1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-22 07:10:09 +01:00

For some reason, cloning the GitHub (which has been simplified) works from the Dockerfile directly.

But the wg0.conf file needs a re-copy on run-time. Working now.

Made code modifications and optimizations.

Please report bugs to me.
This commit is contained in:
Daan 2024-06-08 13:30:24 +02:00
parent bdeb4a4efe
commit 8824786fb4
3 changed files with 47 additions and 38 deletions

View File

@ -2,11 +2,7 @@
FROM debian:stable-slim FROM debian:stable-slim
LABEL maintainer="dselen@nerthus.nl" LABEL maintainer="dselen@nerthus.nl"
# Copy the basic entrypoint.sh script.
COPY entrypoint.sh /entrypoint.sh
# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
ARG dash_ver="v3.0.6.2"
ENV wg_net="10.0.0.1" ENV wg_net="10.0.0.1"
# wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing. # wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing.
@ -41,12 +37,12 @@ RUN apt-get update && apt-get upgrade -y \
# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
ENV WGDASH=/opt/wireguardashboard ENV WGDASH=/opt/wireguarddashboard
RUN python3 -m venv ${WGDASH}/venv RUN python3 -m venv ${WGDASH}/venv
# Doing WireGuard Dashboard installation measures. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
RUN . ${WGDASH}/venv/bin/activate \ RUN . ${WGDASH}/venv/bin/activate \
&& git clone -b ${dash_ver} https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \ && git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \
&& pip3 install -r ${WGDASH}/app/src/requirements.txt \ && pip3 install -r ${WGDASH}/app/src/requirements.txt \
&& chmod +x ${WGDASH}/app/src/wgd.sh \ && chmod +x ${WGDASH}/app/src/wgd.sh \
&& .${WGDASH}/app/src/wgd.sh install && .${WGDASH}/app/src/wgd.sh install
@ -58,21 +54,24 @@ VOLUME /etc/wireguard
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
SHELL ["/bin/bash", "-o", "pipefail", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
&& echo "[Interface]" > /etc/wireguard/wg0.conf \ && echo "[Interface]" > /wg0.conf \
&& echo "SaveConfig = true" >> /etc/wireguard/wg0.conf \ && echo "SaveConfig = true" >> /wg0.conf \
&& echo "Address = ${wg_net}/24" >> /etc/wireguard/wg0.conf \ && echo "Address = ${wg_net}/24" >> /wg0.conf \
&& echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /etc/wireguard/wg0.conf \ && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /wg0.conf \
&& echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \ && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /wg0.conf \
&& echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \ && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \
&& echo "PreDown = iptables -t nat -D POSTROUTING 1" >> /etc/wireguard/wg0.conf \ && echo "PreDown = iptables -t nat -D POSTROUTING 1" >> /wg0.conf \
&& echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \ && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \
&& echo "ListenPort = 51820" >> /etc/wireguard/wg0.conf \ && echo "ListenPort = 51820" >> /wg0.conf \
#&& echo "DNS = ${global_dns}" >> /etc/wireguard/wg0.conf \ #&& echo "DNS = ${global_dns}" >> /wg0.conf \
&& rm /etc/wireguard/wg0_privatekey && rm /etc/wireguard/wg0_privatekey
# Defining a way for Docker to check the health of the container. # Defining a way for Docker to check the health of the container.
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1
# Copy the basic entrypoint.sh script.
COPY entrypoint.sh /entrypoint.sh
# Exposing the default WireGuard Dashboard port for web access. # Exposing the default WireGuard Dashboard port for web access.
EXPOSE 10086 EXPOSE 10086
ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]

View File

@ -14,7 +14,7 @@ services:
- 51820:51820/udp - 51820:51820/udp
volumes: volumes:
- conf:/etc/wireguard - conf:/etc/wireguard
- app:/opt/wireguardashboard/app - app:/opt/wireguarddashboard/app
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN

View File

@ -2,17 +2,24 @@
echo "Starting the WireGuard Dashboard Docker container." echo "Starting the WireGuard Dashboard Docker container."
clean_up() { clean_up() {
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
echo "Looking for remains of previous instances..." echo "Looking for remains of previous instances..."
if [ -f "/opt/wireguardashboard/app/src/gunicorn.pid" ]; then if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then
echo "Found old .pid file, removing." echo "Found old .pid file, removing."
rm /opt/wireguardashboard/app/src/gunicorn.pid rm /opt/wireguarddashboard/app/src/gunicorn.pid
else else
echo "No remains found, continuing." echo "No remains found, continuing."
fi fi
} }
start_core() { start_core() {
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. if [ ! -f "/etc/wireguard/wg0.conf" ]; then
cp "/wg0.conf" "/etc/wireguard/wg0.conf"
echo "WireGuard interface file copied over."
else
echo "WireGuard interface file looks to already be existing."
fi
echo "Activating Python venv and executing the WireGuard Dashboard service." echo "Activating Python venv and executing the WireGuard Dashboard service."
. "${WGDASH}"/venv/bin/activate . "${WGDASH}"/venv/bin/activate
@ -20,22 +27,25 @@ start_core() {
bash wgd.sh start bash wgd.sh start
# The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface. # The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface.
if [ "${isolated_peers,,}" == "false" ]; then if [ "${isolated_peers,,}" = "false" ]; then
echo "Isolated peers disabled, adjusting." echo "Isolated peers disabled, adjusting."
sed -i '/PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf sed -i '/PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf
sed -i '/PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf sed -i '/PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf
elif [ "${isolated_peers,,}" == "true" ] && \ elif [ "${isolated_peers,,}" = "true" ]; then
[ "$(grep -c "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf)" -lt 1 ] && \ upblocking=$(grep -c "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf)
[ "$(grep -c "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf)" -lt 1 ]; then downblocking=$(grep -c "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf)
echo "Isolated peers enabled, adjusting." if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then
echo "Isolated peers enabled, adjusting."
sed -i '/PostUp = iptables -t nat -I POSTROUTING 1 -s/a PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf
sed -i '/PreDown = iptables -t nat -D POSTROUTING 1 -s/a PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf
fi
sed -i '/PostUp = iptables -t nat -I POSTROUTING 1 -s/a PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf
sed -i '/PreDown = iptables -t nat -D POSTROUTING 1 -s/a PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf
fi fi
# The following section takes care of # The following section takes care of
if [ "${enable_wg0,,}" == "true" ]; then if [ "${enable_wg0,,}" = "true" ]; then
echo "Preference for wg0 to be turned on found." echo "Preference for wg0 to be turned on found."
wg-quick up wg0 wg-quick up wg0
@ -56,23 +66,23 @@ set_envvars() {
fi fi
# Changing the DNS used for clients and the dashboard itself. # Changing the DNS used for clients and the dashboard itself.
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Changing default dns." echo "Changing default dns."
#sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level.
sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguardashboard/app/src/wg-dashboard.ini sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
fi fi
# Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me.
if [ "${public_ip}" == "0.0.0.0" ]; then if [ "${public_ip}" = "0.0.0.0" ]; then
default_ip=$(curl -s ifconfig.me) default_ip=$(curl -s ifconfig.me)
echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
echo "Setting the Public-IP using given variable: ${public_ip}" echo "Setting the Public-IP using given variable: ${public_ip}"
sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini
fi fi
} }
@ -81,9 +91,9 @@ ensure_blocking() {
echo "Ensuring container continuation." echo "Ensuring container continuation."
# This function checks if the latest error log is created and tails it for docker logs uses. # This function checks if the latest error log is created and tails it for docker logs uses.
if find "/opt/wireguardashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then if find "/opt/wireguarddashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
latestErrLog=$(find /opt/wireguardashboard/app/src/log -name "error_*.log" | head -n 1) latestErrLog=$(find /opt/wireguarddashboard/app/src/log -name "error_*.log" | head -n 1)
latestAccLog=$(find /opt/wireguardashboard/app/src/log -name "access_*.log" | head -n 1) latestAccLog=$(find /opt/wireguarddashboard/app/src/log -name "access_*.log" | head -n 1)
tail -f "${latestErrLog}" "${latestAccLog}" tail -f "${latestErrLog}" "${latestAccLog}"
fi fi