|
||||||
# This function checks if the latest error log is created and tails it for docker logs uses.
|
# This function checks if the latest error log is created and tails it for docker logs uses.
|
||||||
if find "/opt/wireguarddashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
|
if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
|
||||||
latestErrLog=$(find /opt/wireguarddashboard/app/src/log -name "error_*.log" | head -n 1)
|
latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1)
|
||||||
latestAccLog=$(find /opt/wireguarddashboard/app/src/log -name "access_*.log" | head -n 1)
|
latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1)
|
||||||
tail -f "${latestErrLog}" "${latestAccLog}"
|
tail -f "${latestErrLog}" "${latestAccLog}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user