mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2024-11-22 07:10:09 +01:00
Merge branch 'main' into main
This commit is contained in:
commit
9dd9be3b8c
56
.github/workflows/main.yml
vendored
Normal file
56
.github/workflows/main.yml
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
name: Docker Image Build and Analysis
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
|
||||
workflow_dispatch: # Manual run trigger
|
||||
inputs:
|
||||
trigger-build:
|
||||
description: 'Trigger a manual build and push'
|
||||
default: 'true'
|
||||
|
||||
jobs:
|
||||
build-and-analyze:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Build Docker image
|
||||
id: build-image
|
||||
run: |
|
||||
echo "Building Docker image..."
|
||||
docker build -t my-app-image:latest .
|
||||
echo "Docker image built successfully."
|
||||
|
||||
- name: Install Docker Scout
|
||||
run: |
|
||||
echo "Installing Docker Scout..."
|
||||
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
||||
echo "Docker Scout installed successfully."
|
||||
|
||||
- name: Analyze Docker image with Docker Scout
|
||||
id: analyze-image
|
||||
run: |
|
||||
echo "Analyzing Docker image with Docker Scout..."
|
||||
docker scout cves my-app-image:latest > scout-results.txt
|
||||
cat scout-results.txt # Print the report to the workflow logs for easy viewing
|
||||
echo "Docker Scout analysis completed."
|
||||
|
||||
- name: Post Comment on Issue or PR
|
||||
run: |
|
||||
COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
|
||||
|
||||
# Post comment using GitHub API
|
||||
curl -X POST \
|
||||
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
||||
-H "Accept: application/vnd.github.v3+json" \
|
||||
-d "{\"body\": \"$COMMENT\"}" \
|
||||
"https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number
|
556
README.md
556
README.md
@ -1,5 +1,5 @@
|
||||
> [!WARNING]
|
||||
> For users who installed the Docker solution under `./docker`, please view this important message: https://github.com/donaldzou/WGDashboard/issues/333
|
||||
> [!NOTE]
|
||||
> **Help Wanted 🎉**: Localizing WGDashboard to other languages! If you're willing to help, please visit https://github.com/donaldzou/WGDashboard/issues/397. Many thanks!
|
||||
<hr>
|
||||
|
||||
<p align="center">
|
||||
@ -21,550 +21,18 @@
|
||||
<a href="https://wakatime.com/badge/github/donaldzou/WGDashboard"><img src="https://wakatime.com/badge/github/donaldzou/WGDashboard.svg" alt="wakatime"></a>
|
||||
<a href="https://hits.seeyoufarm.com"><img src="https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fdonaldzou%2FWGDashboard&count_bg=%2379C83D&title_bg=%23555555&icon=github.svg&icon_color=%23E7E7E7&title=Visitor&edge_flat=false"/></a>
|
||||
</p>
|
||||
<p align="center">Monitoring WireGuard is not convenient, need to remote access to server and type <code>wg show</code>. That's why this project is being created, to view all configurations and manage them in a easy way.</p>
|
||||
<p align="center">With all these awesome features, while keeping it <b>simple</b>, <b>easy to install and use</b></p>
|
||||
<p align="center">Monitoring WireGuard is not convenient, in most case, you'll need to login to your server and type <code>wg show</code>. That's why this project is being created, to view and manage all WireGuard configurations in a easy way.</p>
|
||||
<p align="center">With all these awesome features, while keeping it <b>easy to install and use</b></p>
|
||||
|
||||
<p align="center"><b><i>This project is not affiliate to the official WireGuard Project</i></b></p>
|
||||
|
||||
## 📣 What's New: v4.0
|
||||
|
||||
### 🎉 New Features
|
||||
|
||||
- **Updated dashboard design**: Re-designed some of the section with more modern style and layout, the UI is faster and more responsive, it also uses less memory. But overall is still the same dashboard you're familiarized.
|
||||
- **Docker Solution**: We now have 2 docker solutions! Thanks to @DaanSelen & @shuricksumy for providing them. For more information, please see the [Docker](#-docker-solutions) section below.
|
||||
- **Peer Job Scheduler**: Now you can schedule jobs for each peer to either **restrict** or **delete** the peer if the peer's total / upload / download data usage exceeded a limit, or you can set a specific datetime to restrict or delete the peer.
|
||||
- **Share Peer's QR Code with Public Link**: You can share a peer's QR code and `.conf` file without the need to loging in.
|
||||
- **WGDashboard's REST API**: You can now request all the api endpoint used in the dashboard. For more details please review the [API Documentation](./docs/api-documents.md).
|
||||
- **Logging**: Dashboard will now log all activity on the dashboard and API requests.
|
||||
- **Time-Based One-Time Password (TOTP)**: You can enable this function to add one more layer of security, and generate the TOTP with your choice of authenticator.
|
||||
- **Designs**
|
||||
- **Real-time Graphs**: You can view real-time data changes with graphs in each configuration.
|
||||
- **Night mode**: You know what that means, it avoids bugs ;)
|
||||
- **Enforce Python Virtual Environment**: I noticed newer Python version (3.12) does not allow to install packages globally, and plus I think is a good idea to use venv.
|
||||
|
||||
### 🧐 Other Changes
|
||||
- **Deprecated jQuery from the project, and migrated and rewrote the whole front-end with Vue.js. This allows the dashboard is future proofed, and potential cross server access with a desktop app.**
|
||||
- Rewrote the backend into a REST API structure
|
||||
- Improved SQL query efficient
|
||||
- Removed all templates, except for `index.html` where it will load the Vue.js app.
|
||||
- Parsing names in `.conf`
|
||||
- Minimized the need to read `.conf`, only when any `.conf` is modified
|
||||
|
||||
### 🥘 New Experimental Features
|
||||
- **Cross-Server Access**: Now you can access other servers that installed `v4` of WGDashboard through API key.
|
||||
- **Desktop App**: Thanks to **Cross-Server Access**, you can now download an ElectronJS based desktop app of WGDashboard, and use that to access WGDashboard on different servers.
|
||||
- > For more information, please scroll down to [🥘 Experimental Functions](#-experimental-functions)
|
||||
|
||||
> I can't thank enough for all of you who wait for this release, and for those who are new to this project, welcome :)
|
||||
> Also, huge thanks to who contributed to this major release:
|
||||
> @bolgovrussia, @eduardorosabales, @Profik, @airgapper, @tokon2000, @bkeenke, @kontorskiy777, @bugsse, @Johnnykson, @DaanSelen, @shuricksumy and many others!
|
||||
|
||||
<hr>
|
||||
|
||||
## 📋 Table of Content
|
||||
|
||||
<!-- TOC -->
|
||||
* [📣 What's New: v4.0](#-whats-new-v40)
|
||||
* [🎉 New Features](#-new-features)
|
||||
* [🧐 Other Changes](#-other-changes)
|
||||
* [🥘 New Experimental Features](#-new-experimental-features)
|
||||
* [📋 Table of Content](#-table-of-content)
|
||||
* [💡 Features](#-features)
|
||||
* [📝 Requirements](#-requirements)
|
||||
* [Supported Operating Systems](#supported-operating-systems)
|
||||
* [Existing WireGuard Configurations](#existing-wireguard-configurations)
|
||||
* [🛠 Install](#-install)
|
||||
* [Install Commands](#install-commands)
|
||||
* [Ubuntu 20.04 LTS](#ubuntu-2004-lts)
|
||||
* [Ubuntu 22.04 LTS & Ubuntu 24.02 LTS](#ubuntu-2204-lts--ubuntu-2402-lts)
|
||||
* [Debian 12.6](#debian-126)
|
||||
* [Debian 11.10](#debian-1110)
|
||||
* [Red Hat Enterprise Linux 9.4 & CentOS 9-Stream](#red-hat-enterprise-linux-94--centos-9-stream)
|
||||
* [Fedora 40 & Fedora 39 & Fedora 38](#fedora-40--fedora-39--fedora-38)
|
||||
* [Manual Installation](#manual-installation)
|
||||
* [🪜 Usage](#-usage)
|
||||
* [Start/Stop/Restart WGDashboard](#startstoprestart-wgdashboard)
|
||||
* [Autostart WGDashboard on boot (>= v2.2)](#autostart-wgdashboard-on-boot--v22)
|
||||
* [✂️ Dashboard Configuration](#-dashboard-configuration)
|
||||
* [Dashboard Configuration file](#dashboard-configuration-file)
|
||||
* [Generating QR code and peer configuration file (.conf)](#generating-qr-code-and-peer-configuration-file-conf)
|
||||
* [❓ How to update the dashboard?](#-how-to-update-the-dashboard)
|
||||
* [**Please note for users who are using `v3 - v3.0.6` want to update to `v4.0`**](#please-note-for-users-who-are-using-v3---v306-want-to-update-to-v40)
|
||||
* [**Please note for users who are using `v2.3.1` or below**](#please-note-for-users-who-are-using-v231-or-below)
|
||||
* [🐬 Docker Solutions](#-docker-solutions)
|
||||
* [Solution 1 from @DaanSelen](#solution-1-from-daanselen)
|
||||
* [Solution 2 from @shuricksumy](#solution-2-from-shuricksumy)
|
||||
* [📖 WGDashboard REST API Documentation & How to use API Key](#-wgdashboard-rest-api-documentation--how-to-use-api-key)
|
||||
* [🥘 Experimental Features](#-experimental-features)
|
||||
* [Cross-Server Access](#cross-server-access)
|
||||
* [Desktop App](#desktop-app)
|
||||
* [🔍 Screenshot](#-screenshot)
|
||||
* [🕰️ Changelogs](#-changelogs)
|
||||
<!-- TOC -->
|
||||
|
||||
## 💡 Features
|
||||
|
||||
- Automatically look for existing WireGuard configuration under `/etc/wireguard`
|
||||
- Easy to use interface, provided credential and TOTP protection to the dashboard
|
||||
- Manage peers and configuration
|
||||
- Add Peers or by bulk with auto-generated information
|
||||
- Edit peer information
|
||||
- Delete peers with ease
|
||||
- Restrict peers
|
||||
- Generate QR Code and `.conf` file for peers, share it through a public link
|
||||
- Schedule jobs to delete / restrict peer when conditions are met
|
||||
- View real time peer status
|
||||
- Testing tool: Ping and Traceroute to your peer
|
||||
|
||||
|
||||
## 📝 Requirements
|
||||
|
||||
1. Supported operating systems. Please view the list below.
|
||||
2. WireGuard & WireGuard-Tools (`wg-quick`)
|
||||
3. Python 3.10 / 3.11 / 3.12
|
||||
4. `git`, `net-tools`, `sudo` (_This should only apply to RHEL 9 & 8, interestingly it doesn't have it preinstalled)_
|
||||
|
||||
### Supported Operating Systems
|
||||
> [!NOTE]
|
||||
> All operating systems below are tested by myself. All are ARM64 ran in UTM Virtual Machine.
|
||||
|
||||
| Ubuntu | Debian | Red Hat Enterprise Linux | CentOS | Fedora |
|
||||
|-----------|--------|--------------------------|----------|--------|
|
||||
| 24.02 LTS | 12.6 | 9.4 | 9-Stream | 40 |
|
||||
| 22.04 LTS | 11.10 | | | 39 |
|
||||
| 20.04 LTS | | | | 38 |
|
||||
|
||||
> [!TIP]
|
||||
> If you installed WGDashboard on other systems without any issues, please let me know. Thank you!
|
||||
|
||||
### Existing WireGuard Configurations
|
||||
|
||||
> [!NOTE]
|
||||
> This only applies to existing WireGuard Configuration under `/etc/wireguard`
|
||||
|
||||
```ini
|
||||
[Interface]
|
||||
...
|
||||
SaveConfig = true
|
||||
# Need to include this line to allow WireGuard Tool to save your configuration,
|
||||
# or if you just want it to monitor your WireGuard Interface and don't need to
|
||||
# make any changes with the dashboard, you can set it to false.
|
||||
|
||||
[Peer]
|
||||
#Name# = Donald's iPhone
|
||||
PublicKey = abcd1234
|
||||
AllowedIPs = 1.2.3.4/32
|
||||
```
|
||||
> [!TIP]
|
||||
> With `v4`, WGDashboard will look for entry with `#Name# = abc...` in each peer and use that for the name.
|
||||
|
||||
## 🛠 Install
|
||||
|
||||
### Install Commands
|
||||
|
||||
These commands are tested by myself in each OS. It contains commands to install WireGuard, Git, Net Tools, and even Python on some OS.
|
||||
|
||||
> [!WARNING]
|
||||
> Please make sure you understand these commands before you run them.
|
||||
|
||||
#### Ubuntu 20.04 LTS
|
||||
|
||||
```shell
|
||||
sudo add-apt-repository ppa:deadsnakes/ppa -y && \
|
||||
sudo apt-get update -y && \
|
||||
sudo apt-get install python3.10 python3.10-distutils wireguard-tools net-tools --no-install-recommends -y && \
|
||||
git clone https://github.com/donaldzou/WGDashboard.git && \
|
||||
cd WGDashboard/src && \
|
||||
chmod +x ./wgd.sh && \
|
||||
./wgd.sh install && \
|
||||
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \
|
||||
sudo sysctl -p
|
||||
```
|
||||
#### Ubuntu 22.04 LTS & Ubuntu 24.02 LTS
|
||||
|
||||
```shell
|
||||
sudo apt-get update -y && \
|
||||
sudo apt install wireguard-tools net-tools --no-install-recommends -y && \
|
||||
git clone https://github.com/donaldzou/WGDashboard.git && \
|
||||
cd ./WGDashboard/src && \
|
||||
chmod +x ./wgd.sh && \
|
||||
./wgd.sh install && \
|
||||
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \
|
||||
sudo sysctl -p /etc/sysctl.conf
|
||||
```
|
||||
#### Debian 12.6
|
||||
|
||||
```shell
|
||||
apt-get install sudo git iptables -y && \
|
||||
sudo apt-get update && \
|
||||
sudo apt install wireguard-tools net-tools && \
|
||||
git clone https://github.com/donaldzou/WGDashboard.git && \
|
||||
cd ./WGDashboard/src && \
|
||||
chmod +x ./wgd.sh && \
|
||||
./wgd.sh install && \
|
||||
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \
|
||||
sudo sysctl -p /etc/sysctl.conf
|
||||
```
|
||||
|
||||
#### Debian 11.10
|
||||
|
||||
> [!WARNING]
|
||||
> This commands will download Python 3.10's source code and build from it, since Debian 11.10 doesn't comes with Python 3.10
|
||||
|
||||
```shell
|
||||
apt-get install sudo -y && \
|
||||
sudo apt-get update && \
|
||||
sudo apt install -y git iptables build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev wireguard-tools net-tools && \
|
||||
wget https://www.python.org/ftp/python/3.10.0/Python-3.10.0.tgz && \
|
||||
tar -xvf Python-3.10.0.tgz && \
|
||||
cd Python-3.10.0 && \
|
||||
sudo ./configure --enable-optimizations && \
|
||||
sudo make && \
|
||||
sudo make altinstall && \
|
||||
cd .. && \
|
||||
git clone https://github.com/donaldzou/WGDashboard.git && \
|
||||
cd ./WGDashboard/src && \
|
||||
chmod +x ./wgd.sh && \
|
||||
./wgd.sh install && \
|
||||
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \
|
||||
sudo sysctl -p /etc/sysctl.conf
|
||||
```
|
||||
|
||||
#### Red Hat Enterprise Linux 9.4 & CentOS 9-Stream
|
||||
|
||||
```shell
|
||||
sudo yum install wireguard-tools net-tools git python3.11 -y && \
|
||||
git clone https://github.com/donaldzou/WGDashboard.git && \
|
||||
cd ./WGDashboard/src && \
|
||||
chmod +x ./wgd.sh && \
|
||||
./wgd.sh install && \
|
||||
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \
|
||||
sudo sysctl -p /etc/sysctl.conf && \
|
||||
firewall-cmd --add-port=10086/tcp --permanent && \
|
||||
firewall-cmd --add-port=51820/udp --permanent && \
|
||||
firewall-cmd --reload
|
||||
```
|
||||
|
||||
#### Fedora 40 & Fedora 39 & Fedora 38
|
||||
|
||||
```shell
|
||||
sudo yum install wireguard-tools net-tools git -y && \
|
||||
git clone https://github.com/donaldzou/WGDashboard.git && \
|
||||
cd ./WGDashboard/src && \
|
||||
chmod +x ./wgd.sh && \
|
||||
./wgd.sh install && \
|
||||
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \
|
||||
sudo sysctl -p /etc/sysctl.conf && \
|
||||
firewall-cmd --add-port=10086/tcp --permanent && \
|
||||
firewall-cmd --add-port=51820/udp --permanent && \
|
||||
firewall-cmd --reload
|
||||
```
|
||||
|
||||
### Manual Installation
|
||||
|
||||
> [!NOTE]
|
||||
> To ensure a smooth installation process, please make sure Python 3.10/3.11/3.12, `git`, `wireguard-tools` and `net-tools` are installed :)
|
||||
|
||||
1. Download WGDashboard
|
||||
|
||||
```shell
|
||||
git clone https://github.com/donaldzou/WGDashboard.git wgdashboard
|
||||
|
||||
2. Open the WGDashboard folder
|
||||
|
||||
```shell
|
||||
cd wgdashboard/src
|
||||
```
|
||||
|
||||
3. Install WGDashboard
|
||||
|
||||
```shell
|
||||
sudo chmod u+x wgd.sh && \
|
||||
sudo ./wgd.sh install
|
||||
```
|
||||
|
||||
4. Give read and execute permission to root of the WireGuard configuration folder, you can change the path if your configuration files are not stored in `/etc/wireguard`
|
||||
|
||||
```shell
|
||||
sudo chmod -R 755 /etc/wireguard
|
||||
```
|
||||
|
||||
5. Run WGDashboard
|
||||
|
||||
```shell
|
||||
sudo ./wgd.sh start
|
||||
```
|
||||
|
||||
6. Access dashboard
|
||||
|
||||
Access your server with port `10086` (e.g. http://your_server_ip:10086), using username `admin` and password `admin`. See below how to change port and ip that the dashboard is running with.
|
||||
|
||||
|
||||
|
||||
## 🪜 Usage
|
||||
|
||||
#### Start/Stop/Restart WGDashboard
|
||||
|
||||
|
||||
```shell
|
||||
cd wgdashboard/src
|
||||
-----------------------------
|
||||
./wgd.sh start # Start the dashboard in background
|
||||
-----------------------------
|
||||
./wgd.sh debug # Start the dashboard in foreground (debug mode)
|
||||
-----------------------------
|
||||
./wgd.sh stop # Stop the dashboard
|
||||
-----------------------------
|
||||
./wgd.sh restart # Restart the dasboard
|
||||
```
|
||||
|
||||
#### Autostart WGDashboard on boot (>= v2.2)
|
||||
|
||||
In the `src` folder, it contained a file called `wg-dashboard.service`, we can use this file to let our system to autostart the dashboard after reboot. The following guide has tested on **Ubuntu**, most **Debian** based OS might be the same, but some might not. Please don't hesitate to provide your system if you have tested the autostart on another system.
|
||||
|
||||
1. Changing the directory to the dashboard's directory
|
||||
|
||||
```shell
|
||||
cd wgdashboard/src
|
||||
```
|
||||
|
||||
2. Get the full path of the dashboard's directory
|
||||
|
||||
```shell
|
||||
pwd
|
||||
#Output: /root/wgdashboard/src
|
||||
```
|
||||
|
||||
For this example, the output is `/root/wireguard-dashboard/src`, your path might be different since it depends on where you downloaded the dashboard in the first place. **Copy the the output to somewhere, we will need this in the next step.**
|
||||
|
||||
3. Edit the service file, the service file is located in `wireguard-dashboard/src`, you can use other editor you like, here will be using `nano`
|
||||
|
||||
```shell
|
||||
nano wg-dashboard.service
|
||||
```
|
||||
|
||||
You will see something like this:
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
After=syslog.target network-online.target
|
||||
Wants=wg-quick.target
|
||||
ConditionPathIsDirectory=/etc/wireguard
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=<absolute_path_of_wgdashboard_src>/gunicorn.pid
|
||||
WorkingDirectory=<absolute_path_of_wgdashboard_src>
|
||||
ExecStart=<absolute_path_of_wgdashboard_src>/wgd.sh start
|
||||
ExecStop=<absolute_path_of_wgdashboard_src>/wgd.sh stop
|
||||
ExecReload=<absolute_path_of_wgdashboard_src>/wgd.sh restart
|
||||
TimeoutSec=120
|
||||
PrivateTmp=yes
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Now, we need to replace all `<absolute_path_of_wgdashboard_src>` to the one you just copied from step 2. After doing this, the file will become something like this, your file might be different:
|
||||
|
||||
**Be aware that after the value of `WorkingDirectory`, it does not have a `/` (slash).** And then save the file after you edited it
|
||||
|
||||
4. Copy the service file to systemd folder
|
||||
|
||||
```bash
|
||||
$ sudo cp wg-dashboard.service /etc/systemd/system/wg-dashboard.service
|
||||
```
|
||||
|
||||
To make sure you copy the file successfully, you can use this command `cat /etc/systemd/system/wg-dashboard.service` to see if it will output the file you just edited.
|
||||
|
||||
5. Enable the service
|
||||
|
||||
```bash
|
||||
$ sudo chmod 664 /etc/systemd/system/wg-dashboard.service
|
||||
$ sudo systemctl daemon-reload
|
||||
$ sudo systemctl enable wg-dashboard.service
|
||||
$ sudo systemctl start wg-dashboard.service # <-- To start the service
|
||||
```
|
||||
|
||||
6. Check if the service run correctly
|
||||
|
||||
```bash
|
||||
$ sudo systemctl status wg-dashboard.service
|
||||
```
|
||||
And you should see something like this
|
||||
|
||||
```shell
|
||||
● wg-dashboard.service
|
||||
Loaded: loaded (/etc/systemd/system/wg-dashboard.service; enabled; vendor preset: enabled)
|
||||
Active: active (running) since Wed 2024-08-14 22:21:47 EDT; 55s ago
|
||||
Process: 494968 ExecStart=/home/donaldzou/Wireguard-Dashboard/src/wgd.sh start (code=exited, status=0/SUCCESS)
|
||||
Main PID: 495005 (gunicorn)
|
||||
Tasks: 5 (limit: 4523)
|
||||
Memory: 36.8M
|
||||
CPU: 789ms
|
||||
CGroup: /system.slice/wg-dashboard.service
|
||||
├─495005 /home/donaldzou/Wireguard-Dashboard/src/venv/bin/python3 ./venv/bin/gunicorn --config ./gunicorn.conf.py
|
||||
└─495007 /home/donaldzou/Wireguard-Dashboard/src/venv/bin/python3 ./venv/bin/gunicorn --config ./gunicorn.conf.py
|
||||
|
||||
Aug 14 22:21:40 wg sudo[494978]: root : PWD=/home/donaldzou/Wireguard-Dashboard/src ; USER=root ; COMMAND=./venv/bin/gunicorn --config ./gunicorn.conf.py
|
||||
Aug 14 22:21:40 wg sudo[494978]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
|
||||
Aug 14 22:21:40 wg wgd.sh[494979]: [WGDashboard] WGDashboard w/ Gunicorn will be running on 0.0.0.0:10086
|
||||
Aug 14 22:21:40 wg wgd.sh[494979]: [WGDashboard] Access log file is at ./log/access_2024_08_14_22_21_40.log
|
||||
Aug 14 22:21:40 wg wgd.sh[494979]: [WGDashboard] Error log file is at ./log/error_2024_08_14_22_21_40.log
|
||||
Aug 14 22:21:40 wg sudo[494978]: pam_unix(sudo:session): session closed for user root
|
||||
Aug 14 22:21:45 wg wgd.sh[494968]: [WGDashboard] Checking if WGDashboard w/ Gunicorn started successfully
|
||||
Aug 14 22:21:47 wg wgd.sh[494968]: [WGDashboard] WGDashboard w/ Gunicorn started successfully
|
||||
Aug 14 22:21:47 wg wgd.sh[494968]: ------------------------------------------------------------
|
||||
Aug 14 22:21:47 wg systemd[1]: Started wg-dashboard.service.
|
||||
```
|
||||
|
||||
If you see `Active:` followed by `active (running) since...` then it means it run correctly.
|
||||
|
||||
7. Stop/Start/Restart the service
|
||||
|
||||
```bash
|
||||
sudo systemctl stop wg-dashboard.service # <-- To stop the service
|
||||
sudo systemctl start wg-dashboard.service # <-- To start the service
|
||||
sudo systemctl restart wg-dashboard.service # <-- To restart the service
|
||||
```
|
||||
|
||||
8. **And now you can reboot your system, and use the command at step 6 to see if it will auto start after the reboot, or just simply access the dashboard through your browser. If you have any questions or problem, please report it in the issue page.**
|
||||
|
||||
## ✂️ Dashboard Configuration
|
||||
|
||||
#### Dashboard Configuration file
|
||||
|
||||
Since version 2.0, WGDashboard will be using a configuration file called `wg-dashboard.ini`, (It will generate automatically after first time running the dashboard). More options will include in future versions, and for now it included the following configurations:
|
||||
|
||||
| | Description | Default | Edit Available |
|
||||
|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------|----------------|
|
||||
| **`[Account]`** | *Configuration on account* | | |
|
||||
| `username` | Dashboard login username | `admin` | Yes |
|
||||
| `password` | Password, will be hash with SHA256 | `admin` hashed in SHA256 | Yes |
|
||||
| | | | |
|
||||
| **`[Server]`** | *Configuration on dashboard* | | |
|
||||
| `wg_conf_path` | The path of all the Wireguard configurations | `/etc/wireguard` | Yes |
|
||||
| `app_ip` | IP address the dashboard will run with | `0.0.0.0` | Yes |
|
||||
| `app_port` | Port the the dashboard will run with | `10086` | Yes |
|
||||
| `auth_req` | Does the dashboard need authentication to access, if `auth_req = false` , user will not be access the **Setting** tab due to security consideration. **User can only edit the file directly in system**. | `true` | **No** |
|
||||
| `version` | Dashboard Version | `v4.0` | **No** |
|
||||
| `dashboard_refresh_interval` | How frequent the dashboard will refresh on the configuration page | `60000ms` | Yes |
|
||||
| `dashboard_sort` | How configuration is sorting | `status` | Yes |
|
||||
| `dashboard_theme` | Dashboard Theme | `dark` | Yes |
|
||||
| | | | |
|
||||
| **`[Peers]`** | *Default Settings on a new peer* | | |
|
||||
| `peer_global_dns` | DNS Server | `1.1.1.1` | Yes |
|
||||
| `peer_endpoint_allowed_ip` | Endpoint Allowed IP | `0.0.0.0/0` | Yes |
|
||||
| `peer_display_mode` | How peer will display | `grid` | Yes |
|
||||
| `remote_endpoint` | Remote Endpoint (i.e where your peers will connect to) | *depends on your server's default network interface* | Yes |
|
||||
| `peer_mtu` | Maximum Transmit Unit | `1420` | |
|
||||
| `peer_keep_alive` | Keep Alive | `21` | Yes |
|
||||
|
||||
#### Generating QR code and peer configuration file (.conf)
|
||||
|
||||
Starting version 2.2, dashboard can now generate QR code and configuration file for each peer. Here is a template of what each QR code encoded with and the same content will be inside the file:
|
||||
|
||||
```ini
|
||||
[Interface]
|
||||
PrivateKey = QWERTYUIOPO234567890YUSDAKFH10E1B12JE129U21=
|
||||
Address = 0.0.0.0/32
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = QWERTYUIOPO234567890YUSDAKFH10E1B12JE129U21=
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
Endpoint = 0.0.0.0:51820
|
||||
```
|
||||
|
||||
| | Description | Default Value | Available in Peer setting |
|
||||
| ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------- |
|
||||
| **`[Interface]`** | | | |
|
||||
| `PrivateKey` | The private key of this peer | Private key generated by WireGuard (`wg genkey`) or provided by user | Yes |
|
||||
| `Address` | The `allowed_ips` of your peer | N/A | Yes |
|
||||
| `DNS` | The DNS server your peer will use | `1.1.1.1` - Cloud flare DNS, you can change it when you adding the peer or in the peer setting. | Yes |
|
||||
| **`[Peer]`** | | | |
|
||||
| `PublicKey` | The public key of your server | N/A | No |
|
||||
| `AllowedIPs` | IP ranges for which a peer will route traffic | `0.0.0.0/0` - Indicated a default route to send all internet and VPN traffic through that peer. | Yes |
|
||||
| `Endpoint` | Your wireguard server ip and port, the dashboard will search for your server's default interface's ip. | `<your server default interface ip>:<listen port>` | Yes |
|
||||
|
||||
## ❓ How to update the dashboard?
|
||||
|
||||
#### **Please note for users who are using `v3 - v3.0.6` want to update to `v4.0`**
|
||||
- Although theoretically updating through `wgd.sh` should work, but I still suggest you to update the dashboard manually.
|
||||
|
||||
#### **Please note for users who are using `v2.3.1` or below**
|
||||
|
||||
- For user who is using `v2.3.1` or below, please notice that all data that stored in the current database will **not** transfer to the new database. This is hard decision to move from TinyDB to SQLite. But SQLite does provide a thread-safe access and TinyDB doesn't. I couldn't find a safe way to transfer the data, so you need to do them manually... Sorry about that :pensive:。 But I guess this would be a great start for future development :sunglasses:.
|
||||
|
||||
|
||||
1. Change your directory to `wgdashboard`
|
||||
|
||||
```shell
|
||||
cd wgdashboard/src
|
||||
```
|
||||
|
||||
2. Update the dashboard
|
||||
```shell
|
||||
git pull https://github.com/donaldzou/WGDashboard.git --force
|
||||
```
|
||||
|
||||
3. Install
|
||||
|
||||
```shell
|
||||
sudo ./wgd.sh install
|
||||
```
|
||||
|
||||
Starting with `v3.0`, you can simply do `sudo ./wgd.sh update` !! (I hope)
|
||||
|
||||
## 🐬 Docker Solutions
|
||||
|
||||
Current, we have 2 beloved contributors provided solutions for hosting WGDashboard with Docker
|
||||
|
||||
### Solution 1 from @DaanSelen
|
||||
|
||||
Please visit [Docker-explain.md](./docker/Docker-explain.md)
|
||||
|
||||
### Solution 2 from @shuricksumy
|
||||
|
||||
Please visit [shuricksumy/docker-wgdashboard](https://github.com/shuricksumy/docker-wgdashboard)
|
||||
|
||||
> For questions or issues related to Docker, please visit [#272](https://github.com/donaldzou/WGDashboard/issues/272)
|
||||
|
||||
## 📖 WGDashboard REST API Documentation & How to use API Key
|
||||
|
||||
Please visit the [API Documentation](./docs/api-documents.md)
|
||||
|
||||
## 🥘 Experimental Features
|
||||
|
||||
### Cross-Server Access
|
||||
|
||||
Starting with `v4.0`, you can access WGDashboards on other server through one WGDashboard with API Keys
|
||||
|
||||
![Cross Server Example](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/cross-server.gif)
|
||||
|
||||
### Desktop App
|
||||
|
||||
Since the major changes for `v4.0` is to move the whole front-end code to Vue.js. And with this change, we can take the
|
||||
advantage of combining ElectronJS and Vue.js to create a Desktop version of WGDashboard. Currently, we provide an Universal macOS app and a Windows app.
|
||||
|
||||
To download the app, please visit the [latest release](https://github.com/donaldzou/WGDashboard/releases).
|
||||
|
||||
![ElectronJS App Demo](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/electronjs-app.gif)
|
||||
|
||||
## 🔍 Screenshot
|
||||
|
||||
![Sign In](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/sign-in.png)
|
||||
![Cross Server](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/cross-server.png)
|
||||
![Index](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/index.png)
|
||||
![New Configuration](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/new-configuration.png)
|
||||
![Settings](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/settings.png)
|
||||
![Light-Dark Mode](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/light-dark.png)
|
||||
![Configuration](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/configuration.png)
|
||||
![Add Peers](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/add-peers.png)
|
||||
![Ping](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/ping.png)
|
||||
![Traceroute](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/traceroute.png)
|
||||
|
||||
## 🕰️ Changelogs
|
||||
|
||||
Please visit the [Changelogs.md](./docs/changelogs.md)
|
||||
> To better manage documentation for this project. I've moved it to its own [repo](https://github.com/donaldzou/WGDashboard-Documentation). I will keep updating over there and leave this README only with important information.
|
||||
|
||||
- [💡 Features](https://donaldzou.github.io/WGDashboard-Documentation/features.html)
|
||||
- [📝 Requirements](https://donaldzou.github.io/WGDashboard-Documentation/requirements.html)
|
||||
- [🛠 Install](https://donaldzou.github.io/WGDashboard-Documentation/install.html)
|
||||
- [🪜 Usage](https://donaldzou.github.io/WGDashboard-Documentation/usage.html)
|
||||
- [📖 API Documentation](https://donaldzou.github.io/WGDashboard-Documentation/api-documentation.html)
|
||||
- [And much more...](https://donaldzou.github.io/WGDashboard-Documentation/)
|
||||
|
26
compose.yaml
Normal file
26
compose.yaml
Normal file
@ -0,0 +1,26 @@
|
||||
services:
|
||||
|
||||
wireguard-dashboard:
|
||||
build: ./
|
||||
container_name: wiregate
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- wg_net=10.0.0.1/24
|
||||
- wg_port=51820
|
||||
volumes:
|
||||
- wgd_configs:/etc/wireguard
|
||||
- wgd_app:/opt/wireguarddashboard/src
|
||||
ports:
|
||||
- 10086:10086/tcp
|
||||
- 51820:51820/udp
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
|
||||
|
||||
volumes:
|
||||
wgd_configs:
|
||||
wgd_app:
|
43
docker/alpine/builder.sh
Normal file
43
docker/alpine/builder.sh
Normal file
@ -0,0 +1,43 @@
|
||||
venv_python="./venv/bin/python3"
|
||||
venv_gunicorn="./venv/bin/gunicorn"
|
||||
pythonExecutable="python3"
|
||||
|
||||
|
||||
_check_and_set_venv(){
|
||||
VIRTUAL_ENV="./venv"
|
||||
if [ ! -d $VIRTUAL_ENV ]; then
|
||||
printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n"
|
||||
{ $pythonExecutable -m venv $VIRTUAL_ENV; } >> ./log/install.txt
|
||||
fi
|
||||
|
||||
if ! $venv_python --version > /dev/null 2>&1
|
||||
then
|
||||
printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark"
|
||||
kill $TOP_PID
|
||||
fi
|
||||
|
||||
source ${VIRTUAL_ENV}/bin/activate
|
||||
|
||||
}
|
||||
|
||||
build_core () {
|
||||
if [ ! -d "log" ]
|
||||
then
|
||||
printf "[WGDashboard] Creating ./log folder\n"
|
||||
mkdir "log"
|
||||
fi
|
||||
|
||||
|
||||
apk add --no-cache python3 net-tools python3-dev py3-virtualenv
|
||||
_check_and_set_venv
|
||||
printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n"
|
||||
{ date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt
|
||||
printf "[WGDashboard] Building Bcrypt & Psutil\n"
|
||||
{ date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt
|
||||
printf "[WGDashboard] Build Successfull!\n"
|
||||
printf "[WGDashboard] Clean Up Pip!\n"
|
||||
{ date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt
|
||||
|
||||
}
|
||||
|
||||
build_core
|
2
docker/alpine/requirements.txt
Normal file
2
docker/alpine/requirements.txt
Normal file
@ -0,0 +1,2 @@
|
||||
bcrypt
|
||||
psutil
|
211
src/dashboard.py
211
src/dashboard.py
@ -33,7 +33,7 @@ import threading
|
||||
|
||||
from flask.json.provider import DefaultJSONProvider
|
||||
|
||||
DASHBOARD_VERSION = 'v4.0.2'
|
||||
DASHBOARD_VERSION = 'v4.0.4'
|
||||
CONFIGURATION_PATH = os.getenv('CONFIGURATION_PATH', '.')
|
||||
DB_PATH = os.path.join(CONFIGURATION_PATH, 'db')
|
||||
if not os.path.isdir(DB_PATH):
|
||||
@ -442,6 +442,8 @@ class WireguardConfiguration:
|
||||
return self.message
|
||||
|
||||
def __init__(self, name: str = None, data: dict = None):
|
||||
print(f"[WGDashboard] Initialized Configuration: {name}")
|
||||
|
||||
self.__parser: configparser.ConfigParser = configparser.ConfigParser(strict=False)
|
||||
self.__parser.optionxform = str
|
||||
self.__configFileModifiedTime = None
|
||||
@ -589,82 +591,92 @@ class WireguardConfiguration:
|
||||
for i in restricted:
|
||||
self.RestrictedPeers.append(Peer(i, self))
|
||||
|
||||
def configurationFileChanged(self) :
|
||||
mt = os.path.getmtime(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'))
|
||||
changed = self.__configFileModifiedTime is None or self.__configFileModifiedTime != mt
|
||||
self.__configFileModifiedTime = mt
|
||||
return changed
|
||||
|
||||
def __getPeers(self):
|
||||
|
||||
mt = os.path.getmtime(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'))
|
||||
# if self.__configFileModifiedTime is None or self.__configFileModifiedTime != mt:
|
||||
self.Peers = []
|
||||
with open(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'), 'r') as configFile:
|
||||
p = []
|
||||
pCounter = -1
|
||||
content = configFile.read().split('\n')
|
||||
try:
|
||||
peerStarts = content.index("[Peer]")
|
||||
content = content[peerStarts:]
|
||||
for i in content:
|
||||
if not regex_match("#(.*)", i) and not regex_match(";(.*)", i):
|
||||
if i == "[Peer]":
|
||||
pCounter += 1
|
||||
p.append({})
|
||||
p[pCounter]["name"] = ""
|
||||
else:
|
||||
if len(i) > 0:
|
||||
split = re.split(r'\s*=\s*', i, 1)
|
||||
if len(split) == 2:
|
||||
p[pCounter][split[0]] = split[1]
|
||||
if self.configurationFileChanged():
|
||||
self.Peers = []
|
||||
with open(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'), 'r') as configFile:
|
||||
p = []
|
||||
pCounter = -1
|
||||
content = configFile.read().split('\n')
|
||||
try:
|
||||
peerStarts = content.index("[Peer]")
|
||||
content = content[peerStarts:]
|
||||
for i in content:
|
||||
if not regex_match("#(.*)", i) and not regex_match(";(.*)", i):
|
||||
if i == "[Peer]":
|
||||
pCounter += 1
|
||||
p.append({})
|
||||
p[pCounter]["name"] = ""
|
||||
else:
|
||||
if len(i) > 0:
|
||||
split = re.split(r'\s*=\s*', i, 1)
|
||||
if len(split) == 2:
|
||||
p[pCounter][split[0]] = split[1]
|
||||
|
||||
if regex_match("#Name# = (.*)", i):
|
||||
split = re.split(r'\s*=\s*', i, 1)
|
||||
print(split)
|
||||
if len(split) == 2:
|
||||
p[pCounter]["name"] = split[1]
|
||||
if regex_match("#Name# = (.*)", i):
|
||||
split = re.split(r'\s*=\s*', i, 1)
|
||||
print(split)
|
||||
if len(split) == 2:
|
||||
p[pCounter]["name"] = split[1]
|
||||
|
||||
for i in p:
|
||||
if "PublicKey" in i.keys():
|
||||
checkIfExist = sqlSelect("SELECT * FROM '%s' WHERE id = ?" % self.Name,
|
||||
((i['PublicKey']),)).fetchone()
|
||||
if checkIfExist is None:
|
||||
newPeer = {
|
||||
"id": i['PublicKey'],
|
||||
"private_key": "",
|
||||
"DNS": DashboardConfig.GetConfig("Peers", "peer_global_DNS")[1],
|
||||
"endpoint_allowed_ip": DashboardConfig.GetConfig("Peers", "peer_endpoint_allowed_ip")[
|
||||
1],
|
||||
"name": i.get("name"),
|
||||
"total_receive": 0,
|
||||
"total_sent": 0,
|
||||
"total_data": 0,
|
||||
"endpoint": "N/A",
|
||||
"status": "stopped",
|
||||
"latest_handshake": "N/A",
|
||||
"allowed_ip": i.get("AllowedIPs", "N/A"),
|
||||
"cumu_receive": 0,
|
||||
"cumu_sent": 0,
|
||||
"cumu_data": 0,
|
||||
"traffic": [],
|
||||
"mtu": DashboardConfig.GetConfig("Peers", "peer_mtu")[1],
|
||||
"keepalive": DashboardConfig.GetConfig("Peers", "peer_keep_alive")[1],
|
||||
"remote_endpoint": DashboardConfig.GetConfig("Peers", "remote_endpoint")[1],
|
||||
"preshared_key": i["PresharedKey"] if "PresharedKey" in i.keys() else ""
|
||||
}
|
||||
sqlUpdate(
|
||||
"""
|
||||
INSERT INTO '%s'
|
||||
VALUES (:id, :private_key, :DNS, :endpoint_allowed_ip, :name, :total_receive, :total_sent,
|
||||
:total_data, :endpoint, :status, :latest_handshake, :allowed_ip, :cumu_receive, :cumu_sent,
|
||||
:cumu_data, :mtu, :keepalive, :remote_endpoint, :preshared_key);
|
||||
""" % self.Name
|
||||
, newPeer)
|
||||
# sqldb.commit()
|
||||
self.Peers.append(Peer(newPeer, self))
|
||||
else:
|
||||
sqlUpdate("UPDATE '%s' SET allowed_ip = ? WHERE id = ?" % self.Name,
|
||||
(i.get("AllowedIPs", "N/A"), i['PublicKey'],))
|
||||
# sqldb.commit()
|
||||
self.Peers.append(Peer(checkIfExist, self))
|
||||
except Exception as e:
|
||||
print(f"[WGDashboard] {self.Name} Error: {str(e)}")
|
||||
else:
|
||||
self.Peers.clear()
|
||||
checkIfExist = sqlSelect("SELECT * FROM '%s'" % self.Name).fetchall()
|
||||
for i in checkIfExist:
|
||||
self.Peers.append(Peer(i, self))
|
||||
|
||||
for i in p:
|
||||
if "PublicKey" in i.keys():
|
||||
checkIfExist = sqlSelect("SELECT * FROM '%s' WHERE id = ?" % self.Name,
|
||||
((i['PublicKey']),)).fetchone()
|
||||
if checkIfExist is None:
|
||||
newPeer = {
|
||||
"id": i['PublicKey'],
|
||||
"private_key": "",
|
||||
"DNS": DashboardConfig.GetConfig("Peers", "peer_global_DNS")[1],
|
||||
"endpoint_allowed_ip": DashboardConfig.GetConfig("Peers", "peer_endpoint_allowed_ip")[
|
||||
1],
|
||||
"name": i.get("name"),
|
||||
"total_receive": 0,
|
||||
"total_sent": 0,
|
||||
"total_data": 0,
|
||||
"endpoint": "N/A",
|
||||
"status": "stopped",
|
||||
"latest_handshake": "N/A",
|
||||
"allowed_ip": i.get("AllowedIPs", "N/A"),
|
||||
"cumu_receive": 0,
|
||||
"cumu_sent": 0,
|
||||
"cumu_data": 0,
|
||||
"traffic": [],
|
||||
"mtu": DashboardConfig.GetConfig("Peers", "peer_mtu")[1],
|
||||
"keepalive": DashboardConfig.GetConfig("Peers", "peer_keep_alive")[1],
|
||||
"remote_endpoint": DashboardConfig.GetConfig("Peers", "remote_endpoint")[1],
|
||||
"preshared_key": i["PresharedKey"] if "PresharedKey" in i.keys() else ""
|
||||
}
|
||||
sqlUpdate(
|
||||
"""
|
||||
INSERT INTO '%s'
|
||||
VALUES (:id, :private_key, :DNS, :endpoint_allowed_ip, :name, :total_receive, :total_sent,
|
||||
:total_data, :endpoint, :status, :latest_handshake, :allowed_ip, :cumu_receive, :cumu_sent,
|
||||
:cumu_data, :mtu, :keepalive, :remote_endpoint, :preshared_key);
|
||||
""" % self.Name
|
||||
, newPeer)
|
||||
# sqldb.commit()
|
||||
self.Peers.append(Peer(newPeer, self))
|
||||
else:
|
||||
sqlUpdate("UPDATE '%s' SET allowed_ip = ? WHERE id = ?" % self.Name,
|
||||
(i.get("AllowedIPs", "N/A"), i['PublicKey'],))
|
||||
# sqldb.commit()
|
||||
self.Peers.append(Peer(checkIfExist, self))
|
||||
except Exception as e:
|
||||
print(f"[WGDashboard] {self.Name} Error: {str(e)}")
|
||||
self.__configFileModifiedTime = mt
|
||||
|
||||
def addPeers(self, peers: list):
|
||||
for p in peers:
|
||||
@ -681,8 +693,6 @@ class WireguardConfiguration:
|
||||
return False, None
|
||||
|
||||
def allowAccessPeers(self, listOfPublicKeys):
|
||||
# numOfAllowedPeers = 0
|
||||
# numOfFailedToAllowPeers = 0
|
||||
if not self.getStatus():
|
||||
self.toggleConfiguration()
|
||||
|
||||
@ -693,7 +703,15 @@ class WireguardConfiguration:
|
||||
% (self.Name, self.Name,), (p['id'],))
|
||||
sqlUpdate("DELETE FROM '%s_restrict_access' WHERE id = ?"
|
||||
% self.Name, (p['id'],))
|
||||
subprocess.check_output(f"wg set {self.Name} peer {p['id']} allowed-ips {p['allowed_ip']}",
|
||||
|
||||
presharedKeyExist = len(p['preshared_key']) > 0
|
||||
rd = random.Random()
|
||||
uid = uuid.UUID(int=rd.getrandbits(128), version=4)
|
||||
if presharedKeyExist:
|
||||
with open(f"{uid}", "w+") as f:
|
||||
f.write(p['preshared_key'])
|
||||
|
||||
subprocess.check_output(f"wg set {self.Name} peer {p['id']} allowed-ips {p['allowed_ip']}{f' preshared-key {uid}' if presharedKeyExist else ''}",
|
||||
shell=True, stderr=subprocess.STDOUT)
|
||||
else:
|
||||
return ResponseObject(False, "Failed to allow access of peer " + i)
|
||||
@ -803,12 +821,11 @@ class WireguardConfiguration:
|
||||
else:
|
||||
status = "stopped"
|
||||
if int(latestHandshake[count + 1]) > 0:
|
||||
sqldb.execute("UPDATE '%s' SET latest_handshake = ?, status = ? WHERE id= ?" % self.Name
|
||||
sqlUpdate("UPDATE '%s' SET latest_handshake = ?, status = ? WHERE id= ?" % self.Name
|
||||
, (str(minus).split(".", maxsplit=1)[0], status, latestHandshake[count],))
|
||||
else:
|
||||
sqldb.execute("UPDATE '%s' SET latest_handshake = 'No Handshake', status = ? WHERE id= ?" % self.Name
|
||||
sqlUpdate("UPDATE '%s' SET latest_handshake = 'No Handshake', status = ? WHERE id= ?" % self.Name
|
||||
, (status, latestHandshake[count],))
|
||||
sqldb.commit()
|
||||
count += 2
|
||||
|
||||
|
||||
@ -1284,16 +1301,20 @@ def _regexMatch(regex, text):
|
||||
return pattern.search(text) is not None
|
||||
|
||||
|
||||
def _getConfigurationList() -> [WireguardConfiguration]:
|
||||
configurations = {}
|
||||
def _getConfigurationList():
|
||||
# configurations = {}
|
||||
for i in os.listdir(WG_CONF_PATH):
|
||||
if _regexMatch("^(.{1,}).(conf)$", i):
|
||||
i = i.replace('.conf', '')
|
||||
try:
|
||||
configurations[i] = WireguardConfiguration(i)
|
||||
if i in WireguardConfigurations.keys():
|
||||
if WireguardConfigurations[i].configurationFileChanged():
|
||||
WireguardConfigurations[i] = WireguardConfiguration(i)
|
||||
else:
|
||||
WireguardConfigurations[i] = WireguardConfiguration(i)
|
||||
except WireguardConfiguration.InvalidConfigurationFileException as e:
|
||||
print(f"{i} have an invalid configuration file.")
|
||||
return configurations
|
||||
|
||||
|
||||
|
||||
def _checkIPWithRange(ip):
|
||||
@ -1354,8 +1375,7 @@ def _generatePrivateKey() -> [bool, str]:
|
||||
except subprocess.CalledProcessError:
|
||||
return False, None
|
||||
|
||||
|
||||
def _getWireguardConfigurationAvailableIP(configName: str) -> tuple[bool, list[str]] | tuple[bool, None]:
|
||||
def _getWireguardConfigurationAvailableIP(configName: str, all: bool = False) -> tuple[bool, list[str]] | tuple[bool, None]:
|
||||
if configName not in WireguardConfigurations.keys():
|
||||
return False, None
|
||||
configuration = WireguardConfigurations[configName]
|
||||
@ -1387,8 +1407,9 @@ def _getWireguardConfigurationAvailableIP(configName: str) -> tuple[bool, list[s
|
||||
if h not in existedAddress:
|
||||
availableAddress.append(ipaddress.ip_network(h).compressed)
|
||||
count += 1
|
||||
if network.version == 6 and count > 255:
|
||||
break
|
||||
if not all:
|
||||
if network.version == 6 and count > 255:
|
||||
break
|
||||
return True, availableAddress
|
||||
|
||||
return False, None
|
||||
@ -1534,7 +1555,7 @@ def API_SignOut():
|
||||
|
||||
@app.route(f'{APP_PREFIX}/api/getWireguardConfigurations', methods=["GET"])
|
||||
def API_getWireguardConfigurations():
|
||||
# WireguardConfigurations = _getConfigurationList()
|
||||
_getConfigurationList()
|
||||
return ResponseObject(data=[wc for wc in WireguardConfigurations.values()])
|
||||
|
||||
|
||||
@ -1841,17 +1862,7 @@ def API_addPeers(configName):
|
||||
if i not in availableIps[1]:
|
||||
return ResponseObject(False, f"This IP is not available: {i}")
|
||||
|
||||
config.addPeers([{"id": public_key, "allowed_ip": ''.join(allowed_ips)}])
|
||||
# subprocess.check_output(
|
||||
# f"wg set {config.Name} peer {public_key} allowed-ips {''.join(allowed_ips)}",
|
||||
# shell=True, stderr=subprocess.STDOUT)
|
||||
# if len(preshared_key) > 0:
|
||||
# subprocess.check_output(
|
||||
# f"wg set {config.Name} peer {public_key} preshared-key {preshared_key}",
|
||||
# shell=True, stderr=subprocess.STDOUT)
|
||||
# subprocess.check_output(
|
||||
# f"wg-quick save {config.Name}", shell=True, stderr=subprocess.STDOUT)
|
||||
# config.getPeersList()
|
||||
config.addPeers([{"id": public_key, "allowed_ip": ','.join(allowed_ips)}])
|
||||
found, peer = config.searchPeer(public_key)
|
||||
if found:
|
||||
return peer.updatePeer(name, private_key, preshared_key, dns_addresses, ",".join(allowed_ips),
|
||||
@ -2188,7 +2199,7 @@ _, WG_CONF_PATH = DashboardConfig.GetConfig("Server", "wg_conf_path")
|
||||
|
||||
|
||||
WireguardConfigurations: dict[str, WireguardConfiguration] = {}
|
||||
WireguardConfigurations = _getConfigurationList()
|
||||
_getConfigurationList()
|
||||
|
||||
def startThreads():
|
||||
bgThread = threading.Thread(target=backGroundThread)
|
||||
|
34
src/entrypoint.sh
Normal file
34
src/entrypoint.sh
Normal file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
echo "Starting the WireGuard Dashboard Docker container."
|
||||
|
||||
clean_up() {
|
||||
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
|
||||
echo "Looking for remains of previous instances..."
|
||||
if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then
|
||||
echo "Found old .pid file, removing."
|
||||
rm /opt/wireguarddashboard/app/src/gunicorn.pid
|
||||
else
|
||||
echo "No remains found, continuing."
|
||||
fi
|
||||
}
|
||||
ensure_blocking() {
|
||||
sleep 1s
|
||||
echo "Ensuring container continuation."
|
||||
|
||||
# This function checks if the latest error log is created and tails it for docker logs uses.
|
||||
if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
|
||||
latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1)
|
||||
latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1)
|
||||
tail -f "${latestErrLog}" "${latestAccLog}"
|
||||
fi
|
||||
|
||||
# Blocking command in case of erroring. So the container does not quit.
|
||||
sleep infinity
|
||||
}
|
||||
|
||||
{ date; clean_up; printf "\n\n"; } >> ./log/install.txt
|
||||
|
||||
chmod u+x /opt/wireguarddashboard/src/wgd.sh
|
||||
/opt/wireguarddashboard/src/wgd.sh install
|
||||
/opt/wireguarddashboard/src/wgd.sh docker_start
|
||||
ensure_blocking
|
13
src/iptable-rules/postdown.sh
Normal file
13
src/iptable-rules/postdown.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
WIREGUARD_INTERFACE=ADMINS
|
||||
WIREGUARD_LAN=10.0.0.1/24
|
||||
MASQUERADE_INTERFACE=eth0
|
||||
|
||||
CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"
|
||||
|
||||
iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN
|
||||
|
||||
# Remove and delete the WIREGUARD_wg0 chain
|
||||
iptables -D FORWARD -j $CHAIN_NAME
|
||||
iptables -F $CHAIN_NAME
|
||||
iptables -X $CHAIN_NAME
|
26
src/iptable-rules/postup.sh
Normal file
26
src/iptable-rules/postup.sh
Normal file
@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
WIREGUARD_INTERFACE=ADMINS
|
||||
WIREGUARD_LAN=10.0.0.1/24
|
||||
MASQUERADE_INTERFACE=eth0
|
||||
|
||||
iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN
|
||||
|
||||
# Add a WIREGUARD_wg0 chain to the FORWARD chain
|
||||
CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"
|
||||
iptables -N $CHAIN_NAME
|
||||
iptables -A FORWARD -j $CHAIN_NAME
|
||||
|
||||
# Accept related or established traffic
|
||||
iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
# Accept traffic from any Wireguard IP address connected to the Wireguard server
|
||||
iptables -A $CHAIN_NAME -s $WIREGUARD_LAN -i $WIREGUARD_INTERFACE -j ACCEPT
|
||||
|
||||
# Allow traffic to the local loopback interface
|
||||
iptables -A $CHAIN_NAME -o lo -j ACCEPT
|
||||
|
||||
# Drop everything else coming through the Wireguard interface
|
||||
iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP
|
||||
|
||||
# Return to FORWARD chain
|
||||
iptables -A $CHAIN_NAME -j RETURN
|
BIN
src/static/app/dist/assets/bootstrap-icons.woff
vendored
BIN
src/static/app/dist/assets/bootstrap-icons.woff
vendored
Binary file not shown.
BIN
src/static/app/dist/assets/bootstrap-icons.woff2
vendored
BIN
src/static/app/dist/assets/bootstrap-icons.woff2
vendored
Binary file not shown.
6
src/static/app/dist/assets/index.css
vendored
6
src/static/app/dist/assets/index.css
vendored
File diff suppressed because one or more lines are too long
40
src/static/app/dist/assets/index.js
vendored
40
src/static/app/dist/assets/index.js
vendored
File diff suppressed because one or more lines are too long
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "app",
|
||||
"version": "4.0.2",
|
||||
"version": "4.0.4",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
|
@ -30,12 +30,24 @@ export default {
|
||||
this.data.private_key = this.keypair.privateKey;
|
||||
this.data.public_key = this.keypair.publicKey;
|
||||
},
|
||||
testKey(key){
|
||||
const reg = /^[A-Za-z0-9+/]{43}=?=?$/;
|
||||
return reg.test(key)
|
||||
},
|
||||
checkMatching(){
|
||||
try{
|
||||
if (window.wireguard.generatePublicKey(this.keypair.privateKey)
|
||||
!== this.keypair.publicKey){
|
||||
this.error = true;
|
||||
this.dashboardStore.newMessage("WGDashboard", "Private Key and Public Key does not match.", "danger");
|
||||
if(this.keypair.privateKey){
|
||||
if(this.testKey(this.keypair.privateKey)){
|
||||
this.keypair.publicKey = window.wireguard.generatePublicKey(this.keypair.privateKey)
|
||||
if (window.wireguard.generatePublicKey(this.keypair.privateKey)
|
||||
!== this.keypair.publicKey){
|
||||
this.error = true;
|
||||
this.dashboardStore.newMessage("WGDashboard", "Private Key and Public Key does not match.", "danger");
|
||||
}else{
|
||||
this.data.private_key = this.keypair.privateKey
|
||||
this.data.public_key = this.keypair.publicKey
|
||||
}
|
||||
}
|
||||
}
|
||||
}catch (e){
|
||||
this.error = true;
|
||||
|
100
src/wgd.sh
100
src/wgd.sh
@ -65,10 +65,6 @@ _determineOS(){
|
||||
OS=$ID
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
OS="redhat"
|
||||
elif [ -f /etc/alpine-release ]; then
|
||||
OS="alpine"
|
||||
# elif [ -f /etc/arch-release ]; then
|
||||
# OS="arch"
|
||||
else
|
||||
printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark"
|
||||
printf "%s\n" "$helpMsg"
|
||||
@ -131,18 +127,6 @@ _installPythonVenv(){
|
||||
ubuntu|debian)
|
||||
{ sudo apt-get update; sudo apt-get install ${pythonExecutable}-venv; } &>> ./log/install.txt
|
||||
;;
|
||||
# centos|fedora|redhat|rhel)
|
||||
# if command -v dnf &> /dev/null; then
|
||||
# { sudo dnf install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt
|
||||
# else
|
||||
# { sudo yum install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt
|
||||
# fi
|
||||
# ;;
|
||||
# *)
|
||||
# printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS.\n" "$heavy_crossmark"
|
||||
# printf "%s\n" "$helpMsg"
|
||||
# kill $TOP_PID
|
||||
# ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
@ -275,16 +259,17 @@ install_wgd(){
|
||||
_checkPythonVersion
|
||||
_installPythonVenv
|
||||
_installPythonPip
|
||||
_checkWireguard
|
||||
_checkWireguard
|
||||
sudo chmod -R 755 /etc/wireguard/
|
||||
|
||||
if [ ! -d "db" ]
|
||||
then
|
||||
printf "[WGDashboard] Creating ./db folder\n"
|
||||
mkdir "db"
|
||||
then
|
||||
printf "[WGDashboard] Creating ./db folder\n"
|
||||
mkdir "db"
|
||||
fi
|
||||
_check_and_set_venv
|
||||
printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n"
|
||||
{ date; python3 -m ensurepip --upgrade; printf "\n\n"; } >> ./log/install.txt
|
||||
{ date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt
|
||||
printf "[WGDashboard] Installing latest Python dependencies\n"
|
||||
{ date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt #This all works on the default installation.
|
||||
@ -309,11 +294,11 @@ check_wgd_status(){
|
||||
}
|
||||
|
||||
certbot_create_ssl () {
|
||||
certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
|
||||
certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
|
||||
}
|
||||
|
||||
certbot_renew_ssl () {
|
||||
certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
|
||||
certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
|
||||
}
|
||||
|
||||
gunicorn_start () {
|
||||
@ -340,7 +325,7 @@ gunicorn_start () {
|
||||
}
|
||||
|
||||
gunicorn_stop () {
|
||||
sudo kill $(cat ./gunicorn.pid)
|
||||
sudo kill $(cat ./gunicorn.pid)
|
||||
}
|
||||
|
||||
start_wgd () {
|
||||
@ -349,23 +334,70 @@ start_wgd () {
|
||||
}
|
||||
|
||||
stop_wgd() {
|
||||
if test -f "$PID_FILE"; then
|
||||
gunicorn_stop
|
||||
else
|
||||
kill "$(ps aux | grep "[p]ython3 $app_name" | awk '{print $2}')"
|
||||
fi
|
||||
if test -f "$PID_FILE"; then
|
||||
gunicorn_stop
|
||||
else
|
||||
kill "$(ps aux | grep "[p]ython3 $app_name" | awk '{print $2}')"
|
||||
fi
|
||||
}
|
||||
|
||||
startwgd_docker() {
|
||||
_checkWireguard
|
||||
printf "[WGDashboard][Docker] WireGuard configuration started\n"
|
||||
{ date; start_core ; printf "\n\n"; } >> ./log/install.txt
|
||||
gunicorn_start
|
||||
}
|
||||
|
||||
start_core() {
|
||||
local iptable_dir="/opt/wireguarddashboard/src/iptable-rules"
|
||||
# Check if wg0.conf exists in /etc/wireguard
|
||||
if [[ ! -f /etc/wireguard/wg0.conf ]]; then
|
||||
echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration."
|
||||
newconf_wgd
|
||||
else
|
||||
echo "[WGDashboard][Docker] wg0.conf already exists. Skipping WireGuard configuration generation."
|
||||
fi
|
||||
# Re-assign config_files to ensure it includes any newly created configurations
|
||||
local config_files=$(find /etc/wireguard -type f -name "*.conf")
|
||||
|
||||
# Set file permissions
|
||||
find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \;
|
||||
find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \;
|
||||
|
||||
# Start WireGuard for each config file
|
||||
for file in $config_files; do
|
||||
config_name=$(basename "$file" ".conf")
|
||||
wg-quick up "$config_name"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
|
||||
newconf_wgd() {
|
||||
local wg_port_listen=$wg_port
|
||||
local wg_addr_range=$wg_net
|
||||
private_key=$(wg genkey)
|
||||
public_key=$(echo "$private_key" | wg pubkey)
|
||||
cat <<EOF >"/etc/wireguard/wg0.conf"
|
||||
[Interface]
|
||||
PrivateKey = $private_key
|
||||
Address = $wg_addr_range
|
||||
ListenPort = $wg_port_listen
|
||||
SaveConfig = true
|
||||
PostUp = /opt/wireguarddashboard/src/iptable-rules/postup.sh
|
||||
PreDown = /opt/wireguarddashboard/src/iptable-rules/postdown.sh
|
||||
EOF
|
||||
}
|
||||
|
||||
start_wgd_debug() {
|
||||
printf "%s\n" "$dashes"
|
||||
_checkWireguard
|
||||
printf "[WGDashboard] Starting WGDashboard in the foreground.\n"
|
||||
sudo "$venv_python" "$app_name"
|
||||
printf "%s\n" "$dashes"
|
||||
printf "%s\n" "$dashes"
|
||||
_checkWireguard
|
||||
printf "[WGDashboard] Starting WGDashboard in the foreground.\n"
|
||||
sudo "$venv_python" "$app_name"
|
||||
printf "%s\n" "$dashes"
|
||||
}
|
||||
|
||||
update_wgd() {
|
||||
|
||||
_determineOS
|
||||
if ! python3 --version > /dev/null 2>&1
|
||||
then
|
||||
|
Loading…
Reference in New Issue
Block a user