From 2a46c873b8d1753644b4daec040353d3300d8fa9 Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 27 Sep 2024 03:22:03 -0500 Subject: [PATCH 1/5] Removed Debian container --- docker/debian/Dockerfile | 69 ----------- docker/debian/compose.yaml | 23 ---- docker/debian/entrypoint.sh | 227 ------------------------------------ 3 files changed, 319 deletions(-) delete mode 100644 docker/debian/Dockerfile delete mode 100644 docker/debian/compose.yaml delete mode 100644 docker/debian/entrypoint.sh diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile deleted file mode 100644 index 7e4e46a..0000000 --- a/docker/debian/Dockerfile +++ /dev/null @@ -1,69 +0,0 @@ -# Pull from small Debian stable image. -FROM debian:stable-slim AS build -LABEL maintainer="dselen@nerthus.nl" - -# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ARG Git_Url="https://github.com/donaldzou/WGDashboard.git" -ARG wg_net="10.0.0.1" -ARG wg_port="51820" - -# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. -ENV TZ="Europe/Amsterdam" -ENV global_dns="1.1.1.1" -ENV enable="none" -ENV isolate="wg0" -ENV public_ip="0.0.0.0" -ENV update="yes" - -# Doing basic system maintenance. Change the timezone to the desired timezone. -RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime - -# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. -ENV WGDASH=/opt/wireguarddashboard - -# Doing package management operations, such as upgrading -RUN apt-get update && apt-get install -y --no-install-recommends \ - curl git \ - iptables python3 \ - wireguard wireguard-tools \ - sudo && \ - apt-get remove -y linux-image-* && \ - apt-get autoremove -y && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. - -# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ - && git clone ${Git_Url} /setup/app - -# Set the volume to be used for WireGuard configuration persistency. -VOLUME /etc/wireguard -VOLUME ${WGDASH} - -# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. -# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. -SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN echo "[Interface]" > /setup/conf/wg0.conf \ - && echo "Address = ${wg_net}/24" >> /setup/conf/wg0.conf \ - && echo "PrivateKey =" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "ListenPort = ${wg_port}" >> /setup/conf/wg0.conf \ - && echo "SaveConfig = true" >> /setup/conf/wg0.conf \ - && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf - -# Defining a way for Docker to check the health of the container. In this case: checking the login URL. -HEALTHCHECK --interval=2m --timeout=1m --start-period=20s --retries=3 \ - CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1 - - -# Copy the basic entrypoint.sh script. -COPY entrypoint.sh /entrypoint.sh - -# Exposing the default WireGuard Dashboard port for web access. -EXPOSE 10086 -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file diff --git a/docker/debian/compose.yaml b/docker/debian/compose.yaml deleted file mode 100644 index a921a23..0000000 --- a/docker/debian/compose.yaml +++ /dev/null @@ -1,23 +0,0 @@ -services: - wireguard-dashboard: - image: dselen/wgdashboard:dev - restart: unless-stopped - container_name: wgdashboard - environment: - #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. - - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. - ports: - - 10086:10086/tcp - - 51820:51820/udp - volumes: - - app:/opt/wireguarddashboard - - conf:/etc/wireguard - cap_add: - - NET_ADMIN - -volumes: - app: - conf: diff --git a/docker/debian/entrypoint.sh b/docker/debian/entrypoint.sh deleted file mode 100644 index 1ece541..0000000 --- a/docker/debian/entrypoint.sh +++ /dev/null @@ -1,227 +0,0 @@ -#!/bin/bash - -echo "------------------------- START ----------------------------" -echo "Starting the WireGuard Dashboard Docker container." - -ensure_installation() { - # When using a custom directory to store the files, this part moves over and makes sure the installation continues. - echo "Checking if everything is present." - - if [ -z "$(ls -A "${WGDASH}")" ]; then - echo "Detected empty directory, moving over..." - - mv /setup/app/{.[!.],}* "${WGDASH}" - python3 -m venv "${WGDASH}"/src/venv - . "${WGDASH}/src/venv/bin/activate" - chmod +x "${WGDASH}"/src/wgd.sh - cd "${WGDASH}"/src || exit - ./wgd.sh install - - echo "Looks like the installation succesfully moved over." - else - echo "Looks like everything is present." - fi - - # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. - if [ ! -f "/etc/wireguard/wg0.conf" ]; then - echo "Standard wg0 Configuration file not found, grabbing template." - cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" - - echo "Setting a secure private key." - - local privateKey - privateKey=$(wg genkey) - - sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf - sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf - echo "Done setting template." - else - echo "Existing wg0 configuration file found, using that." - fi -} - -# === CLEAN UP === -clean_up() { - printf "\n------------------------ CLEAN UP --------------------------\n" - - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. - echo "Looking for remains of previous instances..." - local pid_file="${WGDASH}/src/gunicorn.pid" - if [ -f "$pid_file" ]; then - echo "Found old pid file, removing." - rm $pid_file - else - echo "No pid remains found, continuing." - fi - - # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy - local pycache="${WGDASH}/src/__pycache__" - if [ -d "$pycache" ]; then - local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) - if [ "$pycache_filecount" -gt 0 ]; then - echo "Found old pycaches, removing." - rm -rf "$pycache"/* - else - echo "No pycaches found, continuing." - fi - else - echo "No pycaches found, continuing." - fi - - local logdir="${WGDASH}/src/log" - echo "Cleaning log directory." - find /opt/wireguarddashboard/src/log -name 'access_*.log' -exec rm {} + - find /opt/wireguarddashboard/src/log -name 'error_*.log' -exec rm {} + - echo "Removed unneeded logs!" -} - -#update_checker() { - #if [ "$update" = "yes" ]; then - # echo "Activating Python venv and executing the WireGuard Dashboard service." - # . "${WGDASH}/src/venv/bin/activate" - # cd "${WGDASH}"/src || exit - # bash wgd.sh update - #else - # echo "Auto Updater disabled" - #fi -#} - -# === SET ENV VARS === -set_envvars() { - printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" - - # Changing the DNS used for clients and the dashboard itself. - if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Changing default dns." - - #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. - sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini - else - echo "DNS is set correctly." - fi - - # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. - if [ "${public_ip}" = "0.0.0.0" ]; then - default_ip=$(curl -s ifconfig.me) - echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" - - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini - elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Setting the Public-IP using given variable: ${public_ip}" - - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini - fi -} - -# === CORE SERVICES === -start_core() { - printf "\n---------------------- STARTING CORE -----------------------\n" - - echo "Activating Python venv and executing the WireGuard Dashboard service." - . "${WGDASH}"/src/venv/bin/activate - cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. - bash wgd.sh start - - # Isolated peers feature, first converting the existing configuration files and the given names to arrays. - local configurations=(/etc/wireguard/*) - IFS=',' read -r -a do_isolate <<< "${isolate}" - non_isolate=() - - # Checking if there are matches between the two arrays. - for config in "${configurations[@]}"; do - local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') - found=false - for interface in "${do_isolate[@]}"; do - if [[ "$config" == "$interface" ]]; then - found=true - break - fi - done - if [ "$found" = false ]; then - non_isolate+=("$config") - fi - done - - # Isolating the matches. - for interface in "${do_isolate[@]}"; do - if [ "$interface" = "none" ]; then - echo "Found: $interface, stopping isolation checking." - break - else - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Isolating interface:" $interface - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - - if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - fi - else - echo "Configuration for $interface does not seem to exist, continuing." - fi - fi - done - - # Removing isolation for the configurations that did not match. - for interface in "${non_isolate[@]}"; do - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Removing Isolation if present for:" $interface - sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - else - echo "Configuration for $interface does not seem to exist, continuing." - fi - done - - # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. - IFS=',' read -r -a enable_array <<< "${enable}" - - for interface in "${enable_array[@]}"; do - if [ "$interface" = "none" ]; then - echo "Found: $interface, stopping enabling checking." - break - else - echo "Enabling interface:" $interface - - local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) - if [ $fileperms -eq 644 ]; then - echo "Configuration is world accessible, adjusting." - chmod 600 "/etc/wireguard/${interface}.conf" - fi - - if [ -f "/etc/wireguard/${interface}.conf" ]; then - wg-quick up $interface - else - echo "No corresponding configuration file found for $interface doing nothing." - fi - fi - done -} - -# === CLEAN UP === -ensure_blocking() { - printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" - - sleep 1s - echo "Ensuring container continuation." - - # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) - - tail -f "${latestErrLog}" "${latestAccLog}" - fi - - # Blocking command in case of erroring. So the container does not quit. - sleep infinity -} - -# Execute functions for the WireGuard Dashboard services, then set the environment variables -ensure_installation -clean_up -#update_checker -start_core -set_envvars -ensure_blocking \ No newline at end of file From dd38809866e43429abd73bc545c1aa1191eeb4c1 Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 07:45:24 -0500 Subject: [PATCH 2/5] Rebase --- docker/alpine/Dockerfile => Dockerfile | 30 +++++++++++--------- docker/{alpine => }/compose.yaml | 2 +- docker/alpine/entrypoint.sh => entrypoint.sh | 3 +- 3 files changed, 19 insertions(+), 16 deletions(-) rename docker/alpine/Dockerfile => Dockerfile (65%) rename docker/{alpine => }/compose.yaml (97%) rename docker/alpine/entrypoint.sh => entrypoint.sh (99%) diff --git a/docker/alpine/Dockerfile b/Dockerfile similarity index 65% rename from docker/alpine/Dockerfile rename to Dockerfile index 73c893e..dd204c4 100644 --- a/docker/alpine/Dockerfile +++ b/Dockerfile @@ -3,7 +3,6 @@ FROM alpine:latest AS build LABEL maintainer="dselen@nerthus.nl" # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ARG Git_Url="https://github.com/DaanSelen/WGDashboard.git" ARG wg_net="10.0.0.1" ARG wg_port="51820" @@ -17,7 +16,7 @@ ENV public_ip="0.0.0.0" # Doing package management operations, such as upgrading RUN apk update \ && apk add --no-cache bash git tzdata \ - iptables ip6tables curl openrc wireguard-tools \ + iptables ip6tables openrc curl wireguard-tools \ sudo py3-psutil py3-bcrypt # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. @@ -26,8 +25,8 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ - && git clone ${Git_Url} /setup/app +RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} +COPY ./src /setup/app/src #COPY src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. @@ -37,16 +36,19 @@ VOLUME ${WGDASH} # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN echo "[Interface]" > /setup/conf/wg0.conf \ - && echo "Address = ${wg_net}/24" >> /setup/conf/wg0.conf \ - && echo "PrivateKey =" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "ListenPort = ${wg_port}" >> /setup/conf/wg0.conf \ - && echo "SaveConfig = true" >> /setup/conf/wg0.conf \ - && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf +RUN out_adapt=$(ip -o -4 route show to default | awk '{print $NF}') \ + && echo -e "[Interface]\n\ +Address = ${wg_net}/24\n\ +PrivateKey =\n\ +PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP\n\ +PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ +ListenPort = ${wg_port}\n\ +SaveConfig = true\n\ +DNS = ${global_dns}" > /setup/conf/wg0.conf + + # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ diff --git a/docker/alpine/compose.yaml b/docker/compose.yaml similarity index 97% rename from docker/alpine/compose.yaml rename to docker/compose.yaml index 341fa27..16c812b 100644 --- a/docker/alpine/compose.yaml +++ b/docker/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: dselen:alpine + image: test:latest restart: unless-stopped container_name: wgdashboard environment: diff --git a/docker/alpine/entrypoint.sh b/entrypoint.sh similarity index 99% rename from docker/alpine/entrypoint.sh rename to entrypoint.sh index 20c2711..7f42b52 100644 --- a/docker/alpine/entrypoint.sh +++ b/entrypoint.sh @@ -11,7 +11,8 @@ ensure_installation() { echo "Detected empty directory, moving over..." mv /setup/app/* "${WGDASH}" - mv /setup/app/.* "${WGDASH}" + #mv /setup/app/.* "${WGDASH}" + python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" From d4819b13eb383b4856e50a9bbcd82cc10b77e485 Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 08:11:21 -0500 Subject: [PATCH 3/5] working tests --- Dockerfile | 8 ++------ entrypoint.sh | 4 ++-- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index d8e725b..e74f075 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,3 @@ -# Pull from small Debian stable image. FROM alpine:latest AS build LABEL maintainer="dselen@nerthus.nl" @@ -27,7 +26,6 @@ ENV WGDASH=/opt/wireguarddashboard # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} COPY ./src /setup/app/src -#COPY src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. VOLUME /etc/wireguard @@ -46,15 +44,13 @@ PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQ PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ ListenPort = ${wg_port}\n\ SaveConfig = true\n\ -DNS = ${global_dns}" > /setup/conf/wg0.conf - - +DNS = ${global_dns}" > /setup/conf/wg0.conf \ + && chmod 600 /setup/conf/wg0.conf # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 - # Copy the basic entrypoint.sh script. COPY entrypoint.sh /entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index 7f42b52..e9e6afa 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -31,8 +31,8 @@ ensure_installation() { # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. if [ ! -f "/etc/wireguard/wg0.conf" ]; then - echo "Standard wg0 Configuration file not found, grabbing template." - cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" + echo "Standard wg0 Configuration file not found, grabbing template. And adjusting permissions." + cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." From 0c5033ff79d9d031138b5997cc592021de95b87c Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 08:23:17 -0500 Subject: [PATCH 4/5] fixed issues with commits --- docker/README.md | 2 -- docker/alpine/builder.sh | 43 ---------------------------------- docker/alpine/requirements.txt | 2 -- entrypoint.sh | 2 +- src/entrypoint.sh | 34 --------------------------- src/iptable-rules/postdown.sh | 13 ---------- src/iptable-rules/postup.sh | 26 -------------------- src/wgd.sh | 33 -------------------------- 8 files changed, 1 insertion(+), 154 deletions(-) delete mode 100644 docker/alpine/builder.sh delete mode 100644 docker/alpine/requirements.txt delete mode 100644 src/entrypoint.sh delete mode 100644 src/iptable-rules/postdown.sh delete mode 100644 src/iptable-rules/postup.sh diff --git a/docker/README.md b/docker/README.md index e31933e..2160e7e 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,5 +1,4 @@ # WGDashboard Docker Explanation: - Author: DaanSelen
This document delves into how the WGDashboard Docker container has been built.
@@ -100,7 +99,6 @@ dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB ## Closing remarks: -Excuse the large image size, whoops! Debian's big... sometimes.
For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. ## In Progress: diff --git a/docker/alpine/builder.sh b/docker/alpine/builder.sh deleted file mode 100644 index 5511413..0000000 --- a/docker/alpine/builder.sh +++ /dev/null @@ -1,43 +0,0 @@ -venv_python="./venv/bin/python3" -venv_gunicorn="./venv/bin/gunicorn" -pythonExecutable="python3" - - -_check_and_set_venv(){ - VIRTUAL_ENV="./venv" - if [ ! -d $VIRTUAL_ENV ]; then - printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n" - { $pythonExecutable -m venv $VIRTUAL_ENV; } >> ./log/install.txt - fi - - if ! $venv_python --version > /dev/null 2>&1 - then - printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark" - kill $TOP_PID - fi - - source ${VIRTUAL_ENV}/bin/activate - -} - -build_core () { - if [ ! -d "log" ] - then - printf "[WGDashboard] Creating ./log folder\n" - mkdir "log" - fi - - - apk add --no-cache python3 net-tools python3-dev py3-virtualenv - _check_and_set_venv - printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" - { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt - printf "[WGDashboard] Building Bcrypt & Psutil\n" - { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt - printf "[WGDashboard] Build Successfull!\n" - printf "[WGDashboard] Clean Up Pip!\n" - { date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt - -} - -build_core diff --git a/docker/alpine/requirements.txt b/docker/alpine/requirements.txt deleted file mode 100644 index 074ed2f..0000000 --- a/docker/alpine/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -bcrypt -psutil diff --git a/entrypoint.sh b/entrypoint.sh index e9e6afa..bf5e20c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -31,7 +31,7 @@ ensure_installation() { # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. if [ ! -f "/etc/wireguard/wg0.conf" ]; then - echo "Standard wg0 Configuration file not found, grabbing template. And adjusting permissions." + echo "Standard wg0 Configuration file not found, grabbing template." cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." diff --git a/src/entrypoint.sh b/src/entrypoint.sh deleted file mode 100644 index c8056f2..0000000 --- a/src/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -echo "Starting the WireGuard Dashboard Docker container." - -clean_up() { - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. - echo "Looking for remains of previous instances..." - if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then - echo "Found old .pid file, removing." - rm /opt/wireguarddashboard/app/src/gunicorn.pid - else - echo "No remains found, continuing." - fi -} -ensure_blocking() { - sleep 1s - echo "Ensuring container continuation." - - # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) - tail -f "${latestErrLog}" "${latestAccLog}" - fi - - # Blocking command in case of erroring. So the container does not quit. - sleep infinity -} - -{ date; clean_up; printf "\n\n"; } >> ./log/install.txt - -chmod u+x /opt/wireguarddashboard/src/wgd.sh -/opt/wireguarddashboard/src/wgd.sh install -/opt/wireguarddashboard/src/wgd.sh docker_start -ensure_blocking diff --git a/src/iptable-rules/postdown.sh b/src/iptable-rules/postdown.sh deleted file mode 100644 index 962772a..0000000 --- a/src/iptable-rules/postdown.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -WIREGUARD_INTERFACE=ADMINS -WIREGUARD_LAN=10.0.0.1/24 -MASQUERADE_INTERFACE=eth0 - -CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE" - -iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN - -# Remove and delete the WIREGUARD_wg0 chain -iptables -D FORWARD -j $CHAIN_NAME -iptables -F $CHAIN_NAME -iptables -X $CHAIN_NAME \ No newline at end of file diff --git a/src/iptable-rules/postup.sh b/src/iptable-rules/postup.sh deleted file mode 100644 index 0fc8b87..0000000 --- a/src/iptable-rules/postup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -WIREGUARD_INTERFACE=ADMINS -WIREGUARD_LAN=10.0.0.1/24 -MASQUERADE_INTERFACE=eth0 - -iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN - -# Add a WIREGUARD_wg0 chain to the FORWARD chain -CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE" -iptables -N $CHAIN_NAME -iptables -A FORWARD -j $CHAIN_NAME - -# Accept related or established traffic -iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -# Accept traffic from any Wireguard IP address connected to the Wireguard server -iptables -A $CHAIN_NAME -s $WIREGUARD_LAN -i $WIREGUARD_INTERFACE -j ACCEPT - -# Allow traffic to the local loopback interface -iptables -A $CHAIN_NAME -o lo -j ACCEPT - -# Drop everything else coming through the Wireguard interface -iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP - -# Return to FORWARD chain -iptables -A $CHAIN_NAME -j RETURN \ No newline at end of file diff --git a/src/wgd.sh b/src/wgd.sh index d080e70..8e4db79 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -341,22 +341,7 @@ stop_wgd() { fi } -startwgd_docker() { - _checkWireguard - printf "[WGDashboard][Docker] WireGuard configuration started\n" - { date; start_core ; printf "\n\n"; } >> ./log/install.txt - gunicorn_start -} - start_core() { - local iptable_dir="/opt/wireguarddashboard/src/iptable-rules" - # Check if wg0.conf exists in /etc/wireguard - if [[ ! -f /etc/wireguard/wg0.conf ]]; then - echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration." - newconf_wgd - else - echo "[WGDashboard][Docker] wg0.conf already exists. Skipping WireGuard configuration generation." - fi # Re-assign config_files to ensure it includes any newly created configurations local config_files=$(find /etc/wireguard -type f -name "*.conf") @@ -371,24 +356,6 @@ start_core() { done } - - -newconf_wgd() { - local wg_port_listen=$wg_port - local wg_addr_range=$wg_net - private_key=$(wg genkey) - public_key=$(echo "$private_key" | wg pubkey) - cat <"/etc/wireguard/wg0.conf" -[Interface] -PrivateKey = $private_key -Address = $wg_addr_range -ListenPort = $wg_port_listen -SaveConfig = true -PostUp = /opt/wireguarddashboard/src/iptable-rules/postup.sh -PreDown = /opt/wireguarddashboard/src/iptable-rules/postdown.sh -EOF -} - start_wgd_debug() { printf "%s\n" "$dashes" _checkWireguard From 145d12b2c8160277d486930d1831d19b619dea7f Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 08:26:30 -0500 Subject: [PATCH 5/5] Added minor changes and deletions. --- compose.yaml | 26 -------------------------- docker/compose.yaml | 2 +- 2 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 compose.yaml diff --git a/compose.yaml b/compose.yaml deleted file mode 100644 index a75ef45..0000000 --- a/compose.yaml +++ /dev/null @@ -1,26 +0,0 @@ -services: - - wireguard-dashboard: - build: ./ - container_name: wiregate - cap_add: - - NET_ADMIN - - SYS_MODULE - restart: unless-stopped - environment: - - wg_net=10.0.0.1/24 - - wg_port=51820 - volumes: - - wgd_configs:/etc/wireguard - - wgd_app:/opt/wireguarddashboard/src - ports: - - 10086:10086/tcp - - 51820:51820/udp - sysctls: - - net.ipv4.ip_forward=1 - - net.ipv4.conf.all.src_valid_mark=1 - - -volumes: - wgd_configs: - wgd_app: \ No newline at end of file diff --git a/docker/compose.yaml b/docker/compose.yaml index 16c812b..68e7efc 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -12,7 +12,7 @@ services: ports: - 10086:10086/tcp - 51820:51820/udp - volumes: + volumes: # Can be customized to only the /opt/wireguarddashboard/src/db folder with the /opt/wireguarddashboard/src/wg-dashboard.ini file. - ./app:/opt/wireguarddashboard - ./conf:/etc/wireguard cap_add: