diff --git a/docker/Dockerfile b/docker/Dockerfile index 9441739..4b98e20 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -6,28 +6,31 @@ LABEL maintainer="dselen@nerthus.nl" COPY entrypoint.sh /entrypoint.sh # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ENV tz=Europe/Amsterdam -ENV public_ip=0.0.0.0 -ENV wg_net=10.0.0.1 -ENV global_dns=1.1.1.1 +ARG dash_ver="v3.0.6.2" + +ENV tz="Europe/Amsterdam" +ENV public_ip="0.0.0.0" +ENV wg_net="10.0.0.1" +ENV global_dns="1.1.1.1" +ENV enable_wg0="false" # Doing basic system maintenance. Change the timezone to the desired timezone. RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime \ && apt-get update \ - && apt-get upgrade -y \ - && apt-get purge linux-image* -y \ - && apt-get autoremove -y + && apt-get upgrade -y # Removing the linux-image package to preserve space on the container. # Installing needed packages for installation. -RUN apt-get install -y --no-install-recommends git wireguard wireguard-tools python3 python3-pip python3-venv iproute2 openresolv procps iptables curl iputils-ping traceroute +RUN apt-get install -y --no-install-recommends git wireguard wireguard-tools python3 python3-pip python3-venv iproute2 openresolv procps iptables curl iputils-ping traceroute \ + && apt remove linux-image-* --autoremove -y \ + && apt-get clean ENV WGDASH=/opt/wireguardashboard RUN python3 -m venv ${WGDASH}/venv # Doing WireGuard Dashboard installation measures. RUN . ${WGDASH}/venv/bin/activate \ - && git clone -b v3.0.6.2 https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \ + && git clone -b ${dash_ver} https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \ && pip3 install -r ${WGDASH}/app/src/requirements.txt \ && chmod +x ${WGDASH}/app/src/wgd.sh \ && .${WGDASH}/app/src/wgd.sh install @@ -44,7 +47,7 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \ && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \ && echo "ListenPort = 51820" >> /etc/wireguard/wg0.conf \ - && echo "DNS = ${global_dns}" >> /etc/wireguard/wg0.conf \ + #&& echo "DNS = ${global_dns}" >> /etc/wireguard/wg0.conf \ && rm /etc/wireguard/wg0_privatekey # Exposing the default WireGuard Dashboard port for web access. diff --git a/docker/compose.yaml b/docker/compose.yaml index 6fb6d68..733d755 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,12 +1,13 @@ services: wireguard-dashboard: - image: repo.nerthus.nl/app/wireguard-dashboard:latest + image: repo.nerthus.nl/app/wireguard-dashboard:05-06-2024 restart: unless-stopped container_name: wire-dash environment: - #- global_dns=8.8.8.8 # <--- 1.1.1.1 is default - #- tz=Europe/Amsterdam # <--- Europe/Amsterdam is default - - public_ip=212.124.66.17 + #- tz= # <--- Set container timezone, default: Europe/Amsterdam. + #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. + #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. + - enable_wg0=true # <--- If set to true, it will try to enable the wg0 (main) interface on startup, to immediatly accept connections. When true, there will be no need to manually start the interface. ports: - 10086:10086/tcp - 51820:51820/udp @@ -18,4 +19,4 @@ services: volumes: wireguard_confs: - wireguard_app: \ No newline at end of file + wireguard_app: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index f1ef204..c2a9614 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,61 +1,80 @@ #!/bin/bash -echo "\nStarting the WireGuard Dashboard Docker container." +echo "Starting the WireGuard Dashboard Docker container." -# Execute functions for the WireGuard Dashboard services, then set the environment variables -start_core -set_envvars -ensure_blocking +clean_up() { + echo "Looking for remains of previous instances..." + if [ -f "/opt/wireguardashboard/app/src/gunicorn.pid" ]; then + echo "Found old .pid file, removing." + rm /opt/wireguardashboard/app/src/gunicorn.pid + else + echo "No remains found, continuing." + fi +} start_core() { # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. - echo "Activating Python venv and executing the WireGuard Dashboard service..." + echo "Activating Python venv and executing the WireGuard Dashboard service." - rm /opt/wireguardashboard/app/src/gunicorn.pid . ${WGDASH}/venv/bin/activate - bash ${WGDASH}/app/src/wgd.sh start + cd ${WGDASH}/app/src + bash wgd.sh start + + if [ "${enable_wg0,,}" == "true" ]; then + echo "Preference for wg0 to be turned on found." + wg-quick up wg0 + else + echo "Preference for wg0 to be turned off found." + fi } set_envvars() { - echo "Setting relevant variables for operation..." + echo "Setting relevant variables for operation." # If the timezone is different, for example in North-America or Asia. - if [ "$tz" != "Europe/Amsterdam" ]; then - echo "Changing timezone..." + if [ "${tz}" != "$(cat /etc/timezone)" ]; then + echo "Changing timezone." - ln -sf /usr/share/zoneinfo/$tz /etc/localtime + ln -sf /usr/share/zoneinfo/${tz} /etc/localtime + echo ${tz} > /etc/timezone fi # Changing the DNS used for clients and the dashboard itself. - if [ "$global_dns" != "1.1.1.1" ]; then - echo "Changing default dns..." + if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then + echo "Changing default dns." sed -i 's/^DNS = .*/DNS = ${global_dns}/' /etc/wireguard/wg0.conf - sed -i "s/^peer_global_dns = .*/peer_global_dns = $global_dns/" /opt/wireguardashboard/app/src/wg-dashboard.ini + sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguardashboard/app/src/wg-dashboard.ini fi # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. - if [ "$public_ip" != "0.0.0.0" ]; then - echo "Setting the Public-IP using given variable: $public_ip" + if [ "${public_ip}" == "0.0.0.0" ]; then + default_ip=$(curl -s ifconfig.me) + echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" - sed -i "s/^remote_endpoint = .*/remote_endpoint = $public_ip/" /opt/wireguardashboard/app/src/wg-dashboard.ini - else - default_ip=$(curl ifconfig.me) - echo "Trying to fetch the Public-IP using ifconfig.me: $default_ip" + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini + elif [ "${public_ip}" != $(grep "remote_endpoint = " /opt/wireguardashboard/app/src/wg-dashboard.ini | awk '{print $NF}') ]; then + echo "Setting the Public-IP using given variable: ${public_ip}" - sed -i "s/^remote_endpoint = .*/remote_endpoint = $default_ip/" /opt/wireguardashboard/app/src/wg-dashboard.ini + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguardashboard/app/src/wg-dashboard.ini fi } ensure_blocking() { - echo "Ensuring container continuation..." - + echo "Ensuring container continuation." + # This function checks if the latest error log is created and tails it for docker logs uses. if find "/opt/wireguardashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then latestlog=$(ls -t /opt/wireguardashboard/app/src/log/error_*.log | head -n 1) sleep 3s - tail -f $latestlog + tail -f ${latestlog} fi # Blocking command in case of erroring. So the container does not quit. sleep infinity -} \ No newline at end of file +} + +# Execute functions for the WireGuard Dashboard services, then set the environment variables +clean_up +start_core +set_envvars +ensure_blocking \ No newline at end of file