1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-22 15:20:09 +01:00

Features tested working, feeling good about a release.

This commit is contained in:
Daan 2024-06-06 16:11:49 +02:00
parent 6dc28f11e0
commit 1bcddadb7a
3 changed files with 42 additions and 22 deletions

View File

@ -10,6 +10,7 @@ ARG dash_ver="v3.0.6.2"
ENV wg_net="10.0.0.1" ENV wg_net="10.0.0.1"
# wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing. # wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing.
# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info.
ENV tz="Europe/Amsterdam" ENV tz="Europe/Amsterdam"
ENV global_dns="1.1.1.1" ENV global_dns="1.1.1.1"
ENV enable_wg0="false" ENV enable_wg0="false"
@ -17,15 +18,27 @@ ENV isolated_peers="true"
ENV public_ip="0.0.0.0" ENV public_ip="0.0.0.0"
# Doing basic system maintenance. Change the timezone to the desired timezone. # Doing basic system maintenance. Change the timezone to the desired timezone.
RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime \ RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime
&& apt-get update \
&& apt-get upgrade -y
# Removing the linux-image package to preserve space on the container.
# Installing needed packages for installation. # Doing package management operations, such as upgrading
RUN apt-get install -y --no-install-recommends git wireguard wireguard-tools python3 python3-pip python3-venv iproute2 openresolv procps iptables curl iputils-ping traceroute \ RUN apt-get update && apt-get upgrade -y \
&& apt remove linux-image-* --autoremove -y \ && apt-get install -y --no-install-recommends curl \
&& apt-get clean git \
iproute2 \
iptables \
iputils-ping \
openresolv \
procps \
python3 \
python3-pip \
python3-venv \
traceroute \
wireguard \
wireguard-tools \
&& apt-get remove linux-image-* --autoremove -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
ENV WGDASH=/opt/wireguardashboard ENV WGDASH=/opt/wireguardashboard
RUN python3 -m venv ${WGDASH}/venv RUN python3 -m venv ${WGDASH}/venv
@ -41,6 +54,8 @@ RUN . ${WGDASH}/venv/bin/activate \
VOLUME /etc/wireguard VOLUME /etc/wireguard
# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
&& echo "[Interface]" > /etc/wireguard/wg0.conf \ && echo "[Interface]" > /etc/wireguard/wg0.conf \
&& echo "SaveConfig = true" >> /etc/wireguard/wg0.conf \ && echo "SaveConfig = true" >> /etc/wireguard/wg0.conf \
@ -48,7 +63,7 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
&& echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /etc/wireguard/wg0.conf \ && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /etc/wireguard/wg0.conf \
&& echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \ && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \
&& echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \ && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \
&& echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \ && echo "PreDown = iptables -t nat -D POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \
&& echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \ && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \
&& echo "ListenPort = 51820" >> /etc/wireguard/wg0.conf \ && echo "ListenPort = 51820" >> /etc/wireguard/wg0.conf \
#&& echo "DNS = ${global_dns}" >> /etc/wireguard/wg0.conf \ #&& echo "DNS = ${global_dns}" >> /etc/wireguard/wg0.conf \

View File

@ -6,7 +6,7 @@ services:
environment: environment:
#- tz= # <--- Set container timezone, default: Europe/Amsterdam. #- tz= # <--- Set container timezone, default: Europe/Amsterdam.
#- global_dns= # <--- Set global DNS address, default: 1.1.1.1. #- global_dns= # <--- Set global DNS address, default: 1.1.1.1.
- enable_wg0=true # <--- If true, wg0 will be started on container startup. defaul: - enable_wg0=true # <--- If true, wg0 will be started on container startup. default: false.
- isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
#- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
ports: ports:

View File

@ -15,21 +15,26 @@ start_core() {
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
echo "Activating Python venv and executing the WireGuard Dashboard service." echo "Activating Python venv and executing the WireGuard Dashboard service."
. ${WGDASH}/venv/bin/activate . "${WGDASH}"/venv/bin/activate
cd ${WGDASH}/app/src cd "${WGDASH}"/app/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched.
bash wgd.sh start bash wgd.sh start
echo "${isolated_peers}" # The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface.
if [ "${isolated_peers,,}" == "false" ]; then if [ "${isolated_peers,,}" == "false" ]; then
echo "Isolated peers disabled, adjusting." echo "Isolated peers disabled, adjusting."
sed -i '/^.*FORWARD -i wg0 -o wg0 -j DROP.*$/s/^/#/' /etc/wireguard/wg0.conf sed -i '/PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf
elif [ "${isolated_peers,,}" == "true" ]; then sed -i '/PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf
elif [ "${isolated_peers,,}" == "true" ] && \
[ "$(grep -c "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf)" -lt 1 ] && \
[ "$(grep -c "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf)" -lt 1 ]; then
echo "Isolated peers enabled, adjusting." echo "Isolated peers enabled, adjusting."
sed -i 's/^#//' /etc/wireguard/wg0.conf sed -i '/PostUp = iptables -t nat -I POSTROUTING 1 -s/a PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf
sed -i '/PreDown = iptables -t nat -D POSTROUTING 1 -s/a PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf
fi fi
# The following section takes care of
if [ "${enable_wg0,,}" == "true" ]; then if [ "${enable_wg0,,}" == "true" ]; then
echo "Preference for wg0 to be turned on found." echo "Preference for wg0 to be turned on found."
@ -46,15 +51,15 @@ set_envvars() {
if [ "${tz}" != "$(cat /etc/timezone)" ]; then if [ "${tz}" != "$(cat /etc/timezone)" ]; then
echo "Changing timezone." echo "Changing timezone."
ln -sf /usr/share/zoneinfo/${tz} /etc/localtime ln -sf /usr/share/zoneinfo/"${tz}" /etc/localtime
echo ${tz} > /etc/timezone echo "${tz}" > /etc/timezone
fi fi
# Changing the DNS used for clients and the dashboard itself. # Changing the DNS used for clients and the dashboard itself.
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Changing default dns." echo "Changing default dns."
sed -i 's/^DNS = .*/DNS = ${global_dns}/' /etc/wireguard/wg0.conf #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level.
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguardashboard/app/src/wg-dashboard.ini sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguardashboard/app/src/wg-dashboard.ini
fi fi
@ -64,7 +69,7 @@ set_envvars() {
echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini
elif [ "${public_ip}" != $(grep "remote_endpoint = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}') ]; then elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Setting the Public-IP using given variable: ${public_ip}" echo "Setting the Public-IP using given variable: ${public_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini
@ -76,9 +81,9 @@ ensure_blocking() {
# This function checks if the latest error log is created and tails it for docker logs uses. # This function checks if the latest error log is created and tails it for docker logs uses.
if find "/opt/wireguardashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then if find "/opt/wireguardashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
latestlog=$(ls -t /opt/wireguardashboard/app/src/log/error_*.log | head -n 1) latestlog=$(find /opt/wireguardashboard/app/src/log -name "error_*.log" | head -n 1)
sleep 3s sleep 3s
tail -f ${latestlog} tail -f "${latestlog}"
fi fi
# Blocking command in case of erroring. So the container does not quit. # Blocking command in case of erroring. So the container does not quit.