1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-06 07:50:13 +01:00

Progress so far.

This commit is contained in:
Dselen 2024-08-20 09:58:25 -05:00
parent 3c50e4768a
commit 00611ef9dc
4 changed files with 90 additions and 57 deletions

View File

@ -1,5 +1,5 @@
# Pull from small Debian stable image.
FROM debian:stable-slim
FROM debian:stable-slim AS build
LABEL maintainer="dselen@nerthus.nl"
# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
@ -9,16 +9,20 @@ ENV wg_net="10.0.0.1"
# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info.
ENV tz="Europe/Amsterdam"
ENV global_dns="1.1.1.1"
ENV enable_wg0="false"
ENV enable="(`none`)"
ENV isolated_peers="true"
ENV public_ip="0.0.0.0"
# Doing basic system maintenance. Change the timezone to the desired timezone.
RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
ENV WGDASH=/opt/wireguarddashboard
# Doing package management operations, such as upgrading
RUN apt-get update && apt-get upgrade -y \
&& apt-get install -y --no-install-recommends curl \
RUN apt-get update && \
apt-get install -y --no-install-recommends \
curl \
git \
iproute2 \
iptables \
@ -31,24 +35,26 @@ RUN apt-get update && apt-get upgrade -y \
traceroute \
wireguard \
wireguard-tools \
&& apt-get remove linux-image-* --autoremove -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
sudo && \
apt-get remove -y linux-image-* && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
ENV WGDASH=/opt/wireguarddashboard
RUN python3 -m venv ${WGDASH}/venv
# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
RUN . ${WGDASH}/venv/bin/activate \
&& git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \
&& pip3 install -r ${WGDASH}/app/src/requirements.txt \
&& chmod +x ${WGDASH}/app/src/wgd.sh \
&& .${WGDASH}/app/src/wgd.sh install
RUN git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH} \
&& rm ${WGDASH}/.git -rdf \
&& python3 -m venv ${WGDASH}/src/venv \
&& . ${WGDASH}/src/venv/bin/activate \
&& chmod +x ${WGDASH}/src/wgd.sh \
&& cd ${WGDASH}/src \
&& ./wgd.sh install
# Set the volume to be used for persistency.
# Set the volume to be used for WireGuard configuration persistency.
VOLUME /etc/wireguard
VOLUME ${WGDASH}
# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
@ -67,7 +73,9 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
&& rm /etc/wireguard/wg0_privatekey
# Defining a way for Docker to check the health of the container. In this case: checking the login URL.
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1
# Copy the basic entrypoint.sh script.
COPY entrypoint.sh /entrypoint.sh

View File

@ -1,12 +1,12 @@
services:
wireguard-dashboard:
image: repo.nerthus.nl/app/wireguard-dashboard:latest
image: dselen/wgdashboard:dev
restart: unless-stopped
container_name: wire-dash
environment:
#- tz= # <--- Set container timezone, default: Europe/Amsterdam.
#- global_dns= # <--- Set global DNS address, default: 1.1.1.1.
- enable_wg0=true # <--- If true, wg0 will be started on container startup. default: false.
- enable=wg0,wg1 # <--- If true, wg0 will be started on container startup. default: false.
- isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
#- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
ports:
@ -14,7 +14,7 @@ services:
- 51820:51820/udp
volumes:
- conf:/etc/wireguard
- app:/opt/wireguarddashboard/app
- app:/opt/wireguarddashboard
cap_add:
- NET_ADMIN

View File

@ -1,30 +1,48 @@
#!/bin/bash
echo "Starting the WireGuard Dashboard Docker container."
# === CLEAN UP ===
clean_up() {
echo "--------------------- CLEAN UP -----------------------"
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
echo "Looking for remains of previous instances..."
if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then
local pid_file="${WGDASH}/src/gunicorn.pid"
if [ -f $pid_file ]; then
echo "Found old .pid file, removing."
rm /opt/wireguarddashboard/app/src/gunicorn.pid
rm $pid_file
else
echo "No remains found, continuing."
echo "No pid remains found, continuing."
fi
local pycache="${WGDASH}/src/__pycache__"
if [ -d "$pycache" ]; then
local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l)
if [ "$pycache_filecount" -gt 0 ]; then
echo "Found old pycaches, removing."
rm -rf "$pycache"/*
else
echo "No pycaches found, continuing."
fi
else
echo "No pycaches found, continuing."
fi
}
# === CORE SERVICES ===
start_core() {
echo "--------------------- STARTING CORE -----------------------"
# This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage.
if [ ! -f "/etc/wireguard/wg0.conf" ]; then
cp "/wg0.conf" "/etc/wireguard/wg0.conf"
echo "WireGuard interface file copied over."
echo "Standard WG0 Configuration file not found, grabbing template."
else
echo "WireGuard interface file looks to already be existing."
echo "Standard WG0 Configuration file found, using that."
fi
echo "Activating Python venv and executing the WireGuard Dashboard service."
. "${WGDASH}"/venv/bin/activate
cd "${WGDASH}"/app/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
. "${WGDASH}"/src/venv/bin/activate
cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
bash wgd.sh start
# The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface.
@ -45,17 +63,22 @@ start_core() {
fi
# The following section takes care of
if [ "${enable_wg0,,}" = "true" ]; then
echo "Preference for wg0 to be turned on found."
wg-quick up wg0
# The following section takes care of enabling wireguard interfaces on startup.
IFS=',' read -r -a enable_array <<< "${enable}"
for interface in "${enable_array[@]}"; do
echo "Preference for $interface to be turned on found."
if [ -f "/etc/wireguard/${interface}.conf" ]; then
echo "Found corresponding configuration file, activating..."
wg-quick up $interface
else
echo "Preference for wg0 to be turned off found."
echo "No corresponding configuration file found for $interface doing nothing."
fi
done
}
# === SET ENV VARS ===
set_envvars() {
echo "------------------------------------------------------------"
echo "Setting relevant variables for operation."
# If the timezone is different, for example in North-America or Asia.
@ -67,11 +90,11 @@ set_envvars() {
fi
# Changing the DNS used for clients and the dashboard itself.
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Changing default dns."
#sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level.
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini
fi
# Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me.
@ -79,22 +102,24 @@ set_envvars() {
default_ip=$(curl -s ifconfig.me)
echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Setting the Public-IP using given variable: ${public_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini
fi
}
# === CLEAN UP ===
ensure_blocking() {
echo "------------------------------------------------------------"
sleep 1s
echo "Ensuring container continuation."
# This function checks if the latest error log is created and tails it for docker logs uses.
if find "/opt/wireguarddashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
latestErrLog=$(find /opt/wireguarddashboard/app/src/log -name "error_*.log" | head -n 1)
latestAccLog=$(find /opt/wireguarddashboard/app/src/log -name "access_*.log" | head -n 1)
if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1)
latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1)
tail -f "${latestErrLog}" "${latestAccLog}"
fi