mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2024-11-22 15:20:09 +01:00
Progress so far.
This commit is contained in:
Dselen
parent
3c50e4768a
commit
00611ef9dc
@ -1,5 +1,5 @@
|
||||
# Pull from small Debian stable image.
|
||||
FROM debian:stable-slim
|
||||
FROM debian:stable-slim AS build
|
||||
LABEL maintainer="dselen@nerthus.nl"
|
||||
|
||||
# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
|
||||
@ -9,16 +9,20 @@ ENV wg_net="10.0.0.1"
|
||||
# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info.
|
||||
ENV tz="Europe/Amsterdam"
|
||||
ENV global_dns="1.1.1.1"
|
||||
ENV enable_wg0="false"
|
||||
ENV enable="(`none`)"
|
||||
ENV isolated_peers="true"
|
||||
ENV public_ip="0.0.0.0"
|
||||
|
||||
# Doing basic system maintenance. Change the timezone to the desired timezone.
|
||||
RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime
|
||||
|
||||
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
|
||||
ENV WGDASH=/opt/wireguarddashboard
|
||||
|
||||
# Doing package management operations, such as upgrading
|
||||
RUN apt-get update && apt-get upgrade -y \
|
||||
&& apt-get install -y --no-install-recommends curl \
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
curl \
|
||||
git \
|
||||
iproute2 \
|
||||
iptables \
|
||||
@ -31,24 +35,26 @@ RUN apt-get update && apt-get upgrade -y \
|
||||
traceroute \
|
||||
wireguard \
|
||||
wireguard-tools \
|
||||
&& apt-get remove linux-image-* --autoremove -y \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
sudo && \
|
||||
apt-get remove -y linux-image-* && \
|
||||
apt-get autoremove -y && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
|
||||
|
||||
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
|
||||
ENV WGDASH=/opt/wireguarddashboard
|
||||
RUN python3 -m venv ${WGDASH}/venv
|
||||
|
||||
# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
|
||||
RUN . ${WGDASH}/venv/bin/activate \
|
||||
&& git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \
|
||||
&& pip3 install -r ${WGDASH}/app/src/requirements.txt \
|
||||
&& chmod +x ${WGDASH}/app/src/wgd.sh \
|
||||
&& .${WGDASH}/app/src/wgd.sh install
|
||||
RUN git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH} \
|
||||
&& rm ${WGDASH}/.git -rdf \
|
||||
&& python3 -m venv ${WGDASH}/src/venv \
|
||||
&& . ${WGDASH}/src/venv/bin/activate \
|
||||
&& chmod +x ${WGDASH}/src/wgd.sh \
|
||||
&& cd ${WGDASH}/src \
|
||||
&& ./wgd.sh install
|
||||
|
||||
# Set the volume to be used for persistency.
|
||||
# Set the volume to be used for WireGuard configuration persistency.
|
||||
VOLUME /etc/wireguard
|
||||
VOLUME ${WGDASH}
|
||||
|
||||
# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
|
||||
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
|
||||
@ -67,7 +73,9 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
|
||||
&& rm /etc/wireguard/wg0_privatekey
|
||||
|
||||
# Defining a way for Docker to check the health of the container. In this case: checking the login URL.
|
||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1
|
||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
||||
CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1
|
||||
|
||||
|
||||
# Copy the basic entrypoint.sh script.
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
services:
|
||||
wireguard-dashboard:
|
||||
image: repo.nerthus.nl/app/wireguard-dashboard:latest
|
||||
image: dselen/wgdashboard:dev
|
||||
restart: unless-stopped
|
||||
container_name: wire-dash
|
||||
environment:
|
||||
#- tz= # <--- Set container timezone, default: Europe/Amsterdam.
|
||||
#- global_dns= # <--- Set global DNS address, default: 1.1.1.1.
|
||||
- enable_wg0=true # <--- If true, wg0 will be started on container startup. default: false.
|
||||
- enable=wg0,wg1 # <--- If true, wg0 will be started on container startup. default: false.
|
||||
- isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
|
||||
#- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
|
||||
ports:
|
||||
@ -14,7 +14,7 @@ services:
|
||||
- 51820:51820/udp
|
||||
volumes:
|
||||
- conf:/etc/wireguard
|
||||
- app:/opt/wireguarddashboard/app
|
||||
- app:/opt/wireguarddashboard
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
|
||||
|
||||
@ -1,30 +1,48 @@
|
||||
#!/bin/bash
|
||||
echo "Starting the WireGuard Dashboard Docker container."
|
||||
|
||||
# === CLEAN UP ===
|
||||
clean_up() {
|
||||
echo "--------------------- CLEAN UP -----------------------"
|
||||
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
|
||||
echo "Looking for remains of previous instances..."
|
||||
if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then
|
||||
local pid_file="${WGDASH}/src/gunicorn.pid"
|
||||
if [ -f $pid_file ]; then
|
||||
echo "Found old .pid file, removing."
|
||||
rm /opt/wireguarddashboard/app/src/gunicorn.pid
|
||||
rm $pid_file
|
||||
else
|
||||
echo "No remains found, continuing."
|
||||
echo "No pid remains found, continuing."
|
||||
fi
|
||||
|
||||
local pycache="${WGDASH}/src/__pycache__"
|
||||
if [ -d "$pycache" ]; then
|
||||
local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l)
|
||||
if [ "$pycache_filecount" -gt 0 ]; then
|
||||
echo "Found old pycaches, removing."
|
||||
rm -rf "$pycache"/*
|
||||
else
|
||||
echo "No pycaches found, continuing."
|
||||
fi
|
||||
else
|
||||
echo "No pycaches found, continuing."
|
||||
fi
|
||||
}
|
||||
|
||||
# === CORE SERVICES ===
|
||||
start_core() {
|
||||
echo "--------------------- STARTING CORE -----------------------"
|
||||
|
||||
# This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage.
|
||||
if [ ! -f "/etc/wireguard/wg0.conf" ]; then
|
||||
cp "/wg0.conf" "/etc/wireguard/wg0.conf"
|
||||
echo "WireGuard interface file copied over."
|
||||
echo "Standard WG0 Configuration file not found, grabbing template."
|
||||
else
|
||||
echo "WireGuard interface file looks to already be existing."
|
||||
echo "Standard WG0 Configuration file found, using that."
|
||||
fi
|
||||
|
||||
echo "Activating Python venv and executing the WireGuard Dashboard service."
|
||||
|
||||
. "${WGDASH}"/venv/bin/activate
|
||||
cd "${WGDASH}"/app/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
|
||||
. "${WGDASH}"/src/venv/bin/activate
|
||||
cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
|
||||
bash wgd.sh start
|
||||
|
||||
# The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface.
|
||||
@ -45,17 +63,22 @@ start_core() {
|
||||
|
||||
fi
|
||||
|
||||
# The following section takes care of
|
||||
if [ "${enable_wg0,,}" = "true" ]; then
|
||||
echo "Preference for wg0 to be turned on found."
|
||||
|
||||
wg-quick up wg0
|
||||
# The following section takes care of enabling wireguard interfaces on startup.
|
||||
IFS=',' read -r -a enable_array <<< "${enable}"
|
||||
for interface in "${enable_array[@]}"; do
|
||||
echo "Preference for $interface to be turned on found."
|
||||
if [ -f "/etc/wireguard/${interface}.conf" ]; then
|
||||
echo "Found corresponding configuration file, activating..."
|
||||
wg-quick up $interface
|
||||
else
|
||||
echo "Preference for wg0 to be turned off found."
|
||||
echo "No corresponding configuration file found for $interface doing nothing."
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# === SET ENV VARS ===
|
||||
set_envvars() {
|
||||
echo "------------------------------------------------------------"
|
||||
echo "Setting relevant variables for operation."
|
||||
|
||||
# If the timezone is different, for example in North-America or Asia.
|
||||
@ -67,11 +90,11 @@ set_envvars() {
|
||||
fi
|
||||
|
||||
# Changing the DNS used for clients and the dashboard itself.
|
||||
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
||||
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
||||
echo "Changing default dns."
|
||||
|
||||
#sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level.
|
||||
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
|
||||
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini
|
||||
fi
|
||||
|
||||
# Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me.
|
||||
@ -79,22 +102,24 @@ set_envvars() {
|
||||
default_ip=$(curl -s ifconfig.me)
|
||||
echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}"
|
||||
|
||||
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
|
||||
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
||||
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
|
||||
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
|
||||
echo "Setting the Public-IP using given variable: ${public_ip}"
|
||||
|
||||
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
|
||||
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
|
||||
fi
|
||||
}
|
||||
|
||||
# === CLEAN UP ===
|
||||
ensure_blocking() {
|
||||
echo "------------------------------------------------------------"
|
||||
sleep 1s
|
||||
echo "Ensuring container continuation."
|
||||
|
||||
# This function checks if the latest error log is created and tails it for docker logs uses.
|
||||
if find "/opt/wireguarddashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
|
||||
latestErrLog=$(find /opt/wireguarddashboard/app/src/log -name "error_*.log" | head -n 1)
|
||||
latestAccLog=$(find /opt/wireguarddashboard/app/src/log -name "access_*.log" | head -n 1)
|
||||
if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
|
||||
latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1)
|
||||
latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1)
|
||||
tail -f "${latestErrLog}" "${latestAccLog}"
|
||||
fi
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user