From 00611ef9dca2def6ad882cc703621fa03dc548a7 Mon Sep 17 00:00:00 2001 From: Dselen Date: Tue, 20 Aug 2024 09:58:25 -0500 Subject: [PATCH 01/63] Progress so far. --- docker/Dockerfile | 68 +++++++++++++---------- docker/{Docker-explain.md => README.md} | 0 docker/compose.yaml | 6 +- docker/entrypoint.sh | 73 +++++++++++++++++-------- 4 files changed, 90 insertions(+), 57 deletions(-) rename docker/{Docker-explain.md => README.md} (100%) diff --git a/docker/Dockerfile b/docker/Dockerfile index fb373d2..7070a5c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,5 +1,5 @@ # Pull from small Debian stable image. -FROM debian:stable-slim +FROM debian:stable-slim AS build LABEL maintainer="dselen@nerthus.nl" # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. @@ -9,46 +9,52 @@ ENV wg_net="10.0.0.1" # Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. ENV tz="Europe/Amsterdam" ENV global_dns="1.1.1.1" -ENV enable_wg0="false" +ENV enable="(`none`)" ENV isolated_peers="true" ENV public_ip="0.0.0.0" # Doing basic system maintenance. Change the timezone to the desired timezone. RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime -# Doing package management operations, such as upgrading -RUN apt-get update && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends curl \ - git \ - iproute2 \ - iptables \ - iputils-ping \ - openresolv \ - procps \ - python3 \ - python3-pip \ - python3-venv \ - traceroute \ - wireguard \ - wireguard-tools \ - && apt-get remove linux-image-* --autoremove -y \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* -# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. - # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard -RUN python3 -m venv ${WGDASH}/venv + +# Doing package management operations, such as upgrading +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + curl \ + git \ + iproute2 \ + iptables \ + iputils-ping \ + openresolv \ + procps \ + python3 \ + python3-pip \ + python3-venv \ + traceroute \ + wireguard \ + wireguard-tools \ + sudo && \ + apt-get remove -y linux-image-* && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN . ${WGDASH}/venv/bin/activate \ - && git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \ - && pip3 install -r ${WGDASH}/app/src/requirements.txt \ - && chmod +x ${WGDASH}/app/src/wgd.sh \ - && .${WGDASH}/app/src/wgd.sh install +RUN git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH} \ + && rm ${WGDASH}/.git -rdf \ + && python3 -m venv ${WGDASH}/src/venv \ + && . ${WGDASH}/src/venv/bin/activate \ + && chmod +x ${WGDASH}/src/wgd.sh \ + && cd ${WGDASH}/src \ + && ./wgd.sh install -# Set the volume to be used for persistency. +# Set the volume to be used for WireGuard configuration persistency. VOLUME /etc/wireguard +VOLUME ${WGDASH} # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. @@ -67,7 +73,9 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ && rm /etc/wireguard/wg0_privatekey # Defining a way for Docker to check the health of the container. In this case: checking the login URL. -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1 +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1 + # Copy the basic entrypoint.sh script. COPY entrypoint.sh /entrypoint.sh diff --git a/docker/Docker-explain.md b/docker/README.md similarity index 100% rename from docker/Docker-explain.md rename to docker/README.md diff --git a/docker/compose.yaml b/docker/compose.yaml index 9d7509f..c79b5a5 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,12 +1,12 @@ services: wireguard-dashboard: - image: repo.nerthus.nl/app/wireguard-dashboard:latest + image: dselen/wgdashboard:dev restart: unless-stopped container_name: wire-dash environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. - - enable_wg0=true # <--- If true, wg0 will be started on container startup. default: false. + - enable=wg0,wg1 # <--- If true, wg0 will be started on container startup. default: false. - isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: @@ -14,7 +14,7 @@ services: - 51820:51820/udp volumes: - conf:/etc/wireguard - - app:/opt/wireguarddashboard/app + - app:/opt/wireguarddashboard cap_add: - NET_ADMIN diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 118e9ef..6316ab7 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,30 +1,48 @@ #!/bin/bash echo "Starting the WireGuard Dashboard Docker container." +# === CLEAN UP === clean_up() { + echo "--------------------- CLEAN UP -----------------------" # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. echo "Looking for remains of previous instances..." - if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then + local pid_file="${WGDASH}/src/gunicorn.pid" + if [ -f $pid_file ]; then echo "Found old .pid file, removing." - rm /opt/wireguarddashboard/app/src/gunicorn.pid + rm $pid_file else - echo "No remains found, continuing." + echo "No pid remains found, continuing." + fi + + local pycache="${WGDASH}/src/__pycache__" + if [ -d "$pycache" ]; then + local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) + if [ "$pycache_filecount" -gt 0 ]; then + echo "Found old pycaches, removing." + rm -rf "$pycache"/* + else + echo "No pycaches found, continuing." + fi + else + echo "No pycaches found, continuing." fi } +# === CORE SERVICES === start_core() { + echo "--------------------- STARTING CORE -----------------------" + # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. if [ ! -f "/etc/wireguard/wg0.conf" ]; then cp "/wg0.conf" "/etc/wireguard/wg0.conf" - echo "WireGuard interface file copied over." + echo "Standard WG0 Configuration file not found, grabbing template." else - echo "WireGuard interface file looks to already be existing." + echo "Standard WG0 Configuration file found, using that." fi echo "Activating Python venv and executing the WireGuard Dashboard service." - - . "${WGDASH}"/venv/bin/activate - cd "${WGDASH}"/app/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. + . "${WGDASH}"/src/venv/bin/activate + cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. bash wgd.sh start # The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface. @@ -45,17 +63,22 @@ start_core() { fi - # The following section takes care of - if [ "${enable_wg0,,}" = "true" ]; then - echo "Preference for wg0 to be turned on found." - - wg-quick up wg0 - else - echo "Preference for wg0 to be turned off found." - fi + # The following section takes care of enabling wireguard interfaces on startup. + IFS=',' read -r -a enable_array <<< "${enable}" + for interface in "${enable_array[@]}"; do + echo "Preference for $interface to be turned on found." + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Found corresponding configuration file, activating..." + wg-quick up $interface + else + echo "No corresponding configuration file found for $interface doing nothing." + fi + done } +# === SET ENV VARS === set_envvars() { + echo "------------------------------------------------------------" echo "Setting relevant variables for operation." # If the timezone is different, for example in North-America or Asia. @@ -67,11 +90,11 @@ set_envvars() { fi # Changing the DNS used for clients and the dashboard itself. - if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then + if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then echo "Changing default dns." #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. - sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini + sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini fi # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. @@ -79,22 +102,24 @@ set_envvars() { default_ip=$(curl -s ifconfig.me) echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini - elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini + elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then echo "Setting the Public-IP using given variable: ${public_ip}" - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini fi } +# === CLEAN UP === ensure_blocking() { + echo "------------------------------------------------------------" sleep 1s echo "Ensuring container continuation." # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/app/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/app/src/log -name "access_*.log" | head -n 1) + if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then + latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) + latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) tail -f "${latestErrLog}" "${latestAccLog}" fi From 6991039640f56067e865729f6824caa7dc223efc Mon Sep 17 00:00:00 2001 From: Dselen Date: Tue, 20 Aug 2024 12:58:30 -0500 Subject: [PATCH 02/63] Working prototype. --- docker/Dockerfile | 6 ++--- docker/compose.yaml | 4 +-- docker/entrypoint.sh | 60 +++++++++++++++++++++++++++++++++----------- 3 files changed, 50 insertions(+), 20 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 7070a5c..dda699b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -9,8 +9,8 @@ ENV wg_net="10.0.0.1" # Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. ENV tz="Europe/Amsterdam" ENV global_dns="1.1.1.1" -ENV enable="(`none`)" -ENV isolated_peers="true" +ENV enable="none" +ENV isolate="none" ENV public_ip="0.0.0.0" # Doing basic system maintenance. Change the timezone to the desired timezone. @@ -66,7 +66,7 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /wg0.conf \ && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /wg0.conf \ && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \ - && echo "PreDown = iptables -t nat -D POSTROUTING 1" >> /wg0.conf \ + && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /wg0.conf \ && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \ && echo "ListenPort = 51820" >> /wg0.conf \ #&& echo "DNS = ${global_dns}" >> /wg0.conf \ diff --git a/docker/compose.yaml b/docker/compose.yaml index c79b5a5..ba429f2 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -6,8 +6,8 @@ services: environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. - - enable=wg0,wg1 # <--- If true, wg0 will be started on container startup. default: false. - - isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. + - enable=wg0,wg1 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. + - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 6316ab7..e6d48c0 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -8,7 +8,7 @@ clean_up() { echo "Looking for remains of previous instances..." local pid_file="${WGDASH}/src/gunicorn.pid" if [ -f $pid_file ]; then - echo "Found old .pid file, removing." + echo "Found old pid file, removing." rm $pid_file else echo "No pid remains found, continuing." @@ -45,26 +45,56 @@ start_core() { cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. bash wgd.sh start - # The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface. - if [ "${isolated_peers,,}" = "false" ]; then - echo "Isolated peers disabled, adjusting." + # Isolated peers + local configurations=(/etc/wireguard/*) + IFS=',' read -r -a do_isolate <<< "${isolate}" + non_isolate=() - sed -i '/PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf - sed -i '/PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf - elif [ "${isolated_peers,,}" = "true" ]; then - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf) - if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - echo "Isolated peers enabled, adjusting." - - sed -i '/PostUp = iptables -t nat -I POSTROUTING 1 -s/a PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf - sed -i '/PreDown = iptables -t nat -D POSTROUTING 1 -s/a PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf + for config in "${configurations[@]}"; do + local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') + found=false + for interface in "${do_isolate[@]}"; do + if [[ "$config" == "$interface" ]]; then + found=true + break + fi + done + if [ "$found" = false ]; then + non_isolate+=("$config") fi + done - fi + echo "Isolate configurations: ${do_isolate[@]}" + echo "Non-Isolate configurations: ${non_isolate[@]}" + + for interface in "${do_isolate[@]}"; do + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Isolating:" $interface + upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + + if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then + sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + fi + else + echo "Configuration for $interface does not seem to exist, continuing." + fi + done + + for interface in "${non_isolate[@]}"; do + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Removing Isolation for:" $interface + sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + else + echo "Configuration for $interface does not seem to exist, continuing." + fi + done # The following section takes care of enabling wireguard interfaces on startup. IFS=',' read -r -a enable_array <<< "${enable}" + for interface in "${enable_array[@]}"; do echo "Preference for $interface to be turned on found." if [ -f "/etc/wireguard/${interface}.conf" ]; then From 68d0ae40027d4cee1fc4bd73eca76ea0a67aec0a Mon Sep 17 00:00:00 2001 From: Dselen Date: Tue, 20 Aug 2024 13:54:49 -0500 Subject: [PATCH 03/63] Added context and refined code. --- docker/Dockerfile | 2 +- docker/README.md | 53 ++++++++++++++++++++++++++++++-------------- docker/compose.yaml | 4 ++-- docker/entrypoint.sh | 16 ++++++------- 4 files changed, 47 insertions(+), 28 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index dda699b..03b6775 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -10,7 +10,7 @@ ENV wg_net="10.0.0.1" ENV tz="Europe/Amsterdam" ENV global_dns="1.1.1.1" ENV enable="none" -ENV isolate="none" +ENV isolate="wg0" ENV public_ip="0.0.0.0" # Doing basic system maintenance. Change the timezone to the desired timezone. diff --git a/docker/README.md b/docker/README.md index dd7bfe8..7da87cd 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,20 +1,20 @@ -# WG-Dashboard Docker Explanation: +# WGDashboard Docker Explanation: Author: DaanSelen
-This document delves into how the WG-Dashboard Docker container has been built.
+This document delves into how the WGDashboard Docker container has been built.
Of course there are two stages, one before run-time and one at/after run-time.
The `Dockerfile` describes how the container image is made, and the `entrypoint.sh` is executed after running the container.
-In this example, WireGuard is integrated into the container itself, so it should be a run-and-go.
+In this example, WireGuard is integrated into the container itself, so it should be a run-and-go/out-of-the-box.
For more details on the source-code specific to this Docker image, refer to the source files, they have lots of comments. -I have tried to embed some new features such as `isolated_peers` and interface startup on container-start (through `enable_wg0`). +I have tried to embed some new features such as `isolate` and interface startup on container-start (through `enable`). I hope you enjoy! -WG-Dashboard Logo +WG-Dashboard Logo ## Getting the container running: -To get the container running you either pull the image from the repository, at the moment: `repo.nerthus.nl/app/wireguard-dashboard:latest`.
+To get the container running you either pull the image from the repository, `dselen/wgdashboard:latest`.
From there either use the environment variables describe below as parameters or use the Docker Compose file: `compose.yaml`. An example of a simple command to get the container running is show below:
@@ -28,7 +28,7 @@ docker run -d \ -p 10086:10086/tcp \ -p 51820:51820/udp \ --cap-add NET_ADMIN \ - repo.nerthus.nl/app/wireguard-dashboard:latest + dselen/wgdashboard:latest ```
If you want to use Compose instead of a raw Docker command, refer to the example in the `compose.yaml` or the one pasted below: @@ -37,14 +37,14 @@ If you want to use Compose instead of a raw Docker command, refer to the example ```yaml services: wireguard-dashboard: - image: repo.nerthus.nl/app/wireguard-dashboard:latest + image: dselen/wgdashboard:latest restart: unless-stopped container_name: wire-dash environment: #- tz= #- global_dns= - - enable_wg0=true - - isolated_peers=false + - enable=none + - isolate=wg0 #- public_ip= ports: - 10086:10086/tcp @@ -69,14 +69,33 @@ This setup is just generic and will use the Docker volumes. Once the container is running, the installation process is essentially the same as running it on bare-metal.
So go to the assign TCP port in this case HTTP, like the default 10086 one in the example and log into the WEB-GUI.
-| Environment variable | Accepted arguments | Default value | Verbose | -| -------------- | ------- | ------- | ------- | -| tz | Europe/Amsterdam or any confirming timezone notation. | Europe/Amsterdam | Sets the timezone of the Docker container. This is to timesync the container to any other processes which would need it. | -| global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9) | 1.1.1.1 | Set the default DNS given to clients once they connect to the WireGuard tunnel (VPN). -| enable_wg0 | `true` or `false` | `false` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. -| isolated_peers | `true` or `false` | `true` | For security the default is true, and it disables peers to ping or reach eachother, the WireGuard interface IS able to reach the peers (Done through `iptables`). -| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. +| Environment variable | Accepted arguments | Default value | Example value | Verbose | +| -------------- | ------- | ------- | ------- | ------- | +| tz | Europe/Amsterdam or any confirming timezone notation. | `Europe/Amsterdam` | `America/New_York` | Sets the timezone of the Docker container. This is to timesync the container to any other processes which would need it. | +| global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9). | `1.1.1.1` | `8.8.8.8` or any IP-Address that resolves DNS-names, and of course is reachable | Set the default DNS given to clients once they connect to the WireGuard tunnel, and for new peers, set to Cloudflare DNS for reliability. +| enable | Anything, preferably an existing WireGuard interface name. | `none` | `wg0,wg2,wg13` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. +| isolate | Anything, preferably an existing WireGuard interface name. | `wg0` | `wg1,wg0` | For security premade `wg0` interface comes with this feature enabled by default. Declaring `isolate=` in the Docker Compose file will remove this. The WireGuard interface itself IS able to reach the peers (Done through the `iptables` package). +| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `23.50.131.156` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. + +## Be careful with: + +When you are going to work with multiple WireGuard interfaces, you need to also open them up to the Docker host. This done by either adding the port mappings like: `51821:51821/udp` in the Docker Compose file, or to open a range like: `51820-51830:51820-51830/udp`
+The latter opens up UDP ports from 51820 to 51830, so all ports in between as well! Be careful, it is good security practise to open only needed ports! + +## Building the image yourself: + +To build the image yourself, you need to do a couple things:
+1. Clone the Github repository containing the source code of WGDashboard including the docker directory. For example do: `git clone https://github.com/donaldzou/WGDashboard.git` +1. Navigate into the docker directory. +1. (Make sure you have Docker correctly installed, if not: [Click here](https://docs.docker.com/engine/install/)) and run: `docker build . -t :` as an example: `docker build . -t dselen/wgdashboard:latest`.
This will make Docker compile the image from the resources in the directory you mention, in this case the current one. Let it compile, it takes about a minute or maximally two. +1. If all went well, see your image with `docker images`. Example below: +``` +dselen@dev-mach:~/development/WGDashboard/docker$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +dselen/wgdashboard dev c96fd96ee3b3 42 minutes ago 314MB +``` ## Closing remarks: +Excuse the large image size, whoops! Debian's big... sometimes.
For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. diff --git a/docker/compose.yaml b/docker/compose.yaml index ba429f2..83f86b7 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -6,8 +6,8 @@ services: environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. - - enable=wg0,wg1 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. + - enable=wg0,wg2 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. + - isolate=wg0,wg1 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index e6d48c0..84b9f7f 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -26,6 +26,9 @@ clean_up() { else echo "No pycaches found, continuing." fi + + echo "Setting permissions to not be world-accesible." + chmod 640 /etc/wireguard/* } # === CORE SERVICES === @@ -45,7 +48,7 @@ start_core() { cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. bash wgd.sh start - # Isolated peers + # Isolated peers feature: local configurations=(/etc/wireguard/*) IFS=',' read -r -a do_isolate <<< "${isolate}" non_isolate=() @@ -64,9 +67,6 @@ start_core() { fi done - echo "Isolate configurations: ${do_isolate[@]}" - echo "Non-Isolate configurations: ${non_isolate[@]}" - for interface in "${do_isolate[@]}"; do if [ -f "/etc/wireguard/${interface}.conf" ]; then echo "Isolating:" $interface @@ -84,7 +84,7 @@ start_core() { for interface in "${non_isolate[@]}"; do if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Removing Isolation for:" $interface + echo "Removing Isolation if present for:" $interface sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf else @@ -108,8 +108,7 @@ start_core() { # === SET ENV VARS === set_envvars() { - echo "------------------------------------------------------------" - echo "Setting relevant variables for operation." + echo "------------- SETTING ENVIRONMENT VARIABLES ----------------" # If the timezone is different, for example in North-America or Asia. if [ "${tz}" != "$(cat /etc/timezone)" ]; then @@ -142,7 +141,7 @@ set_envvars() { # === CLEAN UP === ensure_blocking() { - echo "------------------------------------------------------------" + echo "-------------- ENSURING CONTAINER CONTINUATION -------------" sleep 1s echo "Ensuring container continuation." @@ -159,6 +158,7 @@ ensure_blocking() { # Execute functions for the WireGuard Dashboard services, then set the environment variables clean_up +repair start_core set_envvars ensure_blocking \ No newline at end of file From bd3aa28523f036f771eae83fd81f09e40a37a51d Mon Sep 17 00:00:00 2001 From: Dselen Date: Tue, 20 Aug 2024 14:48:36 -0500 Subject: [PATCH 04/63] Changed readme and compose for templating. --- docker/README.md | 9 +++++---- docker/compose.yaml | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docker/README.md b/docker/README.md index 7da87cd..ced5362 100644 --- a/docker/README.md +++ b/docker/README.md @@ -23,8 +23,8 @@ An example of a simple command to get the container running is show below:
docker run -d \ --name wireguard-dashboard \ --restart unless-stopped \ - -e enable_wg0=true \ - -e isolated_peers=true \ + -e enable=wg0 \ + -e isolate=wg0 \ -p 10086:10086/tcp \ -p 51820:51820/udp \ --cap-add NET_ADMIN \ @@ -89,10 +89,11 @@ To build the image yourself, you need to do a couple things:
1. Navigate into the docker directory. 1. (Make sure you have Docker correctly installed, if not: [Click here](https://docs.docker.com/engine/install/)) and run: `docker build . -t :` as an example: `docker build . -t dselen/wgdashboard:latest`.
This will make Docker compile the image from the resources in the directory you mention, in this case the current one. Let it compile, it takes about a minute or maximally two. 1. If all went well, see your image with `docker images`. Example below: -``` + +```shell dselen@dev-mach:~/development/WGDashboard/docker$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -dselen/wgdashboard dev c96fd96ee3b3 42 minutes ago 314MB +dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB ``` ## Closing remarks: diff --git a/docker/compose.yaml b/docker/compose.yaml index 83f86b7..3d6c082 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: dselen/wgdashboard:dev + image: dselen/wgdashboard:latest restart: unless-stopped container_name: wire-dash environment: @@ -11,7 +11,7 @@ services: #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp - - 51820:51820/udp + - 51830:51820/udp volumes: - conf:/etc/wireguard - app:/opt/wireguarddashboard From 47ac4388444f9cae3ee23687ceb7894ffb856496 Mon Sep 17 00:00:00 2001 From: dselen <80752476+DaanSelen@users.noreply.github.com> Date: Thu, 22 Aug 2024 16:24:07 +0200 Subject: [PATCH 05/63] Update README.md Rearranged Ubuntu match other descending formats. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1750489..2f9e8c1 100644 --- a/README.md +++ b/README.md @@ -126,9 +126,9 @@ | Ubuntu | Debian | Red Hat Enterprise Linux | CentOS | Fedora | |-----------|--------|--------------------------|----------|--------| -| 20.04 LTS | 12.6 | 9.4 | 9-Stream | 40 | +| 24.02 LTS | 12.6 | 9.4 | 9-Stream | 40 | | 22.04 LTS | 11.10 | | | 39 | -| 24.02 LTS | | | | 38 | +| 20.04 LTS | | | | 38 | > [!TIP] > If you installed WGDashboard on other systems without any issues, please let me know. Thank you! From 8703798ca0a09773332a1c702f6c420b29b7ec5b Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 22 Aug 2024 13:38:29 -0500 Subject: [PATCH 06/63] Modified all files and have a working product, awaiting feedback! --- docker/Dockerfile | 40 ++++----- docker/README.md | 4 +- docker/compose.yaml | 12 +-- docker/entrypoint.sh | 208 ++++++++++++++++++++++++++----------------- 4 files changed, 153 insertions(+), 111 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 03b6775..479681e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,8 +3,9 @@ FROM debian:stable-slim AS build LABEL maintainer="dselen@nerthus.nl" # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ENV wg_net="10.0.0.1" -# wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing. +ARG Git_Url="https://github.com/donaldzou/WGDashboard.git" +ARG wg_net="10.0.0.1" +ARG wg_port="51820" # Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. ENV tz="Europe/Amsterdam" @@ -12,6 +13,7 @@ ENV global_dns="1.1.1.1" ENV enable="none" ENV isolate="wg0" ENV public_ip="0.0.0.0" +ENV update="yes" # Doing basic system maintenance. Change the timezone to the desired timezone. RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime @@ -20,8 +22,7 @@ RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime ENV WGDASH=/opt/wireguarddashboard # Doing package management operations, such as upgrading -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ +RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ git \ iproute2 \ @@ -44,13 +45,8 @@ RUN apt-get update && \ # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH} \ - && rm ${WGDASH}/.git -rdf \ - && python3 -m venv ${WGDASH}/src/venv \ - && . ${WGDASH}/src/venv/bin/activate \ - && chmod +x ${WGDASH}/src/wgd.sh \ - && cd ${WGDASH}/src \ - && ./wgd.sh install +RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ + && git clone ${Git_Url} /setup/app # Set the volume to be used for WireGuard configuration persistency. VOLUME /etc/wireguard @@ -60,20 +56,20 @@ VOLUME ${WGDASH} # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ - && echo "[Interface]" > /wg0.conf \ - && echo "SaveConfig = true" >> /wg0.conf \ - && echo "Address = ${wg_net}/24" >> /wg0.conf \ - && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /wg0.conf \ - && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /wg0.conf \ - && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \ - && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /wg0.conf \ - && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \ - && echo "ListenPort = 51820" >> /wg0.conf \ - #&& echo "DNS = ${global_dns}" >> /wg0.conf \ + && echo "[Interface]" > /setup/conf/wg0.conf \ + && echo "Address = ${wg_net}/24" >> /setup/conf/wg0.conf \ + && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /setup/conf/wg0.conf \ + && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ + && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ + && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ + && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ + && echo "ListenPort = ${wg_port}" >> /setup/conf/wg0.conf \ + && echo "SaveConfig = true" >> /setup/conf/wg0.conf \ + && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf \ && rm /etc/wireguard/wg0_privatekey # Defining a way for Docker to check the health of the container. In this case: checking the login URL. -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ +HEALTHCHECK --interval=2m --timeout=1m --start-period=5s --retries=3 \ CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1 diff --git a/docker/README.md b/docker/README.md index ced5362..8d2a315 100644 --- a/docker/README.md +++ b/docker/README.md @@ -15,7 +15,9 @@ I have tried to embed some new features such as `isolate` and interface startup ## Getting the container running: To get the container running you either pull the image from the repository, `dselen/wgdashboard:latest`.
-From there either use the environment variables describe below as parameters or use the Docker Compose file: `compose.yaml`. +From there either use the environment variables describe below as parameters or use the Docker Compose file: `compose.yaml`.
+Be careful, the default generated WireGuard configuration file uses port 51820/udp. So use this port if you want to use it out of the box.
+Otherwise edit the configuration file in `/etc/wireguard/wg0.conf`. An example of a simple command to get the container running is show below:
diff --git a/docker/compose.yaml b/docker/compose.yaml index 3d6c082..6d4f2bd 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -2,22 +2,22 @@ services: wireguard-dashboard: image: dselen/wgdashboard:latest restart: unless-stopped - container_name: wire-dash + container_name: wgdashboard environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. - - enable=wg0,wg2 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0,wg1 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. + - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. + - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp - - 51830:51820/udp + - 51820:51820/udp volumes: - - conf:/etc/wireguard - app:/opt/wireguarddashboard + - conf:/etc/wireguard cap_add: - NET_ADMIN volumes: - conf: app: + conf: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 84b9f7f..b3595b8 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,9 +1,40 @@ #!/bin/bash + +echo "------------------------- START ----------------------------" echo "Starting the WireGuard Dashboard Docker container." +ensure_installation() { + # When using a custom directory to store the files, this part moves over and makes sure the installation continues. + echo "Checking if everything is present." + + if [ -z "$(ls -A ${WGDASH})" ]; then + echo "Detected empty directory, moving over..." + + mv /setup/app/* ${WGDASH} + python3 -m venv ${WGDASH}/src/venv + . "${WGDASH}/src/venv/bin/activate" + chmod +x ${WGDASH}/src/wgd.sh + cd ${WGDASH}/src + ./wgd.sh install + + echo "Looks like the installation succesfully moved over." + else + echo "Looks like everything is present." + fi + + # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. + if [ ! -f "/etc/wireguard/wg0.conf" ]; then + echo "Standard wg0 Configuration file not found, grabbing template." + cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" + else + echo "Standard wg0 Configuration file found, using that." + fi +} + # === CLEAN UP === clean_up() { - echo "--------------------- CLEAN UP -----------------------" + printf "\n------------------------ CLEAN UP --------------------------\n" + # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. echo "Looking for remains of previous instances..." local pid_file="${WGDASH}/src/gunicorn.pid" @@ -14,6 +45,7 @@ clean_up() { echo "No pid remains found, continuing." fi + # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy local pycache="${WGDASH}/src/__pycache__" if [ -d "$pycache" ]; then local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) @@ -26,89 +58,22 @@ clean_up() { else echo "No pycaches found, continuing." fi - - echo "Setting permissions to not be world-accesible." - chmod 640 /etc/wireguard/* } -# === CORE SERVICES === -start_core() { - echo "--------------------- STARTING CORE -----------------------" - - # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. - if [ ! -f "/etc/wireguard/wg0.conf" ]; then - cp "/wg0.conf" "/etc/wireguard/wg0.conf" - echo "Standard WG0 Configuration file not found, grabbing template." - else - echo "Standard WG0 Configuration file found, using that." - fi - - echo "Activating Python venv and executing the WireGuard Dashboard service." - . "${WGDASH}"/src/venv/bin/activate - cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. - bash wgd.sh start - - # Isolated peers feature: - local configurations=(/etc/wireguard/*) - IFS=',' read -r -a do_isolate <<< "${isolate}" - non_isolate=() - - for config in "${configurations[@]}"; do - local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') - found=false - for interface in "${do_isolate[@]}"; do - if [[ "$config" == "$interface" ]]; then - found=true - break - fi - done - if [ "$found" = false ]; then - non_isolate+=("$config") - fi - done - - for interface in "${do_isolate[@]}"; do - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Isolating:" $interface - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - - if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - fi - else - echo "Configuration for $interface does not seem to exist, continuing." - fi - done - - for interface in "${non_isolate[@]}"; do - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Removing Isolation if present for:" $interface - sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - else - echo "Configuration for $interface does not seem to exist, continuing." - fi - done - - # The following section takes care of enabling wireguard interfaces on startup. - IFS=',' read -r -a enable_array <<< "${enable}" - - for interface in "${enable_array[@]}"; do - echo "Preference for $interface to be turned on found." - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Found corresponding configuration file, activating..." - wg-quick up $interface - else - echo "No corresponding configuration file found for $interface doing nothing." - fi - done -} +#update_checker() { + #if [ "$update" = "yes" ]; then + # echo "Activating Python venv and executing the WireGuard Dashboard service." + # . "${WGDASH}/src/venv/bin/activate" + # cd "${WGDASH}"/src || exit + # bash wgd.sh update + #else + # echo "Auto Updater disabled" + #fi +#} # === SET ENV VARS === set_envvars() { - echo "------------- SETTING ENVIRONMENT VARIABLES ----------------" + printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" # If the timezone is different, for example in North-America or Asia. if [ "${tz}" != "$(cat /etc/timezone)" ]; then @@ -139,9 +104,86 @@ set_envvars() { fi } +# === CORE SERVICES === +start_core() { + printf "\n---------------------- STARTING CORE -----------------------\n" + + echo "Activating Python venv and executing the WireGuard Dashboard service." + . "${WGDASH}"/src/venv/bin/activate + cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. + bash wgd.sh start + + # Isolated peers feature, first converting the existing configuration files and the given names to arrays. + local configurations=(/etc/wireguard/*) + IFS=',' read -r -a do_isolate <<< "${isolate}" + non_isolate=() + + # Checking if there are matches between the two arrays. + for config in "${configurations[@]}"; do + local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') + found=false + for interface in "${do_isolate[@]}"; do + if [[ "$config" == "$interface" ]]; then + found=true + break + fi + done + if [ "$found" = false ]; then + non_isolate+=("$config") + fi + done + + # Isolating the matches. + for interface in "${do_isolate[@]}"; do + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Isolating interface:" $interface + upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + + if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then + sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + fi + else + echo "Configuration for $interface does not seem to exist, continuing." + fi + done + + # Removing isolation for the configurations that did not match. + for interface in "${non_isolate[@]}"; do + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Removing Isolation if present for:" $interface + sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + else + echo "Configuration for $interface does not seem to exist, continuing." + fi + done + + # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. + IFS=',' read -r -a enable_array <<< "${enable}" + + for interface in "${enable_array[@]}"; do + echo "Enabling interface:" $interface + + local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) + if [ $fileperms -eq 644 ]; then + echo "Configuration is world accessible, adjusting." + chmod 600 "/etc/wireguard/${interface}.conf" + fi + + if [ -f "/etc/wireguard/${interface}.conf" ]; then + wg-quick up $interface + else + echo "No corresponding configuration file found for $interface doing nothing." + fi + done +} + # === CLEAN UP === ensure_blocking() { - echo "-------------- ENSURING CONTAINER CONTINUATION -------------" + printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" + sleep 1s echo "Ensuring container continuation." @@ -149,6 +191,7 @@ ensure_blocking() { if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) + tail -f "${latestErrLog}" "${latestAccLog}" fi @@ -157,8 +200,9 @@ ensure_blocking() { } # Execute functions for the WireGuard Dashboard services, then set the environment variables +ensure_installation clean_up -repair -start_core +#update_checker set_envvars +start_core ensure_blocking \ No newline at end of file From 4b8b3acd391a728149fdf9df412508de94975417 Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 22 Aug 2024 14:00:55 -0500 Subject: [PATCH 07/63] Small readme change --- docker/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/README.md b/docker/README.md index 8d2a315..65825dd 100644 --- a/docker/README.md +++ b/docker/README.md @@ -102,3 +102,7 @@ dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB Excuse the large image size, whoops! Debian's big... sometimes.
For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. + +## In Progress: + +Auto-Updating Capabilities, together with Donald I am working on it. \ No newline at end of file From 2e9ac00a42f76242efe52500f4bccf91fba6d593 Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 22 Aug 2024 16:31:47 -0500 Subject: [PATCH 08/63] modified all and patched security vulnerability issue #333 --- docker/Dockerfile | 26 ++++++------------ docker/README.md | 2 +- docker/compose.yaml | 2 +- docker/entrypoint.sh | 65 +++++++++++++++++++++++++++++--------------- 4 files changed, 53 insertions(+), 42 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 479681e..a52e29f 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -23,19 +23,11 @@ ENV WGDASH=/opt/wireguarddashboard # Doing package management operations, such as upgrading RUN apt-get update && apt-get install -y --no-install-recommends \ - curl \ - git \ - iproute2 \ - iptables \ - iputils-ping \ - openresolv \ - procps \ - python3 \ - python3-pip \ - python3-venv \ - traceroute \ - wireguard \ - wireguard-tools \ + curl git iproute2 \ + iptables iputils-ping \ + openresolv procps traceroute \ + python3 python3-pip python3-venv \ + wireguard wireguard-tools \ sudo && \ apt-get remove -y linux-image-* && \ apt-get autoremove -y && \ @@ -55,18 +47,16 @@ VOLUME ${WGDASH} # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ - && echo "[Interface]" > /setup/conf/wg0.conf \ +RUN echo "[Interface]" > /setup/conf/wg0.conf \ && echo "Address = ${wg_net}/24" >> /setup/conf/wg0.conf \ - && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /setup/conf/wg0.conf \ + && echo "PrivateKey =" >> /setup/conf/wg0.conf \ && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ && echo "ListenPort = ${wg_port}" >> /setup/conf/wg0.conf \ && echo "SaveConfig = true" >> /setup/conf/wg0.conf \ - && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf \ - && rm /etc/wireguard/wg0_privatekey + && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=2m --timeout=1m --start-period=5s --retries=3 \ diff --git a/docker/README.md b/docker/README.md index 65825dd..e31933e 100644 --- a/docker/README.md +++ b/docker/README.md @@ -76,7 +76,7 @@ So go to the assign TCP port in this case HTTP, like the default 10086 one in th | tz | Europe/Amsterdam or any confirming timezone notation. | `Europe/Amsterdam` | `America/New_York` | Sets the timezone of the Docker container. This is to timesync the container to any other processes which would need it. | | global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9). | `1.1.1.1` | `8.8.8.8` or any IP-Address that resolves DNS-names, and of course is reachable | Set the default DNS given to clients once they connect to the WireGuard tunnel, and for new peers, set to Cloudflare DNS for reliability. | enable | Anything, preferably an existing WireGuard interface name. | `none` | `wg0,wg2,wg13` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. -| isolate | Anything, preferably an existing WireGuard interface name. | `wg0` | `wg1,wg0` | For security premade `wg0` interface comes with this feature enabled by default. Declaring `isolate=` in the Docker Compose file will remove this. The WireGuard interface itself IS able to reach the peers (Done through the `iptables` package). +| isolate | Anything, preferably an existing WireGuard interface name. | `wg0` | `wg1,wg0` | For security premade `wg0` interface comes with this feature enabled by default. Declaring `isolate=none` in the Docker Compose file will remove this. The WireGuard interface itself IS able to reach the peers (Done through the `iptables` package). | public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `23.50.131.156` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. ## Be careful with: diff --git a/docker/compose.yaml b/docker/compose.yaml index 6d4f2bd..a921a23 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: dselen/wgdashboard:latest + image: dselen/wgdashboard:dev restart: unless-stopped container_name: wgdashboard environment: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index b3595b8..02e51c6 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -26,8 +26,14 @@ ensure_installation() { if [ ! -f "/etc/wireguard/wg0.conf" ]; then echo "Standard wg0 Configuration file not found, grabbing template." cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" + + echo "Setting a secure private key." + local privateKey=$(wg genkey) + sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf + sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf + echo "Done setting template." else - echo "Standard wg0 Configuration file found, using that." + echo "Existing wg0 configuration file found, using that." fi } @@ -58,6 +64,11 @@ clean_up() { else echo "No pycaches found, continuing." fi + + local logdir="${WGDASH}/src/log" + echo "Cleaning log directory." + rm ${logdir}/access_*.log ${logdir}/error_*.log + echo "Removed unneeded logs!" } #update_checker() { @@ -135,17 +146,22 @@ start_core() { # Isolating the matches. for interface in "${do_isolate[@]}"; do - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Isolating interface:" $interface - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - - if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - fi + if [ "$interface" = "none" ]; then + echo "Found: $interface, stopping isolation checking." + break else - echo "Configuration for $interface does not seem to exist, continuing." + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Isolating interface:" $interface + upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + + if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then + sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + fi + else + echo "Configuration for $interface does not seem to exist, continuing." + fi fi done @@ -164,18 +180,23 @@ start_core() { IFS=',' read -r -a enable_array <<< "${enable}" for interface in "${enable_array[@]}"; do - echo "Enabling interface:" $interface - - local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) - if [ $fileperms -eq 644 ]; then - echo "Configuration is world accessible, adjusting." - chmod 600 "/etc/wireguard/${interface}.conf" - fi - - if [ -f "/etc/wireguard/${interface}.conf" ]; then - wg-quick up $interface + if [ "$interface" = "none" ]; then + echo "Found: $interface, stopping enabling checking." + break else - echo "No corresponding configuration file found for $interface doing nothing." + echo "Enabling interface:" $interface + + local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) + if [ $fileperms -eq 644 ]; then + echo "Configuration is world accessible, adjusting." + chmod 600 "/etc/wireguard/${interface}.conf" + fi + + if [ -f "/etc/wireguard/${interface}.conf" ]; then + wg-quick up $interface + else + echo "No corresponding configuration file found for $interface doing nothing." + fi fi done } From e3771a1c5336a9c025261fddfb5c98ebd6a553f5 Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 22 Aug 2024 16:58:29 -0500 Subject: [PATCH 09/63] Refined logging output a bit. --- docker/Dockerfile | 2 +- docker/entrypoint.sh | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index a52e29f..fe6a54d 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -59,7 +59,7 @@ RUN echo "[Interface]" > /setup/conf/wg0.conf \ && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf # Defining a way for Docker to check the health of the container. In this case: checking the login URL. -HEALTHCHECK --interval=2m --timeout=1m --start-period=5s --retries=3 \ +HEALTHCHECK --interval=2m --timeout=1m --start-period=20s --retries=3 \ CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1 diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 02e51c6..30fa9cc 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -67,7 +67,8 @@ clean_up() { local logdir="${WGDASH}/src/log" echo "Cleaning log directory." - rm ${logdir}/access_*.log ${logdir}/error_*.log + find /opt/wireguarddashboard/src/log -name 'access_*.log' -exec rm {} + + find /opt/wireguarddashboard/src/log -name 'error_*.log' -exec rm {} + echo "Removed unneeded logs!" } @@ -92,6 +93,8 @@ set_envvars() { ln -sf /usr/share/zoneinfo/"${tz}" /etc/localtime echo "${tz}" > /etc/timezone + else + echo "Timezone is set correctly." fi # Changing the DNS used for clients and the dashboard itself. @@ -100,6 +103,8 @@ set_envvars() { #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini + else + echo "DNS is set correctly." fi # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. @@ -224,6 +229,6 @@ ensure_blocking() { ensure_installation clean_up #update_checker -set_envvars start_core +set_envvars ensure_blocking \ No newline at end of file From 518e29118cea71229053e3dbd602a853b67b57de Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 23 Aug 2024 07:46:41 -0500 Subject: [PATCH 10/63] Reoganise the documents and added experimental Alpine Linux support in wgd.sh --- docker/alpine/Dockerfile | 62 ++++++++ docker/{ => alpine}/compose.yaml | 0 docker/alpine/entrypoint.sh | 237 ++++++++++++++++++++++++++++++ docker/{ => debian}/Dockerfile | 10 +- docker/debian/compose.yaml | 23 +++ docker/{ => debian}/entrypoint.sh | 19 ++- src/wgd.sh | 49 ++++-- 7 files changed, 372 insertions(+), 28 deletions(-) create mode 100644 docker/alpine/Dockerfile rename docker/{ => alpine}/compose.yaml (100%) create mode 100644 docker/alpine/entrypoint.sh rename docker/{ => debian}/Dockerfile (92%) create mode 100644 docker/debian/compose.yaml rename docker/{ => debian}/entrypoint.sh (96%) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile new file mode 100644 index 0000000..540a2dc --- /dev/null +++ b/docker/alpine/Dockerfile @@ -0,0 +1,62 @@ +# Pull from small Debian stable image. +FROM alpine:latest AS build +LABEL maintainer="dselen@nerthus.nl" + +# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. +ARG Git_Url="https://github.com/donaldzou/WGDashboard.git" +ARG wg_net="10.0.0.1" +ARG wg_port="51820" + +# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. +ENV TZ="Europe/Amsterdam" +ENV global_dns="1.1.1.1" +ENV enable="none" +ENV isolate="wg0" +ENV public_ip="0.0.0.0" +ENV update="yes" + +# Doing package management operations, such as upgrading +RUN apk update \ + && apk add --no-cache bash git curl tzdata \ + wireguard-tools sudo \ + gcc py3-pip python3-dev musl-dev linux-headers + +# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. +ENV WGDASH=/opt/wireguarddashboard + +# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. + +# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. +RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} + #&& git clone ${Git_Url} /setup/app +COPY src /setup/app/src + +# Set the volume to be used for WireGuard configuration persistency. +VOLUME /etc/wireguard +VOLUME ${WGDASH} + +# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. +# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN echo "[Interface]" > /setup/conf/wg0.conf \ + && echo "Address = ${wg_net}/24" >> /setup/conf/wg0.conf \ + && echo "PrivateKey =" >> /setup/conf/wg0.conf \ + && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ + && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ + && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ + && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ + && echo "ListenPort = ${wg_port}" >> /setup/conf/wg0.conf \ + && echo "SaveConfig = true" >> /setup/conf/wg0.conf \ + && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf + +# Defining a way for Docker to check the health of the container. In this case: checking the login URL. +HEALTHCHECK --interval=2m --timeout=1m --start-period=20s --retries=3 \ + CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1 + + +# Copy the basic entrypoint.sh script. +COPY entrypoint.sh /entrypoint.sh + +# Exposing the default WireGuard Dashboard port for web access. +EXPOSE 10086 +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file diff --git a/docker/compose.yaml b/docker/alpine/compose.yaml similarity index 100% rename from docker/compose.yaml rename to docker/alpine/compose.yaml diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh new file mode 100644 index 0000000..3593159 --- /dev/null +++ b/docker/alpine/entrypoint.sh @@ -0,0 +1,237 @@ +#!/bin/bash + +echo "------------------------- START ----------------------------" +echo "Starting the WireGuard Dashboard Docker container." + +ensure_installation() { + # When using a custom directory to store the files, this part moves over and makes sure the installation continues. + echo "Checking if everything is present." + + if [ -z "$(ls -A "${WGDASH}")" ]; then + echo "Detected empty directory, moving over..." + + mv /setup/app/* "${WGDASH}" + python3 -m venv "${WGDASH}"/src/venv + . "${WGDASH}/src/venv/bin/activate" + chmod +x "${WGDASH}"/src/wgd.sh + cd "${WGDASH}"/src || exit + ./wgd.sh install + + echo "Looks like the installation succesfully moved over." + else + echo "Looks like everything is present." + fi + + # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. + if [ ! -f "/etc/wireguard/wg0.conf" ]; then + echo "Standard wg0 Configuration file not found, grabbing template." + cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" + + echo "Setting a secure private key." + + local privateKey + privateKey=$(wg genkey) + + sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf + sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf + echo "Done setting template." + else + echo "Existing wg0 configuration file found, using that." + fi +} + +# === CLEAN UP === +clean_up() { + printf "\n------------------------ CLEAN UP --------------------------\n" + + # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. + echo "Looking for remains of previous instances..." + local pid_file="${WGDASH}/src/gunicorn.pid" + if [ -f "$pid_file" ]; then + echo "Found old pid file, removing." + rm $pid_file + else + echo "No pid remains found, continuing." + fi + + # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy + local pycache="${WGDASH}/src/__pycache__" + if [ -d "$pycache" ]; then + local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) + if [ "$pycache_filecount" -gt 0 ]; then + echo "Found old pycaches, removing." + rm -rf "$pycache"/* + else + echo "No pycaches found, continuing." + fi + else + echo "No pycaches found, continuing." + fi + + local logdir="${WGDASH}/src/log" + echo "Cleaning log directory." + find /opt/wireguarddashboard/src/log -name 'access_*.log' -exec rm {} + + find /opt/wireguarddashboard/src/log -name 'error_*.log' -exec rm {} + + echo "Removed unneeded logs!" +} + +#update_checker() { + #if [ "$update" = "yes" ]; then + # echo "Activating Python venv and executing the WireGuard Dashboard service." + # . "${WGDASH}/src/venv/bin/activate" + # cd "${WGDASH}"/src || exit + # bash wgd.sh update + #else + # echo "Auto Updater disabled" + #fi +#} + +# === SET ENV VARS === +set_envvars() { + printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" + + # If the timezone is different, for example in North-America or Asia. + if [ "${TZ}" != "$(cat /etc/localtime)" ]; then + echo "Changing timezone." + + ln -sf /usr/share/zoneinfo/"${TZ}" /etc/localtime + echo "${TZ}" > /etc/timezone + else + echo "Timezone is set correctly." + fi + + # Changing the DNS used for clients and the dashboard itself. + if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then + echo "Changing default dns." + + #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. + sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini + else + echo "DNS is set correctly." + fi + + # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. + if [ "${public_ip}" = "0.0.0.0" ]; then + default_ip=$(curl -s ifconfig.me) + echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" + + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini + elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then + echo "Setting the Public-IP using given variable: ${public_ip}" + + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini + fi +} + +# === CORE SERVICES === +start_core() { + printf "\n---------------------- STARTING CORE -----------------------\n" + + echo "Activating Python venv and executing the WireGuard Dashboard service." + . "${WGDASH}"/src/venv/bin/activate + cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. + bash wgd.sh start + + # Isolated peers feature, first converting the existing configuration files and the given names to arrays. + local configurations=(/etc/wireguard/*) + IFS=',' read -r -a do_isolate <<< "${isolate}" + non_isolate=() + + # Checking if there are matches between the two arrays. + for config in "${configurations[@]}"; do + local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') + found=false + for interface in "${do_isolate[@]}"; do + if [[ "$config" == "$interface" ]]; then + found=true + break + fi + done + if [ "$found" = false ]; then + non_isolate+=("$config") + fi + done + + # Isolating the matches. + for interface in "${do_isolate[@]}"; do + if [ "$interface" = "none" ]; then + echo "Found: $interface, stopping isolation checking." + break + else + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Isolating interface:" $interface + upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + + if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then + sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + fi + else + echo "Configuration for $interface does not seem to exist, continuing." + fi + fi + done + + # Removing isolation for the configurations that did not match. + for interface in "${non_isolate[@]}"; do + if [ -f "/etc/wireguard/${interface}.conf" ]; then + echo "Removing Isolation if present for:" $interface + sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + else + echo "Configuration for $interface does not seem to exist, continuing." + fi + done + + # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. + IFS=',' read -r -a enable_array <<< "${enable}" + + for interface in "${enable_array[@]}"; do + if [ "$interface" = "none" ]; then + echo "Found: $interface, stopping enabling checking." + break + else + echo "Enabling interface:" $interface + + local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) + if [ $fileperms -eq 644 ]; then + echo "Configuration is world accessible, adjusting." + chmod 600 "/etc/wireguard/${interface}.conf" + fi + + if [ -f "/etc/wireguard/${interface}.conf" ]; then + wg-quick up $interface + else + echo "No corresponding configuration file found for $interface doing nothing." + fi + fi + done +} + +# === CLEAN UP === +ensure_blocking() { + printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" + + sleep 1s + echo "Ensuring container continuation." + + # This function checks if the latest error log is created and tails it for docker logs uses. + if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then + latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) + latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) + + tail -f "${latestErrLog}" "${latestAccLog}" + fi + + # Blocking command in case of erroring. So the container does not quit. + sleep infinity +} + +# Execute functions for the WireGuard Dashboard services, then set the environment variables +ensure_installation +clean_up +#update_checker +start_core +set_envvars +ensure_blocking \ No newline at end of file diff --git a/docker/Dockerfile b/docker/debian/Dockerfile similarity index 92% rename from docker/Dockerfile rename to docker/debian/Dockerfile index fe6a54d..7e4e46a 100644 --- a/docker/Dockerfile +++ b/docker/debian/Dockerfile @@ -8,7 +8,7 @@ ARG wg_net="10.0.0.1" ARG wg_port="51820" # Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. -ENV tz="Europe/Amsterdam" +ENV TZ="Europe/Amsterdam" ENV global_dns="1.1.1.1" ENV enable="none" ENV isolate="wg0" @@ -16,17 +16,15 @@ ENV public_ip="0.0.0.0" ENV update="yes" # Doing basic system maintenance. Change the timezone to the desired timezone. -RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime +RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard # Doing package management operations, such as upgrading RUN apt-get update && apt-get install -y --no-install-recommends \ - curl git iproute2 \ - iptables iputils-ping \ - openresolv procps traceroute \ - python3 python3-pip python3-venv \ + curl git \ + iptables python3 \ wireguard wireguard-tools \ sudo && \ apt-get remove -y linux-image-* && \ diff --git a/docker/debian/compose.yaml b/docker/debian/compose.yaml new file mode 100644 index 0000000..a921a23 --- /dev/null +++ b/docker/debian/compose.yaml @@ -0,0 +1,23 @@ +services: + wireguard-dashboard: + image: dselen/wgdashboard:dev + restart: unless-stopped + container_name: wgdashboard + environment: + #- tz= # <--- Set container timezone, default: Europe/Amsterdam. + #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. + - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. + - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. + #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. + ports: + - 10086:10086/tcp + - 51820:51820/udp + volumes: + - app:/opt/wireguarddashboard + - conf:/etc/wireguard + cap_add: + - NET_ADMIN + +volumes: + app: + conf: diff --git a/docker/entrypoint.sh b/docker/debian/entrypoint.sh similarity index 96% rename from docker/entrypoint.sh rename to docker/debian/entrypoint.sh index 30fa9cc..8ebcd8c 100644 --- a/docker/entrypoint.sh +++ b/docker/debian/entrypoint.sh @@ -7,14 +7,14 @@ ensure_installation() { # When using a custom directory to store the files, this part moves over and makes sure the installation continues. echo "Checking if everything is present." - if [ -z "$(ls -A ${WGDASH})" ]; then + if [ -z "$(ls -A "${WGDASH}")" ]; then echo "Detected empty directory, moving over..." - mv /setup/app/* ${WGDASH} - python3 -m venv ${WGDASH}/src/venv + mv /setup/app/* "${WGDASH}" + python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" - chmod +x ${WGDASH}/src/wgd.sh - cd ${WGDASH}/src + chmod +x "${WGDASH}"/src/wgd.sh + cd "${WGDASH}"/src || exit ./wgd.sh install echo "Looks like the installation succesfully moved over." @@ -28,7 +28,10 @@ ensure_installation() { cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." - local privateKey=$(wg genkey) + + local privateKey + privateKey=$(wg genkey) + sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf echo "Done setting template." @@ -44,7 +47,7 @@ clean_up() { # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. echo "Looking for remains of previous instances..." local pid_file="${WGDASH}/src/gunicorn.pid" - if [ -f $pid_file ]; then + if [ -f "$pid_file" ]; then echo "Found old pid file, removing." rm $pid_file else @@ -88,7 +91,7 @@ set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" # If the timezone is different, for example in North-America or Asia. - if [ "${tz}" != "$(cat /etc/timezone)" ]; then + if [ "${tz}" != "$(cat /etc/localtime)" ]; then echo "Changing timezone." ln -sf /usr/share/zoneinfo/"${tz}" /etc/localtime diff --git a/src/wgd.sh b/src/wgd.sh index 32f8080..d301009 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -65,10 +65,12 @@ _determineOS(){ OS=$ID elif [ -f /etc/redhat-release ]; then OS="redhat" + elif [ -f /etc/alpine-release ]; then + OS="alpine" # elif [ -f /etc/arch-release ]; then # OS="arch" else - printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS." "$heavy_crossmark" + printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" printf "%s\n" "$helpMsg" kill $TOP_PID fi @@ -87,6 +89,9 @@ _installPython(){ { sudo yum install -y python3 net-tools ; printf "\n\n"; } >> ./log/install.txt fi ;; + alpine) + { sudo apk update; sudo apk add python3 net-tools; printf "\n\n"; } >> ./log/install.txt + ;; esac if ! python3 --version > /dev/null 2>&1 @@ -112,8 +117,11 @@ _installPythonVenv(){ { sudo yum install -y python3-virtualenv; printf "\n\n"; } >> ./log/install.txt fi ;; + alpine) + { sudo apk update; sudo apk add py3-virtualenv ; printf "\n\n"; } >> ./log/install.txt + ;; *) - printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS.\n" "$heavy_crossmark" + printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" printf "%s\n" "$helpMsg" kill $TOP_PID ;; @@ -166,8 +174,11 @@ _installPythonPip(){ { sudo dnf install -y ${pythonExecutable}-pip; printf "\n\n"; } >> ./log/install.txt fi ;; + alpine) + { sudo apk update; sudo apk add py3-pip ; printf "\n\n"; } >> ./log/install.txt + ;; *) - printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS.\n" "$heavy_crossmark" + printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" printf "%s\n" "$helpMsg" kill $TOP_PID ;; @@ -185,15 +196,28 @@ _installPythonPip(){ } _checkWireguard(){ - if ! wg -h > /dev/null 2>&1 + if [ ! wg -h > /dev/null 2>&1 ] || [ ! wg-quick -h > /dev/null 2>&1 ] then - printf "[WGDashboard] %s WireGuard is not installed. Please follow instruction on https://www.wireguard.com/install/ to install. \n" "$heavy_crossmark" - kill $TOP_PID - fi - if ! wg-quick -h > /dev/null 2>&1 - then - printf "[WGDashboard] %s WireGuard is not installed. Please follow instruction on https://www.wireguard.com/install/ to install. \n" "$heavy_crossmark" - kill $TOP_PID + case "$OS" in + ubuntu|debian) + { sudo apt update ; sudo apt-get install -y wireguard; printf "\n\n"; } &>> ./log/install.txt + ;; + #centos|fedora|redhat|rhel) + # if [ "$pythonExecutable" = "python3" ]; then + # { sudo dnf install -y python3-pip; printf "\n\n"; } >> ./log/install.txt + # else + # { sudo dnf install -y ${pythonExecutable}-pip; printf "\n\n"; } >> ./log/install.txt + # fi + #;; + alpine) + { sudo apk update; sudo apk add wireguard-tools ; printf "\n\n"; } >> ./log/install.txt + ;; + *) + printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" + printf "%s\n" "$helpMsg" + kill $TOP_PID + ;; + esac fi } @@ -247,9 +271,6 @@ install_wgd(){ _installPythonVenv _installPythonPip - - - if [ ! -d "db" ] then printf "[WGDashboard] Creating ./db folder\n" From 30126190496f079749a00726885bd7277c5ac4b0 Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 23 Aug 2024 11:58:14 -0500 Subject: [PATCH 11/63] testing --- docker/alpine/Dockerfile | 10 +++---- docker/alpine/entrypoint.sh | 6 ++-- src/wgd.sh | 57 ++++++++++++++++++++++++------------- 3 files changed, 45 insertions(+), 28 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index 540a2dc..629dc38 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:latest AS build LABEL maintainer="dselen@nerthus.nl" # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ARG Git_Url="https://github.com/donaldzou/WGDashboard.git" +ARG Git_Url="https://github.com/DaanSelen/WGDashboard.git" ARG wg_net="10.0.0.1" ARG wg_port="51820" @@ -19,7 +19,7 @@ ENV update="yes" RUN apk update \ && apk add --no-cache bash git curl tzdata \ wireguard-tools sudo \ - gcc py3-pip python3-dev musl-dev linux-headers + py3-pip python3-dev # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard @@ -27,9 +27,9 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} - #&& git clone ${Git_Url} /setup/app -COPY src /setup/app/src +RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ + && git clone ${Git_Url} /setup/app +#COPY src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. VOLUME /etc/wireguard diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index 3593159..8ebcd8c 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -91,11 +91,11 @@ set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" # If the timezone is different, for example in North-America or Asia. - if [ "${TZ}" != "$(cat /etc/localtime)" ]; then + if [ "${tz}" != "$(cat /etc/localtime)" ]; then echo "Changing timezone." - ln -sf /usr/share/zoneinfo/"${TZ}" /etc/localtime - echo "${TZ}" > /etc/timezone + ln -sf /usr/share/zoneinfo/"${tz}" /etc/localtime + echo "${tz}" > /etc/timezone else echo "Timezone is set correctly." fi diff --git a/src/wgd.sh b/src/wgd.sh index d301009..f07cc9d 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -199,25 +199,25 @@ _checkWireguard(){ if [ ! wg -h > /dev/null 2>&1 ] || [ ! wg-quick -h > /dev/null 2>&1 ] then case "$OS" in - ubuntu|debian) - { sudo apt update ; sudo apt-get install -y wireguard; printf "\n\n"; } &>> ./log/install.txt - ;; - #centos|fedora|redhat|rhel) - # if [ "$pythonExecutable" = "python3" ]; then - # { sudo dnf install -y python3-pip; printf "\n\n"; } >> ./log/install.txt - # else - # { sudo dnf install -y ${pythonExecutable}-pip; printf "\n\n"; } >> ./log/install.txt - # fi - #;; - alpine) - { sudo apk update; sudo apk add wireguard-tools ; printf "\n\n"; } >> ./log/install.txt - ;; - *) - printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" - printf "%s\n" "$helpMsg" - kill $TOP_PID - ;; - esac + ubuntu|debian) + { sudo apt update ; sudo apt-get install -y wireguard; printf "\n\n"; } &>> ./log/install.txt + ;; + #centos|fedora|redhat|rhel) + # if [ "$pythonExecutable" = "python3" ]; then + # { sudo dnf install -y python3-pip; printf "\n\n"; } >> ./log/install.txt + # else + # { sudo dnf install -y ${pythonExecutable}-pip; printf "\n\n"; } >> ./log/install.txt + # fi + #;; + alpine) + { sudo apk update; sudo apk add wireguard-tools ; printf "\n\n"; } >> ./log/install.txt + ;; + *) + printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" + printf "%s\n" "$helpMsg" + kill $TOP_PID + ;; + esac fi } @@ -280,7 +280,24 @@ install_wgd(){ printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt printf "[WGDashboard] Installing latest Python dependencies\n" - { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt + + printf "$OS" + case "$OS" in + ubuntu|debian) + echo "Lol" + { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt + ;; + ## TO DO ADD RHEL and ROCKY SUPPORT + alpine) + printf "[WGDashboard] Grabbing Alpine dependencies.\n" + { date; sudo apk add gcc python3-dev musl-dev linux-headers ; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt + ;; + *) + printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" + printf "%s\n" "$helpMsg" + kill $TOP_PID + ;; + esac printf "[WGDashboard] WGDashboard installed successfully!\n" printf "[WGDashboard] Enter ./wgd.sh start to start the dashboard\n" } From 27c7e33773f6a38ad0a168f00c7ac261ad1b61b5 Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 23 Aug 2024 12:27:41 -0500 Subject: [PATCH 12/63] added RHEL etc workings. --- docker/WGDashboard | 1 + docker/alpine/entrypoint.sh | 12 +----------- docker/debian/entrypoint.sh | 14 ++------------ src/dashboard.py | 2 +- src/wgd.sh | 8 ++------ 5 files changed, 7 insertions(+), 30 deletions(-) create mode 160000 docker/WGDashboard diff --git a/docker/WGDashboard b/docker/WGDashboard new file mode 160000 index 0000000..3012619 --- /dev/null +++ b/docker/WGDashboard @@ -0,0 +1 @@ +Subproject commit 30126190496f079749a00726885bd7277c5ac4b0 diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index 8ebcd8c..4d66feb 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -10,7 +10,7 @@ ensure_installation() { if [ -z "$(ls -A "${WGDASH}")" ]; then echo "Detected empty directory, moving over..." - mv /setup/app/* "${WGDASH}" + mv /setup/app/{.[!.],}* "${WGDASH}" python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" chmod +x "${WGDASH}"/src/wgd.sh @@ -90,16 +90,6 @@ clean_up() { set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" - # If the timezone is different, for example in North-America or Asia. - if [ "${tz}" != "$(cat /etc/localtime)" ]; then - echo "Changing timezone." - - ln -sf /usr/share/zoneinfo/"${tz}" /etc/localtime - echo "${tz}" > /etc/timezone - else - echo "Timezone is set correctly." - fi - # Changing the DNS used for clients and the dashboard itself. if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then echo "Changing default dns." diff --git a/docker/debian/entrypoint.sh b/docker/debian/entrypoint.sh index 8ebcd8c..1ece541 100644 --- a/docker/debian/entrypoint.sh +++ b/docker/debian/entrypoint.sh @@ -10,7 +10,7 @@ ensure_installation() { if [ -z "$(ls -A "${WGDASH}")" ]; then echo "Detected empty directory, moving over..." - mv /setup/app/* "${WGDASH}" + mv /setup/app/{.[!.],}* "${WGDASH}" python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" chmod +x "${WGDASH}"/src/wgd.sh @@ -89,17 +89,7 @@ clean_up() { # === SET ENV VARS === set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" - - # If the timezone is different, for example in North-America or Asia. - if [ "${tz}" != "$(cat /etc/localtime)" ]; then - echo "Changing timezone." - - ln -sf /usr/share/zoneinfo/"${tz}" /etc/localtime - echo "${tz}" > /etc/timezone - else - echo "Timezone is set correctly." - fi - + # Changing the DNS used for clients and the dashboard itself. if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then echo "Changing default dns." diff --git a/src/dashboard.py b/src/dashboard.py index fca6bc0..369b919 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -1074,7 +1074,7 @@ def regex_match(regex, text): def iPv46RegexCheck(ip): return re.match( - '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9a-f]{1,4}:){7}([0-9a-f]{1,4}|:))|(([0-9a-f]{1,4}:){6}(:[0-9a-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){5}(((:[0-9a-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){4}(((:[0-9a-f]{1,4}){1,3})|((:[0-9a-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){3}(((:[0-9a-f]{1,4}){1,4})|((:[0-9a-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){2}(((:[0-9a-f]{1,4}){1,5})|((:[0-9a-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){1}(((:[0-9a-f]{1,4}){1,6})|((:[0-9a-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9a-f]{1,4}){1,7})|((:[0-9a-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))', + r'((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9a-f]{1,4}:){7}([0-9a-f]{1,4}|:))|(([0-9a-f]{1,4}:){6}(:[0-9a-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){5}(((:[0-9a-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){4}(((:[0-9a-f]{1,4}){1,3})|((:[0-9a-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){3}(((:[0-9a-f]{1,4}){1,4})|((:[0-9a-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){2}(((:[0-9a-f]{1,4}){1,5})|((:[0-9a-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){1}(((:[0-9a-f]{1,4}){1,6})|((:[0-9a-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9a-f]{1,4}){1,7})|((:[0-9a-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))', ip) class DashboardAPIKey: diff --git a/src/wgd.sh b/src/wgd.sh index f07cc9d..a443f06 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -281,15 +281,11 @@ install_wgd(){ { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt printf "[WGDashboard] Installing latest Python dependencies\n" - printf "$OS" case "$OS" in - ubuntu|debian) - echo "Lol" - { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt + ubuntu|debian|centos|fedora|redhat|rhel) + { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt #This all works on the default installation. ;; - ## TO DO ADD RHEL and ROCKY SUPPORT alpine) - printf "[WGDashboard] Grabbing Alpine dependencies.\n" { date; sudo apk add gcc python3-dev musl-dev linux-headers ; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt ;; *) From 6e9d71fcf8150003aa883aba444aa2b466770ee8 Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 23 Aug 2024 12:48:16 -0500 Subject: [PATCH 13/63] Added reverted some no longer needed changes --- docker/alpine/Dockerfile | 5 +++-- docker/alpine/entrypoint.sh | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index 629dc38..6894545 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -19,7 +19,7 @@ ENV update="yes" RUN apk update \ && apk add --no-cache bash git curl tzdata \ wireguard-tools sudo \ - py3-pip python3-dev + py3-pip py3-psutil py3-bcrypt python3-dev # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard @@ -59,4 +59,5 @@ COPY entrypoint.sh /entrypoint.sh # Exposing the default WireGuard Dashboard port for web access. EXPOSE 10086 -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT [ "sleep", "infinity" ] +#ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index 4d66feb..4cda068 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -13,6 +13,11 @@ ensure_installation() { mv /setup/app/{.[!.],}* "${WGDASH}" python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" + + # Extra step for Alpine + mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages + mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages + chmod +x "${WGDASH}"/src/wgd.sh cd "${WGDASH}"/src || exit ./wgd.sh install From 49502235b536c2a7525f58d1f24291f8fec9d19d Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 23 Aug 2024 12:48:33 -0500 Subject: [PATCH 14/63] These needed to be added. --- docker/alpine/Dockerfile | 2 +- src/wgd.sh | 15 +-------------- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index 6894545..cb2f3bb 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -19,7 +19,7 @@ ENV update="yes" RUN apk update \ && apk add --no-cache bash git curl tzdata \ wireguard-tools sudo \ - py3-pip py3-psutil py3-bcrypt python3-dev + py3-pip py3-psutil py3-bcrypt # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard diff --git a/src/wgd.sh b/src/wgd.sh index a443f06..ed8e8c0 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -280,20 +280,7 @@ install_wgd(){ printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt printf "[WGDashboard] Installing latest Python dependencies\n" - - case "$OS" in - ubuntu|debian|centos|fedora|redhat|rhel) - { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt #This all works on the default installation. - ;; - alpine) - { date; sudo apk add gcc python3-dev musl-dev linux-headers ; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt - ;; - *) - printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" - printf "%s\n" "$helpMsg" - kill $TOP_PID - ;; - esac + { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt #This all works on the default installation. printf "[WGDashboard] WGDashboard installed successfully!\n" printf "[WGDashboard] Enter ./wgd.sh start to start the dashboard\n" } From 1d20dc9fcbc3fbd40509ae2dcbf04066a5756ff6 Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 23 Aug 2024 13:01:50 -0500 Subject: [PATCH 15/63] Looking like a promising end of this task. --- docker/WGDashboard | 1 - docker/alpine/Dockerfile | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) delete mode 160000 docker/WGDashboard diff --git a/docker/WGDashboard b/docker/WGDashboard deleted file mode 160000 index 3012619..0000000 --- a/docker/WGDashboard +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 30126190496f079749a00726885bd7277c5ac4b0 diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index cb2f3bb..38ec84d 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -59,5 +59,4 @@ COPY entrypoint.sh /entrypoint.sh # Exposing the default WireGuard Dashboard port for web access. EXPOSE 10086 -ENTRYPOINT [ "sleep", "infinity" ] -#ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file From bc29b89a16b7828cffdb5336bb46000660c3b226 Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 13:07:42 -0500 Subject: [PATCH 16/63] Rebased and going further --- docker/alpine/Dockerfile | 3 +- docker/alpine/entrypoint.sh | 11 ------- src/wgd.sh | 62 +++++++++++++++++++++---------------- 3 files changed, 36 insertions(+), 40 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index 38ec84d..ad6b58a 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -18,8 +18,7 @@ ENV update="yes" # Doing package management operations, such as upgrading RUN apk update \ && apk add --no-cache bash git curl tzdata \ - wireguard-tools sudo \ - py3-pip py3-psutil py3-bcrypt + sudo py3-psutil py3-bcrypt # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index 4cda068..5d815b5 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -80,17 +80,6 @@ clean_up() { echo "Removed unneeded logs!" } -#update_checker() { - #if [ "$update" = "yes" ]; then - # echo "Activating Python venv and executing the WireGuard Dashboard service." - # . "${WGDASH}/src/venv/bin/activate" - # cd "${WGDASH}"/src || exit - # bash wgd.sh update - #else - # echo "Auto Updater disabled" - #fi -#} - # === SET ENV VARS === set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" diff --git a/src/wgd.sh b/src/wgd.sh index ed8e8c0..680698d 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -156,7 +156,6 @@ _installPythonVenv(){ } _installPythonPip(){ - if ! $pythonExecutable -m pip -h > /dev/null 2>&1 then case "$OS" in @@ -195,34 +194,43 @@ _installPythonPip(){ fi } -_checkWireguard(){ - if [ ! wg -h > /dev/null 2>&1 ] || [ ! wg-quick -h > /dev/null 2>&1 ] - then - case "$OS" in - ubuntu|debian) - { sudo apt update ; sudo apt-get install -y wireguard; printf "\n\n"; } &>> ./log/install.txt - ;; - #centos|fedora|redhat|rhel) - # if [ "$pythonExecutable" = "python3" ]; then - # { sudo dnf install -y python3-pip; printf "\n\n"; } >> ./log/install.txt - # else - # { sudo dnf install -y ${pythonExecutable}-pip; printf "\n\n"; } >> ./log/install.txt - # fi - #;; - alpine) - { sudo apk update; sudo apk add wireguard-tools ; printf "\n\n"; } >> ./log/install.txt - ;; - *) - printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" - printf "%s\n" "$helpMsg" - kill $TOP_PID - ;; - esac - fi +checkWireguard(){ + # Check if wg and wg-quick are installed + if ! command -v wg > /dev/null 2>&1 || ! command -v wg-quick > /dev/null 2>&1 + then + case "$OS" in + ubuntu|debian) + { + sudo apt update && sudo apt-get install -y wireguard; + printf "\nWireGuard installed on %s.\n\n" "$OS"; + } &>> ./log/install.txt + ;; + centos|fedora|redhat|rhel) + { + sudo dnf install -y wireguard-tools; + printf "\nWireGuard installed on %s.\n\n" "$OS"; + } &>> ./log/install.txt + ;; + alpine) + { + sudo apk update && sudo apk add wireguard-tools; + printf "\nWireGuard installed on %s.\n\n" "$OS"; + } &>> ./log/install.txt + ;; + *) + printf "[WGDashboard] %s Sorry, your OS is not supported. Currently, the install script only supports Debian-based, Red Hat-based, and Alpine Linux.\n" "$heavy_crossmark" + printf "%s\n" "$helpMsg" + kill $TOP_PID + ;; + esac + else + printf "WireGuard is already installed.\n" + fi } + _checkPythonVersion(){ version_pass=$($pythonExecutable -c 'import sys; print("1") if (sys.version_info.major == 3 and sys.version_info.minor >= 10) else print("0");') version=$($pythonExecutable --version) @@ -250,8 +258,6 @@ _checkPythonVersion(){ install_wgd(){ printf "[WGDashboard] Starting to install WGDashboard\n" - _checkWireguard - sudo chmod -R 755 /etc/wireguard/ if [ ! -d "log" ] then @@ -270,6 +276,8 @@ install_wgd(){ _checkPythonVersion _installPythonVenv _installPythonPip + _checkWireguard + sudo chmod -R 755 /etc/wireguard/ if [ ! -d "db" ] then From 2ec3ee2734ce2f49a5c7752f760b98bc9094a000 Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 13:42:08 -0500 Subject: [PATCH 17/63] Fixed typo --- src/wgd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wgd.sh b/src/wgd.sh index 680698d..d27710f 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -194,7 +194,7 @@ _installPythonPip(){ fi } -checkWireguard(){ +_checkWireguard(){ # Check if wg and wg-quick are installed if ! command -v wg > /dev/null 2>&1 || ! command -v wg-quick > /dev/null 2>&1 then From 40f39e918dcc50458998720e047698fcacc12ca4 Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 15:28:27 -0500 Subject: [PATCH 18/63] Finished work for now on the alpine docker image. --- docker/alpine/Dockerfile | 8 ++++---- docker/alpine/compose.yaml | 2 +- src/wgd.sh | 17 ++++++++--------- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index ad6b58a..b9addcf 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -13,11 +13,11 @@ ENV global_dns="1.1.1.1" ENV enable="none" ENV isolate="wg0" ENV public_ip="0.0.0.0" -ENV update="yes" # Doing package management operations, such as upgrading RUN apk update \ - && apk add --no-cache bash git curl tzdata \ + && apk add --no-cache bash git tzdata \ + iptables ip6tables curl openrc wireguard-tools \ sudo py3-psutil py3-bcrypt # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. @@ -49,8 +49,8 @@ RUN echo "[Interface]" > /setup/conf/wg0.conf \ && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf # Defining a way for Docker to check the health of the container. In this case: checking the login URL. -HEALTHCHECK --interval=2m --timeout=1m --start-period=20s --retries=3 \ - CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1 +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 # Copy the basic entrypoint.sh script. diff --git a/docker/alpine/compose.yaml b/docker/alpine/compose.yaml index a921a23..ae26b90 100644 --- a/docker/alpine/compose.yaml +++ b/docker/alpine/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: dselen/wgdashboard:dev + image: dselen:alpine restart: unless-stopped container_name: wgdashboard environment: diff --git a/src/wgd.sh b/src/wgd.sh index d27710f..9f89e0e 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -90,7 +90,7 @@ _installPython(){ fi ;; alpine) - { sudo apk update; sudo apk add python3 net-tools; printf "\n\n"; } >> ./log/install.txt + { sudo apk update; sudo apk add python3 net-tools --no-cache; printf "\n\n"; } >> ./log/install.txt ;; esac @@ -174,7 +174,7 @@ _installPythonPip(){ fi ;; alpine) - { sudo apk update; sudo apk add py3-pip ; printf "\n\n"; } >> ./log/install.txt + { sudo apk update; sudo apk add py3-pip --no-cache; printf "\n\n"; } >> ./log/install.txt ;; *) printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark" @@ -195,26 +195,25 @@ _installPythonPip(){ } _checkWireguard(){ - # Check if wg and wg-quick are installed if ! command -v wg > /dev/null 2>&1 || ! command -v wg-quick > /dev/null 2>&1 then case "$OS" in ubuntu|debian) { sudo apt update && sudo apt-get install -y wireguard; - printf "\nWireGuard installed on %s.\n\n" "$OS"; + printf "\n[WGDashboard] WireGuard installed on %s.\n\n" "$OS"; } &>> ./log/install.txt ;; centos|fedora|redhat|rhel) { sudo dnf install -y wireguard-tools; - printf "\nWireGuard installed on %s.\n\n" "$OS"; + printf "\n[WGDashboard] WireGuard installed on %s.\n\n" "$OS"; } &>> ./log/install.txt ;; alpine) { - sudo apk update && sudo apk add wireguard-tools; - printf "\nWireGuard installed on %s.\n\n" "$OS"; + sudo apk update && sudo apk add wireguard-tools --no-cache; + printf "\n[WGDashboard] WireGuard installed on %s.\n\n" "$OS"; } &>> ./log/install.txt ;; *) @@ -224,7 +223,7 @@ _checkWireguard(){ ;; esac else - printf "WireGuard is already installed.\n" + printf "[WGDashboard] WireGuard is already installed.\n" fi } @@ -413,7 +412,7 @@ if [ "$#" != 1 ]; printf "%s\n" "$dashes" printf "[WGDashboard] WGDashboard is already running.\n" printf "%s\n" "$dashes" - else + else start_wgd fi elif [ "$1" = "stop" ]; then From ef028659d8ff51158fb5e818dac6a894b9ae0ff0 Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 15:46:17 -0500 Subject: [PATCH 19/63] Testing improvement --- docker/alpine/entrypoint.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index 5d815b5..3068ffa 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -105,6 +105,10 @@ set_envvars() { sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini fi + + echo "Restarting service for good measure" + cd "${WGDASH}"/src || exit + ./wgd.sh restart } # === CORE SERVICES === From f6e5d9675a4aca488db44215b1432f2909fd7d20 Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 15:53:53 -0500 Subject: [PATCH 20/63] Alternative testing. --- docker/alpine/entrypoint.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index 3068ffa..f452f14 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -22,9 +22,13 @@ ensure_installation() { cd "${WGDASH}"/src || exit ./wgd.sh install + echo "Generating some files..." + ./wgd.sh start + ./wgd.sh stop + echo "Looks like the installation succesfully moved over." else - echo "Looks like everything is present." + echo "Looks like everything is present. Or the directory is not empty." fi # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. @@ -106,9 +110,9 @@ set_envvars() { sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini fi - echo "Restarting service for good measure" - cd "${WGDASH}"/src || exit - ./wgd.sh restart + #echo "Restarting service for good measure" + #cd "${WGDASH}"/src || exit + #./wgd.sh restart } # === CORE SERVICES === From c0ef41a9bbcd272c50e2a5bada26115e7956d789 Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 15:54:27 -0500 Subject: [PATCH 21/63] Forgot to reorder --- docker/alpine/entrypoint.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index f452f14..955fcb5 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -223,7 +223,6 @@ ensure_blocking() { # Execute functions for the WireGuard Dashboard services, then set the environment variables ensure_installation clean_up -#update_checker -start_core set_envvars +start_core ensure_blocking \ No newline at end of file From a76e9ed98b02822d9e021e2556c6ae814c0cb2a8 Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 16:16:09 -0500 Subject: [PATCH 22/63] Testing more changes for better handling of variables. --- docker/alpine/compose.yaml | 6 +++--- docker/alpine/entrypoint.sh | 18 +++++++----------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/docker/alpine/compose.yaml b/docker/alpine/compose.yaml index ae26b90..20945ee 100644 --- a/docker/alpine/compose.yaml +++ b/docker/alpine/compose.yaml @@ -1,14 +1,14 @@ services: wireguard-dashboard: - image: dselen:alpine + image: dselen/wgdashboard:alpine restart: unless-stopped container_name: wgdashboard environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. + - global_dns=9.9.9.9 # <--- Set global DNS address, default: 1.1.1.1. - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. + - public_ip=212.124.66.17 # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp - 51820:51820/udp diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index 955fcb5..b2ff69e 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -22,10 +22,6 @@ ensure_installation() { cd "${WGDASH}"/src || exit ./wgd.sh install - echo "Generating some files..." - ./wgd.sh start - ./wgd.sh stop - echo "Looks like the installation succesfully moved over." else echo "Looks like everything is present. Or the directory is not empty." @@ -109,10 +105,6 @@ set_envvars() { sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini fi - - #echo "Restarting service for good measure" - #cd "${WGDASH}"/src || exit - #./wgd.sh restart } # === CORE SERVICES === @@ -121,8 +113,8 @@ start_core() { echo "Activating Python venv and executing the WireGuard Dashboard service." . "${WGDASH}"/src/venv/bin/activate - cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. - bash wgd.sh start + cd "${WGDASH}"/src || return + bash wgd.sh start &>> /dev/null # Isolated peers feature, first converting the existing configuration files and the given names to arrays. local configurations=(/etc/wireguard/*) @@ -205,6 +197,10 @@ start_core() { ensure_blocking() { printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" + . "${WGDASH}"/src/venv/bin/activate + cd "${WGDASH}"/src || return + bash wgd.sh restart + sleep 1s echo "Ensuring container continuation." @@ -223,6 +219,6 @@ ensure_blocking() { # Execute functions for the WireGuard Dashboard services, then set the environment variables ensure_installation clean_up -set_envvars start_core +set_envvars ensure_blocking \ No newline at end of file From 548f3db33df745084b291e458c17085fc8c9fe9d Mon Sep 17 00:00:00 2001 From: Dselen Date: Mon, 26 Aug 2024 16:16:43 -0500 Subject: [PATCH 23/63] quickfix --- docker/alpine/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/alpine/compose.yaml b/docker/alpine/compose.yaml index 20945ee..0d84bea 100644 --- a/docker/alpine/compose.yaml +++ b/docker/alpine/compose.yaml @@ -8,7 +8,7 @@ services: - global_dns=9.9.9.9 # <--- Set global DNS address, default: 1.1.1.1. - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - - public_ip=212.124.66.17 # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. + - public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp - 51820:51820/udp From c3cda05d9847ef659b83329c5d5ea6e6cd856819 Mon Sep 17 00:00:00 2001 From: Dselen Date: Tue, 27 Aug 2024 02:26:19 -0500 Subject: [PATCH 24/63] Move fix. --- docker/alpine/Dockerfile | 6 +++--- docker/alpine/compose.yaml | 8 ++++---- docker/alpine/entrypoint.sh | 7 ++++--- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index b9addcf..5828b34 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -26,9 +26,9 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ - && git clone ${Git_Url} /setup/app -#COPY src /setup/app/src +RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} + #&& git clone ${Git_Url} /setup/app +COPY src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. VOLUME /etc/wireguard diff --git a/docker/alpine/compose.yaml b/docker/alpine/compose.yaml index 0d84bea..341fa27 100644 --- a/docker/alpine/compose.yaml +++ b/docker/alpine/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: dselen/wgdashboard:alpine + image: dselen:alpine restart: unless-stopped container_name: wgdashboard environment: @@ -8,13 +8,13 @@ services: - global_dns=9.9.9.9 # <--- Set global DNS address, default: 1.1.1.1. - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - - public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. + #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp - 51820:51820/udp volumes: - - app:/opt/wireguarddashboard - - conf:/etc/wireguard + - ./app:/opt/wireguarddashboard + - ./conf:/etc/wireguard cap_add: - NET_ADMIN diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh index b2ff69e..20c2711 100644 --- a/docker/alpine/entrypoint.sh +++ b/docker/alpine/entrypoint.sh @@ -10,7 +10,8 @@ ensure_installation() { if [ -z "$(ls -A "${WGDASH}")" ]; then echo "Detected empty directory, moving over..." - mv /setup/app/{.[!.],}* "${WGDASH}" + mv /setup/app/* "${WGDASH}" + mv /setup/app/.* "${WGDASH}" python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" @@ -82,7 +83,7 @@ clean_up() { # === SET ENV VARS === set_envvars() { - printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" + #printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" # Changing the DNS used for clients and the dashboard itself. if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then @@ -195,7 +196,7 @@ start_core() { # === CLEAN UP === ensure_blocking() { - printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" + #printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" . "${WGDASH}"/src/venv/bin/activate cd "${WGDASH}"/src || return From 40e6fce28135eb5ae7050b08ab73dd4c5697aea1 Mon Sep 17 00:00:00 2001 From: Dselen Date: Tue, 27 Aug 2024 02:30:01 -0500 Subject: [PATCH 25/63] Fix typos --- docker/alpine/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index 5828b34..73c893e 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -26,9 +26,9 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} - #&& git clone ${Git_Url} /setup/app -COPY src /setup/app/src +RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ + && git clone ${Git_Url} /setup/app +#COPY src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. VOLUME /etc/wireguard @@ -58,4 +58,4 @@ COPY entrypoint.sh /entrypoint.sh # Exposing the default WireGuard Dashboard port for web access. EXPOSE 10086 -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] From e35f9429643ee25e963e915142cef49737acac09 Mon Sep 17 00:00:00 2001 From: Martin <53882051+martin-g-it@users.noreply.github.com> Date: Wed, 4 Sep 2024 14:40:04 +0200 Subject: [PATCH 26/63] Update dashboard.py - sort WG configurations Sort WG configurations alphabetically --- src/dashboard.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/dashboard.py b/src/dashboard.py index 1d27526..9a8b768 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -1297,7 +1297,9 @@ def _regexMatch(regex, text): def _getConfigurationList(): # configurations = {} - for i in os.listdir(WG_CONF_PATH): + items = os.listdir(WG_CONF_PATH) + items.sort() + for i in items: if _regexMatch("^(.{1,}).(conf)$", i): i = i.replace('.conf', '') try: From f1c577ab76ac8264a2a934ba906dd50147da6da9 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Tue, 17 Sep 2024 14:42:25 +0800 Subject: [PATCH 27/63] Fixed issue mentioned in #391 --- src/dashboard.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/dashboard.py b/src/dashboard.py index 2db77be..0e51eea 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -693,8 +693,6 @@ class WireguardConfiguration: return False, None def allowAccessPeers(self, listOfPublicKeys): - # numOfAllowedPeers = 0 - # numOfFailedToAllowPeers = 0 if not self.getStatus(): self.toggleConfiguration() @@ -705,7 +703,15 @@ class WireguardConfiguration: % (self.Name, self.Name,), (p['id'],)) sqlUpdate("DELETE FROM '%s_restrict_access' WHERE id = ?" % self.Name, (p['id'],)) - subprocess.check_output(f"wg set {self.Name} peer {p['id']} allowed-ips {p['allowed_ip']}", + + presharedKeyExist = len(p['preshared_key']) > 0 + rd = random.Random() + uid = uuid.UUID(int=rd.getrandbits(128), version=4) + if presharedKeyExist: + with open(f"{uid}", "w+") as f: + f.write(p['preshared_key']) + + subprocess.check_output(f"wg set {self.Name} peer {p['id']} allowed-ips {p['allowed_ip']}{f' preshared-key {uid}' if presharedKeyExist else ''}", shell=True, stderr=subprocess.STDOUT) else: return ResponseObject(False, "Failed to allow access of peer " + i) From 41d91e75fcedae79a7216730c052d49507220572 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Thu, 19 Sep 2024 14:44:49 +0800 Subject: [PATCH 28/63] Prepare for v4.0.4 --- src/dashboard.py | 2 +- src/static/app/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/dashboard.py b/src/dashboard.py index 2db77be..05ef9ac 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -33,7 +33,7 @@ import threading from flask.json.provider import DefaultJSONProvider -DASHBOARD_VERSION = 'v4.0.3' +DASHBOARD_VERSION = 'v4.0.4' CONFIGURATION_PATH = os.getenv('CONFIGURATION_PATH', '.') DB_PATH = os.path.join(CONFIGURATION_PATH, 'db') if not os.path.isdir(DB_PATH): diff --git a/src/static/app/package.json b/src/static/app/package.json index 4e9de8a..022175e 100644 --- a/src/static/app/package.json +++ b/src/static/app/package.json @@ -1,6 +1,6 @@ { "name": "app", - "version": "4.0.2", + "version": "4.0.4", "private": true, "type": "module", "scripts": { From c5b02a426c85f86a974470a6b06906dcbdfbfa23 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Mon, 23 Sep 2024 03:12:06 +0800 Subject: [PATCH 29/63] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index abc828e..c111b90 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ +> [!NOTE] +> **Help Wanted 🎉**: Localizing WGDashboard to other languages! If you're willing to help, please visit https://github.com/donaldzou/WGDashboard/issues/397. Many thanks! +
+

WGDashboard

From de94f5b233f50cb15cdab6e8f048b6efe368a872 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Tue, 24 Sep 2024 00:40:20 +0800 Subject: [PATCH 30/63] Update README.md --- README.md | 568 +----------------------------------------------------- 1 file changed, 6 insertions(+), 562 deletions(-) diff --git a/README.md b/README.md index c111b90..b0246f7 100644 --- a/README.md +++ b/README.md @@ -26,565 +26,9 @@

This project is not affiliate to the official WireGuard Project

-## 📣 What's New: v4.0 - -> [!TIP] -> [📹 Demo video on YouTube](https://www.youtube.com/watch?v=0mwzd5Gr2eU) - -### 🎉 New Features - -- **Updated dashboard design**: Re-designed some of the section with more modern style and layout, the UI is faster and more responsive, it also uses less memory. But overall is still the same dashboard you're familiarized. -- **Docker Solution**: We now have 2 docker solutions! Thanks to @DaanSelen & @shuricksumy for providing them. For more information, please see the [Docker](#-docker-solutions) section below. -- **Peer Job Scheduler**: Now you can schedule jobs for each peer to either **restrict** or **delete** the peer if the peer's total / upload / download data usage exceeded a limit, or you can set a specific datetime to restrict or delete the peer. -- **Share Peer's QR Code with Public Link**: You can share a peer's QR code and `.conf` file without the need to loging in. -- **WGDashboard's REST API**: You can now request all the api endpoint used in the dashboard. For more details please review the [API Documentation](./docs/api-documents.md). -- **Logging**: Dashboard will now log all activity on the dashboard and API requests. -- **Time-Based One-Time Password (TOTP)**: You can enable this function to add one more layer of security, and generate the TOTP with your choice of authenticator. -- **Designs** - - **Real-time Graphs**: You can view real-time data changes with graphs in each configuration. - - **Night mode**: You know what that means, it avoids bugs ;) -- **Enforce Python Virtual Environment**: I noticed newer Python version (3.12) does not allow to install packages globally, and plus I think is a good idea to use venv. - -### 🧐 Other Changes -- **Deprecated jQuery from the project, and migrated and rewrote the whole front-end with Vue.js. This allows the dashboard is future proofed, and potential cross server access with a desktop app.** -- Rewrote the backend into a REST API structure -- Improved SQL query efficient -- Removed all templates, except for `index.html` where it will load the Vue.js app. -- Parsing names in `.conf` -- Minimized the need to read `.conf`, only when any `.conf` is modified - -### 🥘 New Experimental Features - - **Cross-Server Access**: Now you can access other servers that installed `v4` of WGDashboard through API key. - - **Desktop App**: Thanks to **Cross-Server Access**, you can now download an ElectronJS based desktop app of WGDashboard, and use that to access WGDashboard on different servers. - - > For more information, please scroll down to [🥘 Experimental Functions](#-experimental-functions) - -> I can't thank enough for all of you who wait for this release, and for those who are new to this project, welcome :) -> Also, huge thanks to who contributed to this major release: -> @bolgovrussia, @eduardorosabales, @Profik, @airgapper, @tokon2000, @bkeenke, @kontorskiy777, @bugsse, @Johnnykson, @DaanSelen, @shuricksumy and many others! - - - -
- -## 📋 Table of Content - - - * [📣 What's New: v4.0](#-whats-new-v40) - * [🎉 New Features](#-new-features) - * [🧐 Other Changes](#-other-changes) - * [🥘 New Experimental Features](#-new-experimental-features) - * [📋 Table of Content](#-table-of-content) - * [💡 Features](#-features) - * [📝 Requirements](#-requirements) - * [Supported Operating Systems](#supported-operating-systems) - * [Existing WireGuard Configurations](#existing-wireguard-configurations) - * [🛠 Install](#-install) - * [Install Commands](#install-commands) - * [Ubuntu 20.04 LTS](#ubuntu-2004-lts) - * [Ubuntu 22.04 LTS & Ubuntu 24.02 LTS](#ubuntu-2204-lts--ubuntu-2402-lts) - * [Debian 12.6](#debian-126) - * [Debian 11.10](#debian-1110) - * [Red Hat Enterprise Linux 9.4 & CentOS 9-Stream](#red-hat-enterprise-linux-94--centos-9-stream) - * [Fedora 40 & Fedora 39 & Fedora 38](#fedora-40--fedora-39--fedora-38) - * [Alpine Linux 3.20.2](#alpine-linux-3202) - * [Manual Installation](#manual-installation) - * [🪜 Usage](#-usage) - * [Start/Stop/Restart WGDashboard](#startstoprestart-wgdashboard) - * [Autostart WGDashboard on boot (>= v2.2)](#autostart-wgdashboard-on-boot--v22) - * [✂️ Dashboard Configuration](#-dashboard-configuration) - * [Dashboard Configuration file](#dashboard-configuration-file) - * [Generating QR code and peer configuration file (.conf)](#generating-qr-code-and-peer-configuration-file-conf) - * [❓ How to update the dashboard?](#-how-to-update-the-dashboard) - * [**Please note for users who are using `v3 - v3.0.6` want to update to `v4.0`**](#please-note-for-users-who-are-using-v3---v306-want-to-update-to-v40) - * [**Please note for users who are using `v2.3.1` or below**](#please-note-for-users-who-are-using-v231-or-below) - * [🐬 Docker Solutions](#-docker-solutions) - * [Solution 1 from @DaanSelen](#solution-1-from-daanselen) - * [Solution 2 from @shuricksumy](#solution-2-from-shuricksumy) - * [📖 WGDashboard REST API Documentation & How to use API Key](#-wgdashboard-rest-api-documentation--how-to-use-api-key) - * [🥘 Experimental Features](#-experimental-features) - * [Cross-Server Access](#cross-server-access) - * [Desktop App](#desktop-app) - * [🔍 Screenshot](#-screenshot) - * [🕰️ Changelogs](#-changelogs) - - -## 💡 Features - -- Automatically look for existing WireGuard configuration under `/etc/wireguard` -- Easy to use interface, provided credential and TOTP protection to the dashboard -- Manage peers and configuration - - Add Peers or by bulk with auto-generated information - - Edit peer information - - Delete peers with ease - - Restrict peers - - Generate QR Code and `.conf` file for peers, share it through a public link - - Schedule jobs to delete / restrict peer when conditions are met -- View real time peer status -- Testing tool: Ping and Traceroute to your peer - - -## 📝 Requirements - -1. Supported operating systems. Please view the list below. -2. WireGuard & WireGuard-Tools (`wg-quick`) -3. Python 3.10 / 3.11 / 3.12 -4. `git`, `net-tools`, `sudo` (_This should only apply to RHEL 9 & 8, interestingly it doesn't have it preinstalled)_ - -### Supported Operating Systems -> [!NOTE] -> All operating systems below are tested by myself. All are ARM64 ran in UTM Virtual Machine. - -| Ubuntu | Debian | Red Hat Enterprise Linux | CentOS | Fedora | Alpine Linux | -|-----------|--------|--------------------------|----------|--------|------------------------| -| 20.04 LTS | 12.6 | 9.4 | 9-Stream | 40 | 3.20.2 (Under Testing) | -| 22.04 LTS | 11.10 | | | 39 | | -| 24.02 LTS | | | | 38 | | - -> [!TIP] -> If you installed WGDashboard on other systems without any issues, please let me know. Thank you! - -### Existing WireGuard Configurations - -> [!NOTE] -> This only applies to existing WireGuard Configuration under `/etc/wireguard` - -```ini -[Interface] -... -SaveConfig = true -# Need to include this line to allow WireGuard Tool to save your configuration, -# or if you just want it to monitor your WireGuard Interface and don't need to -# make any changes with the dashboard, you can set it to false. - -[Peer] -#Name# = Donald's iPhone -PublicKey = abcd1234 -AllowedIPs = 1.2.3.4/32 -``` -> [!TIP] -> With `v4`, WGDashboard will look for entry with `#Name# = abc...` in each peer and use that for the name. - -## 🛠 Install - -### Install Commands - -These commands are tested by myself in each OS. It contains commands to install WireGuard, Git, Net Tools, and even Python on some OS. - -> [!WARNING] -> Please make sure you understand these commands before you run them. - -#### Ubuntu 20.04 LTS - -```shell -sudo add-apt-repository ppa:deadsnakes/ppa -y && \ -sudo apt-get update -y && \ -sudo apt-get install python3.10 python3.10-distutils wireguard-tools net-tools --no-install-recommends -y && \ -git clone https://github.com/donaldzou/WGDashboard.git && \ -cd WGDashboard/src && \ -chmod +x ./wgd.sh && \ -./wgd.sh install && \ -sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \ -sudo sysctl -p -``` -#### Ubuntu 22.04 LTS & Ubuntu 24.02 LTS - -```shell -sudo apt-get update -y && \ -sudo apt install wireguard-tools net-tools --no-install-recommends -y && \ -git clone https://github.com/donaldzou/WGDashboard.git && \ -cd ./WGDashboard/src && \ -chmod +x ./wgd.sh && \ -./wgd.sh install && \ -sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \ -sudo sysctl -p /etc/sysctl.conf -``` -#### Debian 12.6 - -```shell -apt-get install sudo git iptables -y && \ -sudo apt-get update && \ -sudo apt install wireguard-tools net-tools && \ -git clone https://github.com/donaldzou/WGDashboard.git && \ -cd ./WGDashboard/src && \ -chmod +x ./wgd.sh && \ -./wgd.sh install && \ -sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \ -sudo sysctl -p /etc/sysctl.conf -``` - -#### Debian 11.10 - -> [!WARNING] -> This commands will download Python 3.10's source code and build from it, since Debian 11.10 doesn't comes with Python 3.10 - -```shell -apt-get install sudo -y && \ -sudo apt-get update && \ -sudo apt install -y git iptables build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev wireguard-tools net-tools && \ -wget https://www.python.org/ftp/python/3.10.0/Python-3.10.0.tgz && \ -tar -xvf Python-3.10.0.tgz && \ -cd Python-3.10.0 && \ -sudo ./configure --enable-optimizations && \ -sudo make && \ -sudo make altinstall && \ -cd .. && \ -git clone https://github.com/donaldzou/WGDashboard.git && \ -cd ./WGDashboard/src && \ -chmod +x ./wgd.sh && \ -./wgd.sh install && \ -sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \ -sudo sysctl -p /etc/sysctl.conf -``` - -#### Red Hat Enterprise Linux 9.4 & CentOS 9-Stream - -```shell -sudo yum install wireguard-tools net-tools git python3.11 -y && \ -git clone https://github.com/donaldzou/WGDashboard.git && \ -cd ./WGDashboard/src && \ -chmod +x ./wgd.sh && \ -./wgd.sh install && \ -sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \ -sudo sysctl -p /etc/sysctl.conf && \ -firewall-cmd --add-port=10086/tcp --permanent && \ -firewall-cmd --add-port=51820/udp --permanent && \ -firewall-cmd --reload -``` - -#### Fedora 40 & Fedora 39 & Fedora 38 - -```shell -sudo yum install wireguard-tools net-tools git -y && \ -git clone https://github.com/donaldzou/WGDashboard.git && \ -cd ./WGDashboard/src && \ -chmod +x ./wgd.sh && \ -./wgd.sh install && \ -sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \ -sudo sysctl -p /etc/sysctl.conf && \ -firewall-cmd --add-port=10086/tcp --permanent && \ -firewall-cmd --add-port=51820/udp --permanent && \ -firewall-cmd --reload -``` - -#### Alpine Linux 3.20.2 - -```shell -setup-interfaces -a ; \ -rc-service networking --quiet start ; \ -printf "https://mirrors.aliyun.com/alpine/latest-stable/main\nhttps://mirrors.aliyun.com/alpine/latest-stable/community" > /etc/apk/repositories ; \ -apk update ; \ -apk add wireguard-tools python3 python3-dev git iptables net-tools gcc musl-dev linux-headers sudo ; \ -git clone -b v4.0-alpine-linux https://github.com/donaldzou/WGDashboard.git ; \ -cd ./WGDashboard/src ; \ -chmod +x ./wgd.sh ; \ -./wgd.sh install -``` - -### Manual Installation - -> [!NOTE] -> To ensure a smooth installation process, please make sure Python 3.10/3.11/3.12, `git`, `wireguard-tools` and `net-tools` are installed :) - -1. Download WGDashboard - - ```shell - git clone https://github.com/donaldzou/WGDashboard.git wgdashboard - -2. Open the WGDashboard folder - - ```shell - cd wgdashboard/src - ``` - -3. Install WGDashboard - - ```shell - sudo chmod u+x wgd.sh && \ - sudo ./wgd.sh install - ``` - -4. Give read and execute permission to root of the WireGuard configuration folder, you can change the path if your configuration files are not stored in `/etc/wireguard` - - ```shell - sudo chmod -R 755 /etc/wireguard - ``` - -5. Run WGDashboard - - ```shell - sudo ./wgd.sh start - ``` - -6. Access dashboard - - Access your server with port `10086` (e.g. http://your_server_ip:10086), using username `admin` and password `admin`. See below how to change port and ip that the dashboard is running with. - - - -## 🪜 Usage - -#### Start/Stop/Restart WGDashboard - - -```shell -cd wgdashboard/src ------------------------------ -./wgd.sh start # Start the dashboard in background ------------------------------ -./wgd.sh debug # Start the dashboard in foreground (debug mode) ------------------------------ -./wgd.sh stop # Stop the dashboard ------------------------------ -./wgd.sh restart # Restart the dasboard -``` - -#### Autostart WGDashboard on boot (>= v2.2) - -In the `src` folder, it contained a file called `wg-dashboard.service`, we can use this file to let our system to autostart the dashboard after reboot. The following guide has tested on **Ubuntu**, most **Debian** based OS might be the same, but some might not. Please don't hesitate to provide your system if you have tested the autostart on another system. - -1. Changing the directory to the dashboard's directory - - ```shell - cd wgdashboard/src - ``` - -2. Get the full path of the dashboard's directory - - ```shell - pwd - #Output: /root/wgdashboard/src - ``` - - For this example, the output is `/root/wireguard-dashboard/src`, your path might be different since it depends on where you downloaded the dashboard in the first place. **Copy the the output to somewhere, we will need this in the next step.** - -3. Edit the service file, the service file is located in `wireguard-dashboard/src`, you can use other editor you like, here will be using `nano` - - ```shell - nano wg-dashboard.service - ``` - - You will see something like this: - - ```ini - [Unit] - After=syslog.target network-online.target - Wants=wg-quick.target - ConditionPathIsDirectory=/etc/wireguard - - [Service] - Type=forking - PIDFile=/gunicorn.pid - WorkingDirectory= - ExecStart=/wgd.sh start - ExecStop=/wgd.sh stop - ExecReload=/wgd.sh restart - TimeoutSec=120 - PrivateTmp=yes - Restart=always - - [Install] - WantedBy=multi-user.target - ``` - - Now, we need to replace all `` to the one you just copied from step 2. After doing this, the file will become something like this, your file might be different: - - **Be aware that after the value of `WorkingDirectory`, it does not have a `/` (slash).** And then save the file after you edited it - -4. Copy the service file to systemd folder - - ```bash - $ sudo cp wg-dashboard.service /etc/systemd/system/wg-dashboard.service - ``` - - To make sure you copy the file successfully, you can use this command `cat /etc/systemd/system/wg-dashboard.service` to see if it will output the file you just edited. - -5. Enable the service - - ```bash - $ sudo chmod 664 /etc/systemd/system/wg-dashboard.service - $ sudo systemctl daemon-reload - $ sudo systemctl enable wg-dashboard.service - $ sudo systemctl start wg-dashboard.service # <-- To start the service - ``` - -6. Check if the service run correctly - - ```bash - $ sudo systemctl status wg-dashboard.service - ``` - And you should see something like this - - ```shell - ● wg-dashboard.service - Loaded: loaded (/etc/systemd/system/wg-dashboard.service; enabled; vendor preset: enabled) - Active: active (running) since Wed 2024-08-14 22:21:47 EDT; 55s ago - Process: 494968 ExecStart=/home/donaldzou/Wireguard-Dashboard/src/wgd.sh start (code=exited, status=0/SUCCESS) - Main PID: 495005 (gunicorn) - Tasks: 5 (limit: 4523) - Memory: 36.8M - CPU: 789ms - CGroup: /system.slice/wg-dashboard.service - ├─495005 /home/donaldzou/Wireguard-Dashboard/src/venv/bin/python3 ./venv/bin/gunicorn --config ./gunicorn.conf.py - └─495007 /home/donaldzou/Wireguard-Dashboard/src/venv/bin/python3 ./venv/bin/gunicorn --config ./gunicorn.conf.py - - Aug 14 22:21:40 wg sudo[494978]: root : PWD=/home/donaldzou/Wireguard-Dashboard/src ; USER=root ; COMMAND=./venv/bin/gunicorn --config ./gunicorn.conf.py - Aug 14 22:21:40 wg sudo[494978]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0) - Aug 14 22:21:40 wg wgd.sh[494979]: [WGDashboard] WGDashboard w/ Gunicorn will be running on 0.0.0.0:10086 - Aug 14 22:21:40 wg wgd.sh[494979]: [WGDashboard] Access log file is at ./log/access_2024_08_14_22_21_40.log - Aug 14 22:21:40 wg wgd.sh[494979]: [WGDashboard] Error log file is at ./log/error_2024_08_14_22_21_40.log - Aug 14 22:21:40 wg sudo[494978]: pam_unix(sudo:session): session closed for user root - Aug 14 22:21:45 wg wgd.sh[494968]: [WGDashboard] Checking if WGDashboard w/ Gunicorn started successfully - Aug 14 22:21:47 wg wgd.sh[494968]: [WGDashboard] WGDashboard w/ Gunicorn started successfully - Aug 14 22:21:47 wg wgd.sh[494968]: ------------------------------------------------------------ - Aug 14 22:21:47 wg systemd[1]: Started wg-dashboard.service. - ``` - - If you see `Active:` followed by `active (running) since...` then it means it run correctly. - -7. Stop/Start/Restart the service - - ```bash - sudo systemctl stop wg-dashboard.service # <-- To stop the service - sudo systemctl start wg-dashboard.service # <-- To start the service - sudo systemctl restart wg-dashboard.service # <-- To restart the service - ``` - -8. **And now you can reboot your system, and use the command at step 6 to see if it will auto start after the reboot, or just simply access the dashboard through your browser. If you have any questions or problem, please report it in the issue page.** - -## ✂️ Dashboard Configuration - -#### Dashboard Configuration file - -Since version 2.0, WGDashboard will be using a configuration file called `wg-dashboard.ini`, (It will generate automatically after first time running the dashboard). More options will include in future versions, and for now it included the following configurations: - -| | Description | Default | Edit Available | -|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------|----------------| -| **`[Account]`** | *Configuration on account* | | | -| `username` | Dashboard login username | `admin` | Yes | -| `password` | Password, will be hash with SHA256 | `admin` hashed in SHA256 | Yes | -| | | | | -| **`[Server]`** | *Configuration on dashboard* | | | -| `wg_conf_path` | The path of all the Wireguard configurations | `/etc/wireguard` | Yes | -| `app_ip` | IP address the dashboard will run with | `0.0.0.0` | Yes | -| `app_port` | Port the the dashboard will run with | `10086` | Yes | -| `auth_req` | Does the dashboard need authentication to access, if `auth_req = false` , user will not be access the **Setting** tab due to security consideration. **User can only edit the file directly in system**. | `true` | **No** | -| `version` | Dashboard Version | `v4.0` | **No** | -| `dashboard_refresh_interval` | How frequent the dashboard will refresh on the configuration page | `60000ms` | Yes | -| `dashboard_sort` | How configuration is sorting | `status` | Yes | -| `dashboard_theme` | Dashboard Theme | `dark` | Yes | -| | | | | -| **`[Peers]`** | *Default Settings on a new peer* | | | -| `peer_global_dns` | DNS Server | `1.1.1.1` | Yes | -| `peer_endpoint_allowed_ip` | Endpoint Allowed IP | `0.0.0.0/0` | Yes | -| `peer_display_mode` | How peer will display | `grid` | Yes | -| `remote_endpoint` | Remote Endpoint (i.e where your peers will connect to) | *depends on your server's default network interface* | Yes | -| `peer_mtu` | Maximum Transmit Unit | `1420` | | -| `peer_keep_alive` | Keep Alive | `21` | Yes | - -#### Generating QR code and peer configuration file (.conf) - -Starting version 2.2, dashboard can now generate QR code and configuration file for each peer. Here is a template of what each QR code encoded with and the same content will be inside the file: - -```ini -[Interface] -PrivateKey = QWERTYUIOPO234567890YUSDAKFH10E1B12JE129U21= -Address = 0.0.0.0/32 -DNS = 1.1.1.1 - -[Peer] -PublicKey = QWERTYUIOPO234567890YUSDAKFH10E1B12JE129U21= -AllowedIPs = 0.0.0.0/0 -Endpoint = 0.0.0.0:51820 -``` - -| | Description | Default Value | Available in Peer setting | -| ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------- | -| **`[Interface]`** | | | | -| `PrivateKey` | The private key of this peer | Private key generated by WireGuard (`wg genkey`) or provided by user | Yes | -| `Address` | The `allowed_ips` of your peer | N/A | Yes | -| `DNS` | The DNS server your peer will use | `1.1.1.1` - Cloud flare DNS, you can change it when you adding the peer or in the peer setting. | Yes | -| **`[Peer]`** | | | | -| `PublicKey` | The public key of your server | N/A | No | -| `AllowedIPs` | IP ranges for which a peer will route traffic | `0.0.0.0/0` - Indicated a default route to send all internet and VPN traffic through that peer. | Yes | -| `Endpoint` | Your wireguard server ip and port, the dashboard will search for your server's default interface's ip. | `:` | Yes | - -## ❓ How to update the dashboard? - -#### **Please note for users who are using `v3 - v3.0.6` want to update to `v4.0`** -- Although theoretically updating through `wgd.sh` should work, but I still suggest you to update the dashboard manually. - -#### **Please note for users who are using `v2.3.1` or below** - -- For user who is using `v2.3.1` or below, please notice that all data that stored in the current database will **not** transfer to the new database. This is hard decision to move from TinyDB to SQLite. But SQLite does provide a thread-safe access and TinyDB doesn't. I couldn't find a safe way to transfer the data, so you need to do them manually... Sorry about that :pensive:。 But I guess this would be a great start for future development :sunglasses:. - - -1. Change your directory to `wgdashboard` - - ```shell - cd wgdashboard/src - ``` - -2. Update the dashboard - ```shell - git pull https://github.com/donaldzou/WGDashboard.git --force - ``` - -3. Install - - ```shell - sudo ./wgd.sh install - ``` - -Starting with `v3.0`, you can simply do `sudo ./wgd.sh update` !! (I hope) - -## 🐬 Docker Solutions - -Current, we have 2 beloved contributors provided solutions for hosting WGDashboard with Docker - -### Solution 1 from @DaanSelen - -Please visit [Docker-explain.md](./docker/Docker-explain.md) - -### Solution 2 from @shuricksumy - -Please visit [shuricksumy/docker-wgdashboard](https://github.com/shuricksumy/docker-wgdashboard) - -> For questions or issues related to Docker, please visit [#272](https://github.com/donaldzou/WGDashboard/issues/272) - -## 📖 WGDashboard REST API Documentation & How to use API Key - -Please visit the [API Documentation](./docs/api-documents.md) - -## 🥘 Experimental Features - -### Cross-Server Access - -Starting with `v4.0`, you can access WGDashboards on other server through one WGDashboard with API Keys - -![Cross Server Example](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/cross-server.gif) - -### Desktop App - -Since the major changes for `v4.0` is to move the whole front-end code to Vue.js. And with this change, we can take the -advantage of combining ElectronJS and Vue.js to create a Desktop version of WGDashboard. Currently, we provide an Universal macOS app and a Windows app. - -To download the app, please visit the [latest release](https://github.com/donaldzou/WGDashboard/releases). - -![ElectronJS App Demo](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/electronjs-app.gif) - -## 🔍 Screenshot - -![Sign In](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/sign-in.png) -![Cross Server](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/cross-server.png) -![Index](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/index.png) -![New Configuration](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/new-configuration.png) -![Settings](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/settings.png) -![Light-Dark Mode](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/light-dark.png) -![Configuration](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/configuration.png) -![Add Peers](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/add-peers.png) -![Ping](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/ping.png) -![Traceroute](https://donaldzou.nyc3.cdn.digitaloceanspaces.com/wgdashboard-images/traceroute.png) - -## 🕰️ Changelogs - -Please visit the [Changelogs.md](./docs/changelogs.md) +

+ Official Documentation ➡️ +

+

+ I've moved the documentation to a new repo with a published site. It improved readability for you and easier to manage for me ;) +

From 5d041b2fd380550c4bd9c1f566c56fe34b8ccae8 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Wed, 25 Sep 2024 18:01:05 +0800 Subject: [PATCH 31/63] Update README.md --- README.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index b0246f7..02888ed 100644 --- a/README.md +++ b/README.md @@ -21,14 +21,20 @@ wakatime

-

Monitoring WireGuard is not convenient, need to remote access to server and type wg show. That's why this project is being created, to view all configurations and manage them in a easy way.

-

With all these awesome features, while keeping it simple, easy to install and use

+

Monitoring WireGuard is not convenient, in most case, you'll need to login to your server and type wg show. That's why this project is being created, to view and manage all WireGuard configurations in a easy way.

+

With all these awesome features, while keeping it easy to install and use

This project is not affiliate to the official WireGuard Project

-

- Official Documentation ➡️ -

-

- I've moved the documentation to a new repo with a published site. It improved readability for you and easier to manage for me ;) -

+
+ +## [Official Documentation ➡️](https://donaldzou.github.io/WGDashboard-Documentation/) +> [!NOTE] +> To better manage documentation for this project. I've moved it to its own [repo](https://github.com/donaldzou/WGDashboard-Documentation). I will keep updating over there and leave this README only with important information. + +- [💡 Features](https://donaldzou.github.io/WGDashboard-Documentation/features.html) +- [📝 Requirements](https://donaldzou.github.io/WGDashboard-Documentation/requirements.html) +- [🛠 Install](https://donaldzou.github.io/WGDashboard-Documentation/install.html) +- [🪜 Usage](https://donaldzou.github.io/WGDashboard-Documentation/usage.html) +- [📖 API Documentation](https://donaldzou.github.io/WGDashboard-Documentation/api-documentation.html) +- [And much more...](https://donaldzou.github.io/WGDashboard-Documentation/) From 2a46c873b8d1753644b4daec040353d3300d8fa9 Mon Sep 17 00:00:00 2001 From: Dselen Date: Fri, 27 Sep 2024 03:22:03 -0500 Subject: [PATCH 32/63] Removed Debian container --- docker/debian/Dockerfile | 69 ----------- docker/debian/compose.yaml | 23 ---- docker/debian/entrypoint.sh | 227 ------------------------------------ 3 files changed, 319 deletions(-) delete mode 100644 docker/debian/Dockerfile delete mode 100644 docker/debian/compose.yaml delete mode 100644 docker/debian/entrypoint.sh diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile deleted file mode 100644 index 7e4e46a..0000000 --- a/docker/debian/Dockerfile +++ /dev/null @@ -1,69 +0,0 @@ -# Pull from small Debian stable image. -FROM debian:stable-slim AS build -LABEL maintainer="dselen@nerthus.nl" - -# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ARG Git_Url="https://github.com/donaldzou/WGDashboard.git" -ARG wg_net="10.0.0.1" -ARG wg_port="51820" - -# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. -ENV TZ="Europe/Amsterdam" -ENV global_dns="1.1.1.1" -ENV enable="none" -ENV isolate="wg0" -ENV public_ip="0.0.0.0" -ENV update="yes" - -# Doing basic system maintenance. Change the timezone to the desired timezone. -RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime - -# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. -ENV WGDASH=/opt/wireguarddashboard - -# Doing package management operations, such as upgrading -RUN apt-get update && apt-get install -y --no-install-recommends \ - curl git \ - iptables python3 \ - wireguard wireguard-tools \ - sudo && \ - apt-get remove -y linux-image-* && \ - apt-get autoremove -y && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. - -# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ - && git clone ${Git_Url} /setup/app - -# Set the volume to be used for WireGuard configuration persistency. -VOLUME /etc/wireguard -VOLUME ${WGDASH} - -# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. -# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. -SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN echo "[Interface]" > /setup/conf/wg0.conf \ - && echo "Address = ${wg_net}/24" >> /setup/conf/wg0.conf \ - && echo "PrivateKey =" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "ListenPort = ${wg_port}" >> /setup/conf/wg0.conf \ - && echo "SaveConfig = true" >> /setup/conf/wg0.conf \ - && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf - -# Defining a way for Docker to check the health of the container. In this case: checking the login URL. -HEALTHCHECK --interval=2m --timeout=1m --start-period=20s --retries=3 \ - CMD [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:10086/)" -eq "200" ] || exit 1 - - -# Copy the basic entrypoint.sh script. -COPY entrypoint.sh /entrypoint.sh - -# Exposing the default WireGuard Dashboard port for web access. -EXPOSE 10086 -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file diff --git a/docker/debian/compose.yaml b/docker/debian/compose.yaml deleted file mode 100644 index a921a23..0000000 --- a/docker/debian/compose.yaml +++ /dev/null @@ -1,23 +0,0 @@ -services: - wireguard-dashboard: - image: dselen/wgdashboard:dev - restart: unless-stopped - container_name: wgdashboard - environment: - #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. - - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. - ports: - - 10086:10086/tcp - - 51820:51820/udp - volumes: - - app:/opt/wireguarddashboard - - conf:/etc/wireguard - cap_add: - - NET_ADMIN - -volumes: - app: - conf: diff --git a/docker/debian/entrypoint.sh b/docker/debian/entrypoint.sh deleted file mode 100644 index 1ece541..0000000 --- a/docker/debian/entrypoint.sh +++ /dev/null @@ -1,227 +0,0 @@ -#!/bin/bash - -echo "------------------------- START ----------------------------" -echo "Starting the WireGuard Dashboard Docker container." - -ensure_installation() { - # When using a custom directory to store the files, this part moves over and makes sure the installation continues. - echo "Checking if everything is present." - - if [ -z "$(ls -A "${WGDASH}")" ]; then - echo "Detected empty directory, moving over..." - - mv /setup/app/{.[!.],}* "${WGDASH}" - python3 -m venv "${WGDASH}"/src/venv - . "${WGDASH}/src/venv/bin/activate" - chmod +x "${WGDASH}"/src/wgd.sh - cd "${WGDASH}"/src || exit - ./wgd.sh install - - echo "Looks like the installation succesfully moved over." - else - echo "Looks like everything is present." - fi - - # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. - if [ ! -f "/etc/wireguard/wg0.conf" ]; then - echo "Standard wg0 Configuration file not found, grabbing template." - cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" - - echo "Setting a secure private key." - - local privateKey - privateKey=$(wg genkey) - - sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf - sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf - echo "Done setting template." - else - echo "Existing wg0 configuration file found, using that." - fi -} - -# === CLEAN UP === -clean_up() { - printf "\n------------------------ CLEAN UP --------------------------\n" - - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. - echo "Looking for remains of previous instances..." - local pid_file="${WGDASH}/src/gunicorn.pid" - if [ -f "$pid_file" ]; then - echo "Found old pid file, removing." - rm $pid_file - else - echo "No pid remains found, continuing." - fi - - # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy - local pycache="${WGDASH}/src/__pycache__" - if [ -d "$pycache" ]; then - local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) - if [ "$pycache_filecount" -gt 0 ]; then - echo "Found old pycaches, removing." - rm -rf "$pycache"/* - else - echo "No pycaches found, continuing." - fi - else - echo "No pycaches found, continuing." - fi - - local logdir="${WGDASH}/src/log" - echo "Cleaning log directory." - find /opt/wireguarddashboard/src/log -name 'access_*.log' -exec rm {} + - find /opt/wireguarddashboard/src/log -name 'error_*.log' -exec rm {} + - echo "Removed unneeded logs!" -} - -#update_checker() { - #if [ "$update" = "yes" ]; then - # echo "Activating Python venv and executing the WireGuard Dashboard service." - # . "${WGDASH}/src/venv/bin/activate" - # cd "${WGDASH}"/src || exit - # bash wgd.sh update - #else - # echo "Auto Updater disabled" - #fi -#} - -# === SET ENV VARS === -set_envvars() { - printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" - - # Changing the DNS used for clients and the dashboard itself. - if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Changing default dns." - - #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. - sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini - else - echo "DNS is set correctly." - fi - - # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. - if [ "${public_ip}" = "0.0.0.0" ]; then - default_ip=$(curl -s ifconfig.me) - echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" - - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini - elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Setting the Public-IP using given variable: ${public_ip}" - - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini - fi -} - -# === CORE SERVICES === -start_core() { - printf "\n---------------------- STARTING CORE -----------------------\n" - - echo "Activating Python venv and executing the WireGuard Dashboard service." - . "${WGDASH}"/src/venv/bin/activate - cd "${WGDASH}"/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. - bash wgd.sh start - - # Isolated peers feature, first converting the existing configuration files and the given names to arrays. - local configurations=(/etc/wireguard/*) - IFS=',' read -r -a do_isolate <<< "${isolate}" - non_isolate=() - - # Checking if there are matches between the two arrays. - for config in "${configurations[@]}"; do - local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') - found=false - for interface in "${do_isolate[@]}"; do - if [[ "$config" == "$interface" ]]; then - found=true - break - fi - done - if [ "$found" = false ]; then - non_isolate+=("$config") - fi - done - - # Isolating the matches. - for interface in "${do_isolate[@]}"; do - if [ "$interface" = "none" ]; then - echo "Found: $interface, stopping isolation checking." - break - else - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Isolating interface:" $interface - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - - if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - fi - else - echo "Configuration for $interface does not seem to exist, continuing." - fi - fi - done - - # Removing isolation for the configurations that did not match. - for interface in "${non_isolate[@]}"; do - if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Removing Isolation if present for:" $interface - sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - else - echo "Configuration for $interface does not seem to exist, continuing." - fi - done - - # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. - IFS=',' read -r -a enable_array <<< "${enable}" - - for interface in "${enable_array[@]}"; do - if [ "$interface" = "none" ]; then - echo "Found: $interface, stopping enabling checking." - break - else - echo "Enabling interface:" $interface - - local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) - if [ $fileperms -eq 644 ]; then - echo "Configuration is world accessible, adjusting." - chmod 600 "/etc/wireguard/${interface}.conf" - fi - - if [ -f "/etc/wireguard/${interface}.conf" ]; then - wg-quick up $interface - else - echo "No corresponding configuration file found for $interface doing nothing." - fi - fi - done -} - -# === CLEAN UP === -ensure_blocking() { - printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" - - sleep 1s - echo "Ensuring container continuation." - - # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) - - tail -f "${latestErrLog}" "${latestAccLog}" - fi - - # Blocking command in case of erroring. So the container does not quit. - sleep infinity -} - -# Execute functions for the WireGuard Dashboard services, then set the environment variables -ensure_installation -clean_up -#update_checker -start_core -set_envvars -ensure_blocking \ No newline at end of file From dd38809866e43429abd73bc545c1aa1191eeb4c1 Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 07:45:24 -0500 Subject: [PATCH 33/63] Rebase --- docker/alpine/Dockerfile => Dockerfile | 30 +++++++++++--------- docker/{alpine => }/compose.yaml | 2 +- docker/alpine/entrypoint.sh => entrypoint.sh | 3 +- 3 files changed, 19 insertions(+), 16 deletions(-) rename docker/alpine/Dockerfile => Dockerfile (65%) rename docker/{alpine => }/compose.yaml (97%) rename docker/alpine/entrypoint.sh => entrypoint.sh (99%) diff --git a/docker/alpine/Dockerfile b/Dockerfile similarity index 65% rename from docker/alpine/Dockerfile rename to Dockerfile index 73c893e..dd204c4 100644 --- a/docker/alpine/Dockerfile +++ b/Dockerfile @@ -3,7 +3,6 @@ FROM alpine:latest AS build LABEL maintainer="dselen@nerthus.nl" # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ARG Git_Url="https://github.com/DaanSelen/WGDashboard.git" ARG wg_net="10.0.0.1" ARG wg_port="51820" @@ -17,7 +16,7 @@ ENV public_ip="0.0.0.0" # Doing package management operations, such as upgrading RUN apk update \ && apk add --no-cache bash git tzdata \ - iptables ip6tables curl openrc wireguard-tools \ + iptables ip6tables openrc curl wireguard-tools \ sudo py3-psutil py3-bcrypt # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. @@ -26,8 +25,8 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} \ - && git clone ${Git_Url} /setup/app +RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} +COPY ./src /setup/app/src #COPY src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. @@ -37,16 +36,19 @@ VOLUME ${WGDASH} # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN echo "[Interface]" > /setup/conf/wg0.conf \ - && echo "Address = ${wg_net}/24" >> /setup/conf/wg0.conf \ - && echo "PrivateKey =" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /setup/conf/wg0.conf \ - && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /setup/conf/wg0.conf \ - && echo "ListenPort = ${wg_port}" >> /setup/conf/wg0.conf \ - && echo "SaveConfig = true" >> /setup/conf/wg0.conf \ - && echo "DNS = ${global_dns}" >> /setup/conf/wg0.conf +RUN out_adapt=$(ip -o -4 route show to default | awk '{print $NF}') \ + && echo -e "[Interface]\n\ +Address = ${wg_net}/24\n\ +PrivateKey =\n\ +PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP\n\ +PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ +ListenPort = ${wg_port}\n\ +SaveConfig = true\n\ +DNS = ${global_dns}" > /setup/conf/wg0.conf + + # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ diff --git a/docker/alpine/compose.yaml b/docker/compose.yaml similarity index 97% rename from docker/alpine/compose.yaml rename to docker/compose.yaml index 341fa27..16c812b 100644 --- a/docker/alpine/compose.yaml +++ b/docker/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: dselen:alpine + image: test:latest restart: unless-stopped container_name: wgdashboard environment: diff --git a/docker/alpine/entrypoint.sh b/entrypoint.sh similarity index 99% rename from docker/alpine/entrypoint.sh rename to entrypoint.sh index 20c2711..7f42b52 100644 --- a/docker/alpine/entrypoint.sh +++ b/entrypoint.sh @@ -11,7 +11,8 @@ ensure_installation() { echo "Detected empty directory, moving over..." mv /setup/app/* "${WGDASH}" - mv /setup/app/.* "${WGDASH}" + #mv /setup/app/.* "${WGDASH}" + python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" From d4819b13eb383b4856e50a9bbcd82cc10b77e485 Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 08:11:21 -0500 Subject: [PATCH 34/63] working tests --- Dockerfile | 8 ++------ entrypoint.sh | 4 ++-- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index d8e725b..e74f075 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,3 @@ -# Pull from small Debian stable image. FROM alpine:latest AS build LABEL maintainer="dselen@nerthus.nl" @@ -27,7 +26,6 @@ ENV WGDASH=/opt/wireguarddashboard # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} COPY ./src /setup/app/src -#COPY src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. VOLUME /etc/wireguard @@ -46,15 +44,13 @@ PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQ PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ ListenPort = ${wg_port}\n\ SaveConfig = true\n\ -DNS = ${global_dns}" > /setup/conf/wg0.conf - - +DNS = ${global_dns}" > /setup/conf/wg0.conf \ + && chmod 600 /setup/conf/wg0.conf # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 - # Copy the basic entrypoint.sh script. COPY entrypoint.sh /entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index 7f42b52..e9e6afa 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -31,8 +31,8 @@ ensure_installation() { # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. if [ ! -f "/etc/wireguard/wg0.conf" ]; then - echo "Standard wg0 Configuration file not found, grabbing template." - cp "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" + echo "Standard wg0 Configuration file not found, grabbing template. And adjusting permissions." + cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." From 0c5033ff79d9d031138b5997cc592021de95b87c Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 08:23:17 -0500 Subject: [PATCH 35/63] fixed issues with commits --- docker/README.md | 2 -- docker/alpine/builder.sh | 43 ---------------------------------- docker/alpine/requirements.txt | 2 -- entrypoint.sh | 2 +- src/entrypoint.sh | 34 --------------------------- src/iptable-rules/postdown.sh | 13 ---------- src/iptable-rules/postup.sh | 26 -------------------- src/wgd.sh | 33 -------------------------- 8 files changed, 1 insertion(+), 154 deletions(-) delete mode 100644 docker/alpine/builder.sh delete mode 100644 docker/alpine/requirements.txt delete mode 100644 src/entrypoint.sh delete mode 100644 src/iptable-rules/postdown.sh delete mode 100644 src/iptable-rules/postup.sh diff --git a/docker/README.md b/docker/README.md index e31933e..2160e7e 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,5 +1,4 @@ # WGDashboard Docker Explanation: - Author: DaanSelen
This document delves into how the WGDashboard Docker container has been built.
@@ -100,7 +99,6 @@ dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB ## Closing remarks: -Excuse the large image size, whoops! Debian's big... sometimes.
For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. ## In Progress: diff --git a/docker/alpine/builder.sh b/docker/alpine/builder.sh deleted file mode 100644 index 5511413..0000000 --- a/docker/alpine/builder.sh +++ /dev/null @@ -1,43 +0,0 @@ -venv_python="./venv/bin/python3" -venv_gunicorn="./venv/bin/gunicorn" -pythonExecutable="python3" - - -_check_and_set_venv(){ - VIRTUAL_ENV="./venv" - if [ ! -d $VIRTUAL_ENV ]; then - printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n" - { $pythonExecutable -m venv $VIRTUAL_ENV; } >> ./log/install.txt - fi - - if ! $venv_python --version > /dev/null 2>&1 - then - printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark" - kill $TOP_PID - fi - - source ${VIRTUAL_ENV}/bin/activate - -} - -build_core () { - if [ ! -d "log" ] - then - printf "[WGDashboard] Creating ./log folder\n" - mkdir "log" - fi - - - apk add --no-cache python3 net-tools python3-dev py3-virtualenv - _check_and_set_venv - printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" - { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt - printf "[WGDashboard] Building Bcrypt & Psutil\n" - { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt - printf "[WGDashboard] Build Successfull!\n" - printf "[WGDashboard] Clean Up Pip!\n" - { date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt - -} - -build_core diff --git a/docker/alpine/requirements.txt b/docker/alpine/requirements.txt deleted file mode 100644 index 074ed2f..0000000 --- a/docker/alpine/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -bcrypt -psutil diff --git a/entrypoint.sh b/entrypoint.sh index e9e6afa..bf5e20c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -31,7 +31,7 @@ ensure_installation() { # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. if [ ! -f "/etc/wireguard/wg0.conf" ]; then - echo "Standard wg0 Configuration file not found, grabbing template. And adjusting permissions." + echo "Standard wg0 Configuration file not found, grabbing template." cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." diff --git a/src/entrypoint.sh b/src/entrypoint.sh deleted file mode 100644 index c8056f2..0000000 --- a/src/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -echo "Starting the WireGuard Dashboard Docker container." - -clean_up() { - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. - echo "Looking for remains of previous instances..." - if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then - echo "Found old .pid file, removing." - rm /opt/wireguarddashboard/app/src/gunicorn.pid - else - echo "No remains found, continuing." - fi -} -ensure_blocking() { - sleep 1s - echo "Ensuring container continuation." - - # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) - tail -f "${latestErrLog}" "${latestAccLog}" - fi - - # Blocking command in case of erroring. So the container does not quit. - sleep infinity -} - -{ date; clean_up; printf "\n\n"; } >> ./log/install.txt - -chmod u+x /opt/wireguarddashboard/src/wgd.sh -/opt/wireguarddashboard/src/wgd.sh install -/opt/wireguarddashboard/src/wgd.sh docker_start -ensure_blocking diff --git a/src/iptable-rules/postdown.sh b/src/iptable-rules/postdown.sh deleted file mode 100644 index 962772a..0000000 --- a/src/iptable-rules/postdown.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -WIREGUARD_INTERFACE=ADMINS -WIREGUARD_LAN=10.0.0.1/24 -MASQUERADE_INTERFACE=eth0 - -CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE" - -iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN - -# Remove and delete the WIREGUARD_wg0 chain -iptables -D FORWARD -j $CHAIN_NAME -iptables -F $CHAIN_NAME -iptables -X $CHAIN_NAME \ No newline at end of file diff --git a/src/iptable-rules/postup.sh b/src/iptable-rules/postup.sh deleted file mode 100644 index 0fc8b87..0000000 --- a/src/iptable-rules/postup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -WIREGUARD_INTERFACE=ADMINS -WIREGUARD_LAN=10.0.0.1/24 -MASQUERADE_INTERFACE=eth0 - -iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN - -# Add a WIREGUARD_wg0 chain to the FORWARD chain -CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE" -iptables -N $CHAIN_NAME -iptables -A FORWARD -j $CHAIN_NAME - -# Accept related or established traffic -iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -# Accept traffic from any Wireguard IP address connected to the Wireguard server -iptables -A $CHAIN_NAME -s $WIREGUARD_LAN -i $WIREGUARD_INTERFACE -j ACCEPT - -# Allow traffic to the local loopback interface -iptables -A $CHAIN_NAME -o lo -j ACCEPT - -# Drop everything else coming through the Wireguard interface -iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP - -# Return to FORWARD chain -iptables -A $CHAIN_NAME -j RETURN \ No newline at end of file diff --git a/src/wgd.sh b/src/wgd.sh index d080e70..8e4db79 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -341,22 +341,7 @@ stop_wgd() { fi } -startwgd_docker() { - _checkWireguard - printf "[WGDashboard][Docker] WireGuard configuration started\n" - { date; start_core ; printf "\n\n"; } >> ./log/install.txt - gunicorn_start -} - start_core() { - local iptable_dir="/opt/wireguarddashboard/src/iptable-rules" - # Check if wg0.conf exists in /etc/wireguard - if [[ ! -f /etc/wireguard/wg0.conf ]]; then - echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration." - newconf_wgd - else - echo "[WGDashboard][Docker] wg0.conf already exists. Skipping WireGuard configuration generation." - fi # Re-assign config_files to ensure it includes any newly created configurations local config_files=$(find /etc/wireguard -type f -name "*.conf") @@ -371,24 +356,6 @@ start_core() { done } - - -newconf_wgd() { - local wg_port_listen=$wg_port - local wg_addr_range=$wg_net - private_key=$(wg genkey) - public_key=$(echo "$private_key" | wg pubkey) - cat <"/etc/wireguard/wg0.conf" -[Interface] -PrivateKey = $private_key -Address = $wg_addr_range -ListenPort = $wg_port_listen -SaveConfig = true -PostUp = /opt/wireguarddashboard/src/iptable-rules/postup.sh -PreDown = /opt/wireguarddashboard/src/iptable-rules/postdown.sh -EOF -} - start_wgd_debug() { printf "%s\n" "$dashes" _checkWireguard From 145d12b2c8160277d486930d1831d19b619dea7f Mon Sep 17 00:00:00 2001 From: Dselen Date: Thu, 3 Oct 2024 08:26:30 -0500 Subject: [PATCH 36/63] Added minor changes and deletions. --- compose.yaml | 26 -------------------------- docker/compose.yaml | 2 +- 2 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 compose.yaml diff --git a/compose.yaml b/compose.yaml deleted file mode 100644 index a75ef45..0000000 --- a/compose.yaml +++ /dev/null @@ -1,26 +0,0 @@ -services: - - wireguard-dashboard: - build: ./ - container_name: wiregate - cap_add: - - NET_ADMIN - - SYS_MODULE - restart: unless-stopped - environment: - - wg_net=10.0.0.1/24 - - wg_port=51820 - volumes: - - wgd_configs:/etc/wireguard - - wgd_app:/opt/wireguarddashboard/src - ports: - - 10086:10086/tcp - - 51820:51820/udp - sysctls: - - net.ipv4.ip_forward=1 - - net.ipv4.conf.all.src_valid_mark=1 - - -volumes: - wgd_configs: - wgd_app: \ No newline at end of file diff --git a/docker/compose.yaml b/docker/compose.yaml index 16c812b..68e7efc 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -12,7 +12,7 @@ services: ports: - 10086:10086/tcp - 51820:51820/udp - volumes: + volumes: # Can be customized to only the /opt/wireguarddashboard/src/db folder with the /opt/wireguarddashboard/src/wg-dashboard.ini file. - ./app:/opt/wireguarddashboard - ./conf:/etc/wireguard cap_add: From 221e03ecfaad693dfd5169cd037cc1fc6df6948c Mon Sep 17 00:00:00 2001 From: dselen <80752476+DaanSelen@users.noreply.github.com> Date: Thu, 3 Oct 2024 16:03:42 +0200 Subject: [PATCH 37/63] Fix README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bc2267a..fe16fdc 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@

This project is not affiliate to the official WireGuard Project

+ > [!NOTE] > To better manage documentation for this project. I've moved it to its own [repo](https://github.com/donaldzou/WGDashboard-Documentation). I will keep updating over there and leave this README only with important information. From baaecdbd8c643a57e6dd8d5d2a302447371ca223 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Sat, 5 Oct 2024 10:05:48 +0800 Subject: [PATCH 38/63] Update wgd.sh --- src/wgd.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index 8e4db79..389da1a 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -78,7 +78,7 @@ _installPython(){ ubuntu|debian) { sudo apt update ; sudo apt-get install -y python3 net-tools; printf "\n\n"; } &>> ./log/install.txt ;; - centos|fedora|redhat|rehl) + centos|fedora|redhat|rhel|almalinux) if command -v dnf &> /dev/null; then { sudo dnf install -y python3 net-tools; printf "\n\n"; } >> ./log/install.txt else @@ -106,7 +106,7 @@ _installPythonVenv(){ ubuntu|debian) { sudo apt update ; sudo apt-get install -y python3-venv; printf "\n\n"; } &>> ./log/install.txt ;; - centos|fedora|redhat|rhel) + centos|fedora|redhat|rhel|almalinux) if command -v dnf &> /dev/null; then { sudo dnf install -y python3-virtualenv; printf "\n\n"; } >> ./log/install.txt else @@ -150,7 +150,7 @@ _installPythonPip(){ { sudo apt update ; sudo apt-get install -y ${pythonExecutable}-distutil python3-pip; printf "\n\n"; } &>> ./log/install.txt fi ;; - centos|fedora|redhat|rhel) + centos|fedora|redhat|rhel|almalinux) if [ "$pythonExecutable" = "python3" ]; then { sudo dnf install -y python3-pip; printf "\n\n"; } >> ./log/install.txt else @@ -188,7 +188,7 @@ _checkWireguard(){ printf "\n[WGDashboard] WireGuard installed on %s.\n\n" "$OS"; } &>> ./log/install.txt ;; - centos|fedora|redhat|rhel) + centos|fedora|redhat|rhel|almalinux) { sudo dnf install -y wireguard-tools; printf "\n[WGDashboard] WireGuard installed on %s.\n\n" "$OS"; From 321b7b4ceeaa3a393c81e2d9604cdb6b75209639 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 17 Oct 2024 12:52:34 +0200 Subject: [PATCH 39/63] Modified GitHub workflows --- ...odeql-analysis.yml => codeql-analyze.yaml} | 8 +-- .github/workflows/docker-analyze.yaml | 47 ++++++++++++++++ .github/workflows/docker-build.yaml | 38 +++++++++++++ .github/workflows/main.yml | 56 ------------------- 4 files changed, 89 insertions(+), 60 deletions(-) rename .github/workflows/{codeql-analysis.yml => codeql-analyze.yaml} (93%) create mode 100644 .github/workflows/docker-analyze.yaml create mode 100644 .github/workflows/docker-build.yaml delete mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analyze.yaml similarity index 93% rename from .github/workflows/codeql-analysis.yml rename to .github/workflows/codeql-analyze.yaml index 59c192e..18796f2 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analyze.yaml @@ -38,11 +38,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v3 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/docker-analyze.yaml b/.github/workflows/docker-analyze.yaml new file mode 100644 index 0000000..340fa90 --- /dev/null +++ b/.github/workflows/docker-analyze.yaml @@ -0,0 +1,47 @@ +name: Docker-Analyze + +on: + schedule: + - cron: "0 0 * * *" # Daily at midnight UTC + workflow_dispatch: + inputs: + trigger-build: + description: 'Trigger a manual build and push' + default: 'true' + +env: + DOCKER_IMAGE: dselen/wgdashboard + +jobs: + docker_analyze: + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Install Docker Scout + run: | + echo "Installing Docker Scout..." + curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- + echo "Docker Scout installed successfully." + - name: Analyze Docker image with Docker Scout + id: analyze-image + run: | + echo "Analyzing Docker image with Docker Scout..." + docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt + cat scout-results.txt + echo "Docker Scout analysis completed." + - name: Fail if critical CVEs are found + run: | + if grep -q "CRITICAL" scout-results.txt; then + echo "Critical vulnerabilities found! Failing the job." + exit 1 + fi diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml new file mode 100644 index 0000000..be5c6fb --- /dev/null +++ b/.github/workflows/docker-build.yaml @@ -0,0 +1,38 @@ +name: Docker-Build + +on: + schedule: + - cron: "0 0 * * *" # Daily at midnight UTC + workflow_dispatch: + inputs: + trigger-build: + description: 'Trigger a manual build and push' + default: 'true' + +env: + DOCKER_IMAGE: dselen/wgdashboard + +jobs: + docker_build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and export + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ env.DOCKER_IMAGE }}:latest diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 5c097e7..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Docker Image Build and Analysis - -on: - schedule: - - cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed. - workflow_dispatch: # Manual run trigger - inputs: - trigger-build: - description: 'Trigger a manual build and push' - default: 'true' - -jobs: - build-and-analyze: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build Docker image - id: build-image - run: | - echo "Building Docker image..." - docker build -t my-app-image:latest . - echo "Docker image built successfully." - - - name: Install Docker Scout - run: | - echo "Installing Docker Scout..." - curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- - echo "Docker Scout installed successfully." - - - name: Analyze Docker image with Docker Scout - id: analyze-image - run: | - echo "Analyzing Docker image with Docker Scout..." - docker scout cves my-app-image:latest > scout-results.txt - cat scout-results.txt # Print the report to the workflow logs for easy viewing - echo "Docker Scout analysis completed." - - - name: Post Comment on Issue or PR - run: | - COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`" - - # Post comment using GitHub API - curl -X POST \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Accept: application/vnd.github.v3+json" \ - -d "{\"body\": \"$COMMENT\"}" \ - "https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number From 204b995e6c4a916e875ebfdc86cfe1cd83933ad3 Mon Sep 17 00:00:00 2001 From: "Mohammad Mahdi \"Mamad\" Afshar" <22727144+reloadlife@users.noreply.github.com> Date: Sat, 19 Oct 2024 19:25:38 +0330 Subject: [PATCH 40/63] added a try/catch statement to prevent panel from crashing #432 --- src/dashboard.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/dashboard.py b/src/dashboard.py index 3edba2e..66aa969 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -403,9 +403,13 @@ class PeerShareLinks: # print(self.Links) def __getSharedLinks(self): self.Links.clear() - allLinks = sqlSelect("SELECT * FROM PeerShareLinks WHERE ExpireDate IS NULL OR ExpireDate > datetime('now', 'localtime')").fetchall() - for link in allLinks: - self.Links.append(PeerShareLink(*link)) + try: + allLinks = sqlSelect("SELECT * FROM PeerShareLinks WHERE ExpireDate IS NULL OR ExpireDate > datetime('now', 'localtime')").fetchall() + for link in allLinks: + self.Links.append(PeerShareLink(*link)) + # temo fix for https://github.com/donaldzou/WGDashboard/issues/432 + except sqlite3.DatabaseError as e: + print(f"Database error occurred: {e}") def getLink(self, Configuration: str, Peer: str) -> list[PeerShareLink]: self.__getSharedLinks() From bb0aba586b01e470c90ac85797d6cfc8efc39d40 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Sun, 20 Oct 2024 16:05:32 +0800 Subject: [PATCH 41/63] Update dashboard.py Instead of catching one sql statement error, I moved the catch statement to `sqlSelect` to prevent all database error --- src/dashboard.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/dashboard.py b/src/dashboard.py index 66aa969..1cfbf71 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -403,13 +403,9 @@ class PeerShareLinks: # print(self.Links) def __getSharedLinks(self): self.Links.clear() - try: - allLinks = sqlSelect("SELECT * FROM PeerShareLinks WHERE ExpireDate IS NULL OR ExpireDate > datetime('now', 'localtime')").fetchall() - for link in allLinks: - self.Links.append(PeerShareLink(*link)) - # temo fix for https://github.com/donaldzou/WGDashboard/issues/432 - except sqlite3.DatabaseError as e: - print(f"Database error occurred: {e}") + allLinks = sqlSelect("SELECT * FROM PeerShareLinks WHERE ExpireDate IS NULL OR ExpireDate > datetime('now', 'localtime')").fetchall() + for link in allLinks: + self.Links.append(PeerShareLink(*link)) def getLink(self, Configuration: str, Peer: str) -> list[PeerShareLink]: self.__getSharedLinks() @@ -1427,8 +1423,13 @@ cursor = sqldb.cursor() def sqlSelect(statement: str, paramters: tuple = ()) -> sqlite3.Cursor: with sqldb: - cursor = sqldb.cursor() - return cursor.execute(statement, paramters) + try: + cursor = sqldb.cursor() + return cursor.execute(statement, paramters) + # temo fix for https://github.com/donaldzou/WGDashboard/issues/432 + except sqlite3.DatabaseError as e: + print(f"Database error occurred: {e}") + return [] def sqlUpdate(statement: str, paramters: tuple = ()) -> sqlite3.Cursor: with sqldb: From 10984754730e81b1923619980adc184669d58978 Mon Sep 17 00:00:00 2001 From: Daan Date: Mon, 21 Oct 2024 12:07:33 +0200 Subject: [PATCH 42/63] Changed failing criteria --- .github/workflows/docker-analyze.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-analyze.yaml b/.github/workflows/docker-analyze.yaml index 340fa90..2cfbb0a 100644 --- a/.github/workflows/docker-analyze.yaml +++ b/.github/workflows/docker-analyze.yaml @@ -41,7 +41,10 @@ jobs: echo "Docker Scout analysis completed." - name: Fail if critical CVEs are found run: | - if grep -q "CRITICAL" scout-results.txt; then - echo "Critical vulnerabilities found! Failing the job." + if grep -q "0C" scout-results.txt; then + echo "No critical vulnerabilities found! Continueing." + exit 0 + else + echo "At least one critical vulnerabilities found! Exiting." exit 1 fi From cfe59774e712a6b6528bc3a9ad60eb2e2abf790b Mon Sep 17 00:00:00 2001 From: Daan Date: Mon, 21 Oct 2024 12:09:53 +0200 Subject: [PATCH 43/63] Changed Docker image names: dselen -> donaldzou --- .github/workflows/docker-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index be5c6fb..39b0ae0 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -10,7 +10,7 @@ on: default: 'true' env: - DOCKER_IMAGE: dselen/wgdashboard + DOCKER_IMAGE: donaldzou/wgdashboard jobs: docker_build: From c837ab8693a5a4196c8be07771b038970af41935 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 16:41:03 +0200 Subject: [PATCH 44/63] Complete Docker Container redo, making updates possible. - Through symlinks. Refactored the set env variables function. --- Dockerfile | 5 ++- docker/compose.yaml | 11 +++--- entrypoint.sh | 82 +++++++++++++++++++++++++++++++-------------- 3 files changed, 65 insertions(+), 33 deletions(-) diff --git a/Dockerfile b/Dockerfile index e74f075..09c38b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,10 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} +RUN mkdir -p /setup/conf \ + && mkdir /setup/app \ + && mkdir ${WGDASH} \ + && mkdir /data COPY ./src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. diff --git a/docker/compose.yaml b/docker/compose.yaml index 68e7efc..b0f5617 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: test:latest + image: donaldzou/wgdashboard:latest restart: unless-stopped container_name: wgdashboard environment: @@ -12,12 +12,11 @@ services: ports: - 10086:10086/tcp - 51820:51820/udp - volumes: # Can be customized to only the /opt/wireguarddashboard/src/db folder with the /opt/wireguarddashboard/src/wg-dashboard.ini file. - - ./app:/opt/wireguarddashboard - - ./conf:/etc/wireguard + volumes: + - conf:/etc/wireguard + - data:/data cap_add: - NET_ADMIN - volumes: - app: conf: + data: diff --git a/entrypoint.sh b/entrypoint.sh index bf5e20c..6fe0368 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -10,13 +10,24 @@ ensure_installation() { if [ -z "$(ls -A "${WGDASH}")" ]; then echo "Detected empty directory, moving over..." - mv /setup/app/* "${WGDASH}" - #mv /setup/app/.* "${WGDASH}" + # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) + mv -v /setup/app/* "${WGDASH}" + + if [ ! -d "/data/db" ]; then + echo "Creating database dir" + mkdir /data/db + ln -s /data/db ${WGDASH}/src/db + fi + + if [ ! -f "/data/wg-dashboard.ini" ]; then + echo "Creating wg-dashboard.ini file" + touch /data/wg-dashboard.ini + ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini + fi python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" - # Extra step for Alpine mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages @@ -84,31 +95,54 @@ clean_up() { # === SET ENV VARS === set_envvars() { - #printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" + printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" - # Changing the DNS used for clients and the dashboard itself. - if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Changing default dns." + # Path to the configuration file (exists because of previous function). + config_file="/opt/wireguarddashboard/src/wg-dashboard.ini" + + # Check if the file is empty + if [ ! -s "$config_file" ]; then + echo "Config file is empty. Creating [Peers] section." + + # Create [Peers] section with initial values + { + echo "[Peers]" + echo "remote_endpoint = ${public_ip}" + echo "peer_global_dns = ${global_dns}" + } > "$config_file" - #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. - sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini else - echo "DNS is set correctly." - fi + echo "Config file is not empty" - # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. - if [ "${public_ip}" = "0.0.0.0" ]; then - default_ip=$(curl -s ifconfig.me) - echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" + cat /opt/wireguarddashboard/src/wg-dashboard.ini + # Check and update the DNS if it has changed + current_dns=$(grep "peer_global_dns = " "$config_file" | awk '{print $NF}') + if [ "${global_dns}" != "$current_dns" ]; then + echo "Changing default DNS." + sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" "$config_file" + else + echo "DNS is set correctly." + fi - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini - elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Setting the Public-IP using given variable: ${public_ip}" + # Determine the public IP and update if necessary + if [ "${public_ip}" = "0.0.0.0" ]; then + default_ip=$(curl -s ifconfig.me) + echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" "$config_file" + else + current_ip=$(grep "remote_endpoint = " "$config_file" | awk '{print $NF}') + if [ "${public_ip}" != "$current_ip" ]; then + echo "Setting the Public-IP using given variable: ${public_ip}" + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" "$config_file" + fi + + fi - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini fi } + + # === CORE SERVICES === start_core() { printf "\n---------------------- STARTING CORE -----------------------\n" @@ -116,7 +150,7 @@ start_core() { echo "Activating Python venv and executing the WireGuard Dashboard service." . "${WGDASH}"/src/venv/bin/activate cd "${WGDASH}"/src || return - bash wgd.sh start &>> /dev/null + bash wgd.sh start # Isolated peers feature, first converting the existing configuration files and the given names to arrays. local configurations=(/etc/wireguard/*) @@ -199,12 +233,8 @@ start_core() { ensure_blocking() { #printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" - . "${WGDASH}"/src/venv/bin/activate - cd "${WGDASH}"/src || return - bash wgd.sh restart - sleep 1s - echo "Ensuring container continuation." + echo -e "\nEnsuring container continuation." # This function checks if the latest error log is created and tails it for docker logs uses. if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then @@ -220,7 +250,7 @@ ensure_blocking() { # Execute functions for the WireGuard Dashboard services, then set the environment variables ensure_installation +set_envvars clean_up start_core -set_envvars ensure_blocking \ No newline at end of file From fbac41a7748f1a1c4b4f4725dd6cf07adfb0cf0f Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 16:57:40 +0200 Subject: [PATCH 45/63] Changed ensure install --- entrypoint.sh | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 6fe0368..88449a8 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -41,14 +41,15 @@ ensure_installation() { fi # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. + # This is done so WGDashboard it works out of the box + if [ ! -f "/etc/wireguard/wg0.conf" ]; then echo "Standard wg0 Configuration file not found, grabbing template." cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" - echo "Setting a secure private key." + echo "Setting a secure private key." # SORRY 4 BE4 - Daan - local privateKey - privateKey=$(wg genkey) + local privateKey=$(wg genkey) sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf @@ -58,12 +59,12 @@ ensure_installation() { fi } -# === CLEAN UP === clean_up() { printf "\n------------------------ CLEAN UP --------------------------\n" # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. echo "Looking for remains of previous instances..." + local pid_file="${WGDASH}/src/gunicorn.pid" if [ -f "$pid_file" ]; then echo "Found old pid file, removing." @@ -73,6 +74,8 @@ clean_up() { fi # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy + echo "Looking for remains of pycache..." + local pycache="${WGDASH}/src/__pycache__" if [ -d "$pycache" ]; then local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) @@ -86,19 +89,20 @@ clean_up() { echo "No pycaches found, continuing." fi + # Cleaning up the logs from the previous instance. + echo "Cleaning log directory..." + local logdir="${WGDASH}/src/log" - echo "Cleaning log directory." - find /opt/wireguarddashboard/src/log -name 'access_*.log' -exec rm {} + - find /opt/wireguarddashboard/src/log -name 'error_*.log' -exec rm {} + + find $logdir -name 'access_*.log' -exec rm {} + + find $logdir -name 'error_*.log' -exec rm {} + echo "Removed unneeded logs!" } -# === SET ENV VARS === set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" # Path to the configuration file (exists because of previous function). - config_file="/opt/wireguarddashboard/src/wg-dashboard.ini" + local config_file="/opt/wireguarddashboard/src/wg-dashboard.ini" # Check if the file is empty if [ ! -s "$config_file" ]; then @@ -148,11 +152,16 @@ start_core() { printf "\n---------------------- STARTING CORE -----------------------\n" echo "Activating Python venv and executing the WireGuard Dashboard service." + . "${WGDASH}"/src/venv/bin/activate cd "${WGDASH}"/src || return bash wgd.sh start # Isolated peers feature, first converting the existing configuration files and the given names to arrays. + # + # WILL BE REMOVED IN FUTURE WHEN WGDASHBOARD ITSELF SUPPORTS THIS!! + # + local configurations=(/etc/wireguard/*) IFS=',' read -r -a do_isolate <<< "${isolate}" non_isolate=() @@ -205,6 +214,10 @@ start_core() { done # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. + # + # WILL BE REMOVED IN FUTURE WHEN WGDASHBOARD ITSELF SUPPORTS THIS!! + # + IFS=',' read -r -a enable_array <<< "${enable}" for interface in "${enable_array[@]}"; do From 4ffb00c9f5c60e133b124b03ddd0fba1f981cc95 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 16:57:51 +0200 Subject: [PATCH 46/63] Updated ensure install. --- entrypoint.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 88449a8..b1544d2 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,7 +7,7 @@ ensure_installation() { # When using a custom directory to store the files, this part moves over and makes sure the installation continues. echo "Checking if everything is present." - if [ -z "$(ls -A "${WGDASH}")" ]; then + if [ -z "$(ls -A "${WGDASH}")" ]; then # [ ! -f "/data/wg-dashboard.ini" ] && [ ! -d "/data/db" ] echo "Detected empty directory, moving over..." # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) @@ -16,14 +16,14 @@ ensure_installation() { if [ ! -d "/data/db" ]; then echo "Creating database dir" mkdir /data/db - ln -s /data/db ${WGDASH}/src/db fi + ln -s /data/db ${WGDASH}/src/db if [ ! -f "/data/wg-dashboard.ini" ]; then echo "Creating wg-dashboard.ini file" touch /data/wg-dashboard.ini - ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini fi + ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" @@ -161,7 +161,7 @@ start_core() { # # WILL BE REMOVED IN FUTURE WHEN WGDASHBOARD ITSELF SUPPORTS THIS!! # - + local configurations=(/etc/wireguard/*) IFS=',' read -r -a do_isolate <<< "${isolate}" non_isolate=() From 83560bc7753cbe167345a1a79db83ce59e7e2796 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 22:40:40 +0200 Subject: [PATCH 47/63] Changed around Docker image building and entrypoint. - Succeeding my tests. --- Dockerfile | 6 ++-- docker/compose.yaml | 1 + entrypoint.sh | 67 ++++++++++++++++++++------------------------- 3 files changed, 34 insertions(+), 40 deletions(-) diff --git a/Dockerfile b/Dockerfile index 09c38b1..aaccc43 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,9 +30,9 @@ RUN mkdir -p /setup/conf \ && mkdir /data COPY ./src /setup/app/src -# Set the volume to be used for WireGuard configuration persistency. -VOLUME /etc/wireguard -VOLUME ${WGDASH} +# Set the volume to be used for WireGuard configuration persistency. Can be ignored so it does not create volumes when not specified. +#VOLUME /etc/wireguard +#VOLUME /data # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. diff --git a/docker/compose.yaml b/docker/compose.yaml index b0f5617..17b7f96 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -17,6 +17,7 @@ services: - data:/data cap_add: - NET_ADMIN + volumes: conf: data: diff --git a/entrypoint.sh b/entrypoint.sh index b1544d2..f46134c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -13,17 +13,12 @@ ensure_installation() { # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) mv -v /setup/app/* "${WGDASH}" - if [ ! -d "/data/db" ]; then - echo "Creating database dir" - mkdir /data/db - fi - ln -s /data/db ${WGDASH}/src/db + [ ! -d "/data/db" ] && echo "Creating database dir" && mkdir /data/db + ln -s /data/db "${WGDASH}/src/db" + + [ ! -f "/data/wg-dashboard.ini" ] && echo "Creating wg-dashboard.ini file" && touch /data/wg-dashboard.ini + ln -s /data/wg-dashboard.ini "${WGDASH}/src/wg-dashboard.ini" - if [ ! -f "/data/wg-dashboard.ini" ]; then - echo "Creating wg-dashboard.ini file" - touch /data/wg-dashboard.ini - fi - ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" @@ -50,9 +45,8 @@ ensure_installation() { echo "Setting a secure private key." # SORRY 4 BE4 - Daan local privateKey=$(wg genkey) - - sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf + echo "Done setting template." else echo "Existing wg0 configuration file found, using that." @@ -62,42 +56,40 @@ ensure_installation() { clean_up() { printf "\n------------------------ CLEAN UP --------------------------\n" - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. + local pid_file="${WGDASH}/src/gunicorn.pid" + local pycache="${WGDASH}/src/__pycache__" + local logdir="${WGDASH}/src/log" + echo "Looking for remains of previous instances..." - local pid_file="${WGDASH}/src/gunicorn.pid" + # Handle the .pid file cleanup if [ -f "$pid_file" ]; then echo "Found old pid file, removing." - rm $pid_file + rm -f "$pid_file" else echo "No pid remains found, continuing." fi - # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy + # Remove Python caches (__pycache__) echo "Looking for remains of pycache..." - - local pycache="${WGDASH}/src/__pycache__" if [ -d "$pycache" ]; then - local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) - if [ "$pycache_filecount" -gt 0 ]; then + if find "$pycache" -type f -print -quit | grep -q .; then echo "Found old pycaches, removing." - rm -rf "$pycache"/* + rm -rf "$pycache" else echo "No pycaches found, continuing." fi else - echo "No pycaches found, continuing." + echo "No pycaches directory found, continuing." fi - # Cleaning up the logs from the previous instance. + # Clean up log files echo "Cleaning log directory..." - - local logdir="${WGDASH}/src/log" - find $logdir -name 'access_*.log' -exec rm {} + - find $logdir -name 'error_*.log' -exec rm {} + + find "$logdir" -type f -name 'access_*.log' -o -name 'error_*.log' -exec rm -f {} + echo "Removed unneeded logs!" } + set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" @@ -118,7 +110,6 @@ set_envvars() { else echo "Config file is not empty" - cat /opt/wireguarddashboard/src/wg-dashboard.ini # Check and update the DNS if it has changed current_dns=$(grep "peer_global_dns = " "$config_file" | awk '{print $NF}') if [ "${global_dns}" != "$current_dns" ]; then @@ -242,22 +233,24 @@ start_core() { done } -# === CLEAN UP === ensure_blocking() { - #printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" - sleep 1s echo -e "\nEnsuring container continuation." - # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) + # Find and tail the latest error and access logs if they exist + local logdir="/opt/wireguarddashboard/src/log" + + latestErrLog=$(find "$logdir" -name "error_*.log" -type f -print | sort -r | head -n 1) + latestAccLog=$(find "$logdir" -name "access_*.log" -type f -print | sort -r | head -n 1) - tail -f "${latestErrLog}" "${latestAccLog}" + # Only tail the logs if they are found + if [ -n "$latestErrLog" ] || [ -n "$latestAccLog" ]; then + tail -f "$latestErrLog" "$latestAccLog" + else + echo "No log files found to tail." fi - # Blocking command in case of erroring. So the container does not quit. + # Blocking command to keep the container running as a last resort. sleep infinity } From 166fcda1933d05496454ff90d3cc02a9e68d4499 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 23:15:41 +0200 Subject: [PATCH 48/63] Minor changes to compose and Dockerfile. --- Dockerfile | 4 ++-- docker/compose.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index aaccc43..6597624 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest AS build +FROM alpine:latest LABEL maintainer="dselen@nerthus.nl" # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. @@ -59,4 +59,4 @@ COPY entrypoint.sh /entrypoint.sh # Exposing the default WireGuard Dashboard port for web access. EXPOSE 10086 -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] diff --git a/docker/compose.yaml b/docker/compose.yaml index 17b7f96..f06461f 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -7,7 +7,7 @@ services: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - global_dns=9.9.9.9 # <--- Set global DNS address, default: 1.1.1.1. - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. + - isolate=wg0 # <--- Set the interfaces that will disallow peer communication, default: wg0. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp From 4902b5f351621fdc1a613656a40a795ea9a4241f Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 23:47:00 +0200 Subject: [PATCH 49/63] Initial testing to update from version 4.0.3 to 4.0.4 have succeeded! --- docker/README.md | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/docker/README.md b/docker/README.md index 2160e7e..349424c 100644 --- a/docker/README.md +++ b/docker/README.md @@ -13,7 +13,7 @@ I have tried to embed some new features such as `isolate` and interface startup ## Getting the container running: -To get the container running you either pull the image from the repository, `dselen/wgdashboard:latest`.
+To get the container running you either pull the image from the repository, `donaldzou/wgdashboard:latest`.
From there either use the environment variables describe below as parameters or use the Docker Compose file: `compose.yaml`.
Be careful, the default generated WireGuard configuration file uses port 51820/udp. So use this port if you want to use it out of the box.
Otherwise edit the configuration file in `/etc/wireguard/wg0.conf`. @@ -22,14 +22,14 @@ An example of a simple command to get the container running is show below:
```shell docker run -d \ - --name wireguard-dashboard \ + --name wgdashboard \ --restart unless-stopped \ -e enable=wg0 \ -e isolate=wg0 \ -p 10086:10086/tcp \ -p 51820:51820/udp \ --cap-add NET_ADMIN \ - dselen/wgdashboard:latest + donaldzou/wgdashboard:latest ```
If you want to use Compose instead of a raw Docker command, refer to the example in the `compose.yaml` or the one pasted below: @@ -37,34 +37,38 @@ If you want to use Compose instead of a raw Docker command, refer to the example ```yaml services: - wireguard-dashboard: - image: dselen/wgdashboard:latest + wgdashboard: + image: donaldzou/wgdashboard:latest restart: unless-stopped - container_name: wire-dash + container_name: wgdashboard environment: - #- tz= + #- tz= #- global_dns= - - enable=none - - isolate=wg0 + #- enable= + #- isolate= #- public_ip= ports: - 10086:10086/tcp - 51820:51820/udp volumes: - conf:/etc/wireguard - - app:/opt/wireguarddashboard/app + - data:/data cap_add: - NET_ADMIN volumes: conf: - app: + data: ``` -If you want to customize the yaml, make sure the core stays the same, but for example volume PATHs can be freely changed.
+If you want to customize the yaml, make sure the core stays the same, but for example volume PATHs (ON THE HOST) can be freely changed.
This setup is just generic and will use the Docker volumes. +## Updating the container: + +Updating is right now in Alpha stage. I have got it to work, testing methods. + ## Working with the container and environment variables: Once the container is running, the installation process is essentially the same as running it on bare-metal.
@@ -76,7 +80,7 @@ So go to the assign TCP port in this case HTTP, like the default 10086 one in th | global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9). | `1.1.1.1` | `8.8.8.8` or any IP-Address that resolves DNS-names, and of course is reachable | Set the default DNS given to clients once they connect to the WireGuard tunnel, and for new peers, set to Cloudflare DNS for reliability. | enable | Anything, preferably an existing WireGuard interface name. | `none` | `wg0,wg2,wg13` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. | isolate | Anything, preferably an existing WireGuard interface name. | `wg0` | `wg1,wg0` | For security premade `wg0` interface comes with this feature enabled by default. Declaring `isolate=none` in the Docker Compose file will remove this. The WireGuard interface itself IS able to reach the peers (Done through the `iptables` package). -| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `23.50.131.156` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. +| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `89.20.83.118` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. ## Be careful with: @@ -87,8 +91,9 @@ The latter opens up UDP ports from 51820 to 51830, so all ports in between as we To build the image yourself, you need to do a couple things:
1. Clone the Github repository containing the source code of WGDashboard including the docker directory. For example do: `git clone https://github.com/donaldzou/WGDashboard.git` -1. Navigate into the docker directory. -1. (Make sure you have Docker correctly installed, if not: [Click here](https://docs.docker.com/engine/install/)) and run: `docker build . -t :` as an example: `docker build . -t dselen/wgdashboard:latest`.
This will make Docker compile the image from the resources in the directory you mention, in this case the current one. Let it compile, it takes about a minute or maximally two. +1. Navigate into the cloned repository. +1. (Make sure you have Docker correctly installed, if not: [Click here](https://docs.docker.com/engine/install/)) and run: `docker build . -t :` as an example: `docker build . -t dselen/wgdashboard:latest`.
+This will make Docker compile the image from the resources in the directory you mention, in this case the source/root one. Let it compile, it takes only a couple seconds with a minute at most. 1. If all went well, see your image with `docker images`. Example below: ```shell @@ -99,8 +104,4 @@ dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB ## Closing remarks: -For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. - -## In Progress: - -Auto-Updating Capabilities, together with Donald I am working on it. \ No newline at end of file +For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. \ No newline at end of file From ba5ba2f1d64f6f416dead825976a55db8fb6db64 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 00:09:27 +0200 Subject: [PATCH 50/63] Removed copy step in entrypoint.sh Tested updating, works as long as presistent files are compatible. --- Dockerfile | 12 +++++------- entrypoint.sh | 39 ++++++++++++++------------------------- 2 files changed, 19 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6597624..8f4a152 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,11 +24,9 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf \ - && mkdir /setup/app \ - && mkdir ${WGDASH} \ - && mkdir /data -COPY ./src /setup/app/src +RUN mkdir -p /data/conf \ + && mkdir -p ${WGDASH}/src +COPY ./src ${WGDASH}/src # Set the volume to be used for WireGuard configuration persistency. Can be ignored so it does not create volumes when not specified. #VOLUME /etc/wireguard @@ -47,8 +45,8 @@ PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQ PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ ListenPort = ${wg_port}\n\ SaveConfig = true\n\ -DNS = ${global_dns}" > /setup/conf/wg0.conf \ - && chmod 600 /setup/conf/wg0.conf +DNS = ${global_dns}" > /data/conf/wg0.conf \ + && chmod 600 /data/conf/wg0.conf # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ diff --git a/entrypoint.sh b/entrypoint.sh index f46134c..c33e382 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,42 +5,32 @@ echo "Starting the WireGuard Dashboard Docker container." ensure_installation() { # When using a custom directory to store the files, this part moves over and makes sure the installation continues. - echo "Checking if everything is present." + echo "Quick-installing..." - if [ -z "$(ls -A "${WGDASH}")" ]; then # [ ! -f "/data/wg-dashboard.ini" ] && [ ! -d "/data/db" ] - echo "Detected empty directory, moving over..." + [ ! -d "/data/db" ] && echo "Creating database dir" && mkdir /data/db + ln -s /data/db "${WGDASH}/src/db" - # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) - mv -v /setup/app/* "${WGDASH}" + [ ! -f "/data/wg-dashboard.ini" ] && echo "Creating wg-dashboard.ini file" && touch /data/wg-dashboard.ini + ln -s /data/wg-dashboard.ini "${WGDASH}/src/wg-dashboard.ini" - [ ! -d "/data/db" ] && echo "Creating database dir" && mkdir /data/db - ln -s /data/db "${WGDASH}/src/db" + python3 -m venv "${WGDASH}"/src/venv + . "${WGDASH}/src/venv/bin/activate" - [ ! -f "/data/wg-dashboard.ini" ] && echo "Creating wg-dashboard.ini file" && touch /data/wg-dashboard.ini - ln -s /data/wg-dashboard.ini "${WGDASH}/src/wg-dashboard.ini" + mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages + mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages + chmod +x "${WGDASH}"/src/wgd.sh + cd "${WGDASH}"/src || exit + ./wgd.sh install - python3 -m venv "${WGDASH}"/src/venv - . "${WGDASH}/src/venv/bin/activate" - - mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages - mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages - - chmod +x "${WGDASH}"/src/wgd.sh - cd "${WGDASH}"/src || exit - ./wgd.sh install - - echo "Looks like the installation succesfully moved over." - else - echo "Looks like everything is present. Or the directory is not empty." - fi + echo "Looks like the installation succeeded." # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. # This is done so WGDashboard it works out of the box if [ ! -f "/etc/wireguard/wg0.conf" ]; then echo "Standard wg0 Configuration file not found, grabbing template." - cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" + cp -a "/data/conf/wg0.conf" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." # SORRY 4 BE4 - Daan @@ -89,7 +79,6 @@ clean_up() { echo "Removed unneeded logs!" } - set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" From 5ad9c0e77a839211462a63f83f1febafc515d02d Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 00:23:12 +0200 Subject: [PATCH 51/63] Fixed issue where the wg0.conf template got obliterated. Moved it to a safe spot. --- Dockerfile | 7 ++++--- entrypoint.sh | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8f4a152..5f37723 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,8 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /data/conf \ +RUN mkdir /data \ + && mkdir /configs \ && mkdir -p ${WGDASH}/src COPY ./src ${WGDASH}/src @@ -45,8 +46,8 @@ PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQ PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ ListenPort = ${wg_port}\n\ SaveConfig = true\n\ -DNS = ${global_dns}" > /data/conf/wg0.conf \ - && chmod 600 /data/conf/wg0.conf +DNS = ${global_dns}" > /configs/wg0.conf.template \ + && chmod 600 /configs/wg0.conf.template # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ diff --git a/entrypoint.sh b/entrypoint.sh index c33e382..e64e8dc 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -30,7 +30,7 @@ ensure_installation() { if [ ! -f "/etc/wireguard/wg0.conf" ]; then echo "Standard wg0 Configuration file not found, grabbing template." - cp -a "/data/conf/wg0.conf" "/etc/wireguard/wg0.conf" + cp -a "/configs/wg0.conf.template" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." # SORRY 4 BE4 - Daan From 3ac9c23573ddaf81ea4e525fb0105dde95b29226 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 10:13:33 +0200 Subject: [PATCH 52/63] Removed the default value: wg0 in isolate and enable. Removed clean_up() function because persistency is done differently. Overal tried to make readability better in entrypoint.sh Fixed bug where local config variable causes issues. Applied ShellCheck recommendations. --- Dockerfile | 8 +--- docker/README.md | 4 +- docker/compose.yaml | 8 ++-- entrypoint.sh | 98 +++++++++++++++++++-------------------------- 4 files changed, 49 insertions(+), 69 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5f37723..c3bd8d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ARG wg_port="51820" ENV TZ="Europe/Amsterdam" ENV global_dns="1.1.1.1" ENV enable="none" -ENV isolate="wg0" +ENV isolate="none" ENV public_ip="0.0.0.0" # Doing package management operations, such as upgrading @@ -29,10 +29,6 @@ RUN mkdir /data \ && mkdir -p ${WGDASH}/src COPY ./src ${WGDASH}/src -# Set the volume to be used for WireGuard configuration persistency. Can be ignored so it does not create volumes when not specified. -#VOLUME /etc/wireguard -#VOLUME /data - # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -49,7 +45,7 @@ SaveConfig = true\n\ DNS = ${global_dns}" > /configs/wg0.conf.template \ && chmod 600 /configs/wg0.conf.template -# Defining a way for Docker to check the health of the container. In this case: checking the login URL. +# Defining a way for Docker to check the health of the container. In this case: checking the gunicorn process. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 diff --git a/docker/README.md b/docker/README.md index 349424c..541581b 100644 --- a/docker/README.md +++ b/docker/README.md @@ -79,7 +79,7 @@ So go to the assign TCP port in this case HTTP, like the default 10086 one in th | tz | Europe/Amsterdam or any confirming timezone notation. | `Europe/Amsterdam` | `America/New_York` | Sets the timezone of the Docker container. This is to timesync the container to any other processes which would need it. | | global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9). | `1.1.1.1` | `8.8.8.8` or any IP-Address that resolves DNS-names, and of course is reachable | Set the default DNS given to clients once they connect to the WireGuard tunnel, and for new peers, set to Cloudflare DNS for reliability. | enable | Anything, preferably an existing WireGuard interface name. | `none` | `wg0,wg2,wg13` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. -| isolate | Anything, preferably an existing WireGuard interface name. | `wg0` | `wg1,wg0` | For security premade `wg0` interface comes with this feature enabled by default. Declaring `isolate=none` in the Docker Compose file will remove this. The WireGuard interface itself IS able to reach the peers (Done through the `iptables` package). +| isolate | Anything, preferably an existing WireGuard interface name. | `none` | `wg1,wg0` | The Wireguard interface itself IS able to reach the peers (Done through the `iptables` package). | public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `89.20.83.118` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. ## Be careful with: @@ -104,4 +104,4 @@ dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB ## Closing remarks: -For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. \ No newline at end of file +For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. diff --git a/docker/compose.yaml b/docker/compose.yaml index f06461f..e5c7b6e 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -5,10 +5,10 @@ services: container_name: wgdashboard environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - - global_dns=9.9.9.9 # <--- Set global DNS address, default: 1.1.1.1. - - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0 # <--- Set the interfaces that will disallow peer communication, default: wg0. - #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. + #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. + #- enable= # <--- Set the interfaces that will be enabled on startup, default: 'none'. + #- isolate= # <--- Set the interfaces that will disallow peer communication, default: 'none'. + #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp - 51820:51820/udp diff --git a/entrypoint.sh b/entrypoint.sh index e64e8dc..08ed769 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -34,7 +34,8 @@ ensure_installation() { echo "Setting a secure private key." # SORRY 4 BE4 - Daan - local privateKey=$(wg genkey) + local privateKey + privateKey=$(wg genkey) sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf echo "Done setting template." @@ -43,42 +44,6 @@ ensure_installation() { fi } -clean_up() { - printf "\n------------------------ CLEAN UP --------------------------\n" - - local pid_file="${WGDASH}/src/gunicorn.pid" - local pycache="${WGDASH}/src/__pycache__" - local logdir="${WGDASH}/src/log" - - echo "Looking for remains of previous instances..." - - # Handle the .pid file cleanup - if [ -f "$pid_file" ]; then - echo "Found old pid file, removing." - rm -f "$pid_file" - else - echo "No pid remains found, continuing." - fi - - # Remove Python caches (__pycache__) - echo "Looking for remains of pycache..." - if [ -d "$pycache" ]; then - if find "$pycache" -type f -print -quit | grep -q .; then - echo "Found old pycaches, removing." - rm -rf "$pycache" - else - echo "No pycaches found, continuing." - fi - else - echo "No pycaches directory found, continuing." - fi - - # Clean up log files - echo "Cleaning log directory..." - find "$logdir" -type f -name 'access_*.log' -o -name 'error_*.log' -exec rm -f {} + - echo "Removed unneeded logs!" -} - set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" @@ -97,7 +62,7 @@ set_envvars() { } > "$config_file" else - echo "Config file is not empty" + echo "Config file is not empty, enforcing environment variables." # Check and update the DNS if it has changed current_dns=$(grep "peer_global_dns = " "$config_file" | awk '{print $NF}') @@ -111,12 +76,15 @@ set_envvars() { # Determine the public IP and update if necessary if [ "${public_ip}" = "0.0.0.0" ]; then default_ip=$(curl -s ifconfig.me) + echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" "$config_file" else current_ip=$(grep "remote_endpoint = " "$config_file" | awk '{print $NF}') + if [ "${public_ip}" != "$current_ip" ]; then echo "Setting the Public-IP using given variable: ${public_ip}" + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" "$config_file" fi @@ -125,8 +93,6 @@ set_envvars() { fi } - - # === CORE SERVICES === start_core() { printf "\n---------------------- STARTING CORE -----------------------\n" @@ -148,49 +114,64 @@ start_core() { # Checking if there are matches between the two arrays. for config in "${configurations[@]}"; do - local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') + config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') + + local found found=false + for interface in "${do_isolate[@]}"; do + if [[ "$config" == "$interface" ]]; then found=true break fi + done + if [ "$found" = false ]; then non_isolate+=("$config") fi + done # Isolating the matches. for interface in "${do_isolate[@]}"; do - if [ "$interface" = "none" ]; then + + if [ "$interface" = "none" ] || [ "$interface" = "" ]; then echo "Found: $interface, stopping isolation checking." break else if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Isolating interface:" $interface - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + echo "Isolating interface:" "$interface" + + upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf) + downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf) if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf + sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf fi + else - echo "Configuration for $interface does not seem to exist, continuing." + echo "Configuration for $interface in enforce isolation does not seem to exist, continuing." fi + fi + done # Removing isolation for the configurations that did not match. for interface in "${non_isolate[@]}"; do + if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Removing Isolation if present for:" $interface - sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + echo "Removing isolation, if isolation is present for:" "$interface" + + sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/"${interface}".conf + sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/"${interface}".conf else - echo "Configuration for $interface does not seem to exist, continuing." + echo "Configuration for $interface in removing isolation does not seem to exist, continuing." fi + done # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. @@ -201,24 +182,28 @@ start_core() { IFS=',' read -r -a enable_array <<< "${enable}" for interface in "${enable_array[@]}"; do + if [ "$interface" = "none" ]; then echo "Found: $interface, stopping enabling checking." break else - echo "Enabling interface:" $interface + echo "Enabling interface:" "$interface" - local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) - if [ $fileperms -eq 644 ]; then + local fileperms + fileperms=$(stat -c "%a" /etc/wireguard/"${interface}".conf) + if [ "$fileperms" -eq 644 ]; then echo "Configuration is world accessible, adjusting." chmod 600 "/etc/wireguard/${interface}.conf" fi if [ -f "/etc/wireguard/${interface}.conf" ]; then - wg-quick up $interface + wg-quick up "$interface" else echo "No corresponding configuration file found for $interface doing nothing." fi + fi + done } @@ -246,6 +231,5 @@ ensure_blocking() { # Execute functions for the WireGuard Dashboard services, then set the environment variables ensure_installation set_envvars -clean_up start_core ensure_blocking \ No newline at end of file From 747f1a6fae490456191b5c2a026afdbc89bed1b0 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 10:24:22 +0200 Subject: [PATCH 53/63] SEC: Fixed CVE-2024-9143 presence. --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c3bd8d1..250cf48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,8 @@ ENV public_ip="0.0.0.0" RUN apk update \ && apk add --no-cache bash git tzdata \ iptables ip6tables openrc curl wireguard-tools \ - sudo py3-psutil py3-bcrypt + sudo py3-psutil py3-bcrypt \ + && apk upgrade # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard From adeb57864bd0c0c0ced2c9dda642224eb91f1ce1 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 10:48:14 +0200 Subject: [PATCH 54/63] Fixed incorrect Docker_IMAGE variable from dselen/ -> donaldzou/ --- .github/workflows/docker-analyze.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-analyze.yaml b/.github/workflows/docker-analyze.yaml index 2cfbb0a..a3533a7 100644 --- a/.github/workflows/docker-analyze.yaml +++ b/.github/workflows/docker-analyze.yaml @@ -10,7 +10,7 @@ on: default: 'true' env: - DOCKER_IMAGE: dselen/wgdashboard + DOCKER_IMAGE: donaldzou/wgdashboard jobs: docker_analyze: From 81168c27c67ea95d56f604dcf4090458fc275e9c Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 23:10:36 +0200 Subject: [PATCH 55/63] Fixed issue https://github.com/donaldzou/WGDashboard/issues/329. Regarding being able to pass in the -y flag. --- src/wgd.sh | 126 +++++++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 57 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index 389da1a..888b51b 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -380,20 +380,29 @@ update_wgd() { new_ver=$($venv_python -c "import json; import urllib.request; data = urllib.request.urlopen('https://api.github.com/repos/donaldzou/WGDashboard/releases/latest').read(); output = json.loads(data);print(output['tag_name'])") printf "%s\n" "$dashes" - printf "[WGDashboard] Are you sure you want to update to the %s? (Y/N): " "$new_ver" - read up + + if [ "$commandConfirmed" = "true" ]; then + printf "[WGDashboard] Confirmation granted.\n" + up="Y" + else + printf "[WGDashboard] Are you sure you want to update to the %s? (Y/N): " "$new_ver" + read up + fi + if [ "$up" = "Y" ] || [ "$up" = "y" ]; then printf "[WGDashboard] Shutting down WGDashboard\n" + if check_wgd_status; then stop_wgd fi - mv wgd.sh wgd.sh.old - printf "[WGDashboard] Downloading %s from GitHub..." "$new_ver" - { date; git stash; git pull https://github.com/donaldzou/WGDashboard.git $new_ver --force; } >> ./log/update.txt - chmod +x ./wgd.sh - sudo ./wgd.sh install - printf "[WGDashboard] Update completed!\n" - printf "%s\n" "$dashes" + + mv wgd.sh wgd.sh.old && \ + printf "[WGDashboard] Downloading %s from GitHub..." "$new_ver" && \ + { date; git stash; git pull https://github.com/donaldzou/WGDashboard.git $new_ver --force; } >> ./log/update.txt && \ + chmod +x ./wgd.sh && \ + sudo ./wgd.sh install && \ + printf "[WGDashboard] Update completed!\n" && \ + printf "%s\n" "$dashes"; \ rm wgd.sh.old else printf "%s\n" "$dashes" @@ -402,52 +411,55 @@ update_wgd() { fi } -if [ "$#" != 1 ]; - then - help - else - if [ "$1" = "start" ]; then - if check_wgd_status; then - printf "%s\n" "$dashes" - printf "[WGDashboard] WGDashboard is already running.\n" - printf "%s\n" "$dashes" - else - start_wgd - fi - elif [ "$1" = "stop" ]; then - if check_wgd_status; then - printf "%s\n" "$dashes" - stop_wgd - printf "[WGDashboard] WGDashboard is stopped.\n" - printf "%s\n" "$dashes" - else - printf "%s\n" "$dashes" - printf "[WGDashboard] WGDashboard is not running.\n" - printf "%s\n" "$dashes" - fi - elif [ "$1" = "update" ]; then - update_wgd - elif [ "$1" = "install" ]; then - printf "%s\n" "$dashes" - install_wgd - printf "%s\n" "$dashes" - elif [ "$1" = "restart" ]; then - if check_wgd_status; then - printf "%s\n" "$dashes" - stop_wgd - printf "| WGDashboard is stopped. |\n" - sleep 4 - start_wgd - else - start_wgd - fi - elif [ "$1" = "debug" ]; then - if check_wgd_status; then - printf "| WGDashboard is already running. |\n" - else - start_wgd_debug - fi - else - help - fi +if [ "$#" -lt 1 ]; then + help +else + if [ "$2" = "-y" ] || [ "$2" = "-Y" ]; then + commandConfirmed="true" + fi + + if [ "$1" = "start" ]; then + if check_wgd_status; then + printf "%s\n" "$dashes" + printf "[WGDashboard] WGDashboard is already running.\n" + printf "%s\n" "$dashes" + else + start_wgd + fi + elif [ "$1" = "stop" ]; then + if check_wgd_status; then + printf "%s\n" "$dashes" + stop_wgd + printf "[WGDashboard] WGDashboard is stopped.\n" + printf "%s\n" "$dashes" + else + printf "%s\n" "$dashes" + printf "[WGDashboard] WGDashboard is not running.\n" + printf "%s\n" "$dashes" + fi + elif [ "$1" = "update" ]; then + update_wgd + elif [ "$1" = "install" ]; then + printf "%s\n" "$dashes" + install_wgd + printf "%s\n" "$dashes" + elif [ "$1" = "restart" ]; then + if check_wgd_status; then + printf "%s\n" "$dashes" + stop_wgd + printf "| WGDashboard is stopped. |\n" + sleep 4 + start_wgd + else + start_wgd + fi + elif [ "$1" = "debug" ]; then + if check_wgd_status; then + printf "| WGDashboard is already running. |\n" + else + start_wgd_debug + fi + else + help + fi fi From 9d3a189d770e2a1ccc71cc6189dff3136f33065e Mon Sep 17 00:00:00 2001 From: Ben Ayles <1235055+knd775@users.noreply.github.com> Date: Tue, 29 Oct 2024 23:02:59 -0400 Subject: [PATCH 56/63] fix: Support Rocky Linux --- src/wgd.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index 389da1a..cdb7a6f 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -78,7 +78,7 @@ _installPython(){ ubuntu|debian) { sudo apt update ; sudo apt-get install -y python3 net-tools; printf "\n\n"; } &>> ./log/install.txt ;; - centos|fedora|redhat|rhel|almalinux) + centos|fedora|redhat|rhel|almalinux|rocky) if command -v dnf &> /dev/null; then { sudo dnf install -y python3 net-tools; printf "\n\n"; } >> ./log/install.txt else @@ -106,7 +106,7 @@ _installPythonVenv(){ ubuntu|debian) { sudo apt update ; sudo apt-get install -y python3-venv; printf "\n\n"; } &>> ./log/install.txt ;; - centos|fedora|redhat|rhel|almalinux) + centos|fedora|redhat|rhel|almalinux|rocky) if command -v dnf &> /dev/null; then { sudo dnf install -y python3-virtualenv; printf "\n\n"; } >> ./log/install.txt else @@ -150,7 +150,7 @@ _installPythonPip(){ { sudo apt update ; sudo apt-get install -y ${pythonExecutable}-distutil python3-pip; printf "\n\n"; } &>> ./log/install.txt fi ;; - centos|fedora|redhat|rhel|almalinux) + centos|fedora|redhat|rhel|almalinux|rocky) if [ "$pythonExecutable" = "python3" ]; then { sudo dnf install -y python3-pip; printf "\n\n"; } >> ./log/install.txt else @@ -188,7 +188,7 @@ _checkWireguard(){ printf "\n[WGDashboard] WireGuard installed on %s.\n\n" "$OS"; } &>> ./log/install.txt ;; - centos|fedora|redhat|rhel|almalinux) + centos|fedora|redhat|rhel|almalinux|rocky) { sudo dnf install -y wireguard-tools; printf "\n[WGDashboard] WireGuard installed on %s.\n\n" "$OS"; From a93291b38fd1219586c06fafa86ee87916621a4a Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 31 Oct 2024 20:16:45 +0100 Subject: [PATCH 57/63] Changed the workflow from every night to: on every commit in the main branch. --- .github/workflows/docker-analyze.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-analyze.yaml b/.github/workflows/docker-analyze.yaml index a3533a7..eb1d319 100644 --- a/.github/workflows/docker-analyze.yaml +++ b/.github/workflows/docker-analyze.yaml @@ -1,8 +1,10 @@ name: Docker-Analyze on: - schedule: - - cron: "0 0 * * *" # Daily at midnight UTC + #schedule: + # - cron: "0 0 * * *" # Daily at midnight UTC + push: + branches: [ main ] workflow_dispatch: inputs: trigger-build: From ff794a3638111ab7618a824a840cf030b527ba05 Mon Sep 17 00:00:00 2001 From: dselen <80752476+DaanSelen@users.noreply.github.com> Date: Fri, 1 Nov 2024 09:15:46 +0100 Subject: [PATCH 58/63] Update docker-analyze.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I switched them around 😭 --- .github/workflows/docker-analyze.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-analyze.yaml b/.github/workflows/docker-analyze.yaml index eb1d319..a3533a7 100644 --- a/.github/workflows/docker-analyze.yaml +++ b/.github/workflows/docker-analyze.yaml @@ -1,10 +1,8 @@ name: Docker-Analyze on: - #schedule: - # - cron: "0 0 * * *" # Daily at midnight UTC - push: - branches: [ main ] + schedule: + - cron: "0 0 * * *" # Daily at midnight UTC workflow_dispatch: inputs: trigger-build: From 504fefff94646a78e31c5a716fb26516bbff6758 Mon Sep 17 00:00:00 2001 From: dselen <80752476+DaanSelen@users.noreply.github.com> Date: Fri, 1 Nov 2024 09:19:47 +0100 Subject: [PATCH 59/63] Update docker-build.yaml --- .github/workflows/docker-build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index 39b0ae0..200362c 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -1,8 +1,8 @@ name: Docker-Build on: - schedule: - - cron: "0 0 * * *" # Daily at midnight UTC + push: + branches: [ main ] workflow_dispatch: inputs: trigger-build: From aa5801d73bc67bdaf75a341f294f28c2f22a62af Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Sun, 3 Nov 2024 14:41:21 +0800 Subject: [PATCH 60/63] Update README.md --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index fe16fdc..ca6868f 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,15 @@

This project is not affiliate to the official WireGuard Project

+ +

+ Join our Discord Server for quick help, or you wanna chat about this project! +

+

+ +

+ +
> [!NOTE] From 1fd7e7833d2719a7eb65ad2ce4fd0a3091e457a1 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Sun, 3 Nov 2024 15:20:41 +0800 Subject: [PATCH 61/63] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ca6868f..7ef9523 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ > [!NOTE] > **Help Wanted 🎉**: Localizing WGDashboard to other languages! If you're willing to help, please visit https://github.com/donaldzou/WGDashboard/issues/397. Many thanks! -
+

WGDashboard From ace0953c87a47efea2d2cb2d49e9d1423ef7db99 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Sun, 3 Nov 2024 15:26:33 +0800 Subject: [PATCH 62/63] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7ef9523..ca6868f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ > [!NOTE] > **Help Wanted 🎉**: Localizing WGDashboard to other languages! If you're willing to help, please visit https://github.com/donaldzou/WGDashboard/issues/397. Many thanks! -

+

WGDashboard From 183be5da0e534dc9c635fa2540d321cbdd38caa4 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Sun, 3 Nov 2024 15:58:34 +0800 Subject: [PATCH 63/63] Update README.md testing webhooks --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index ca6868f..f331caa 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,6 @@ WGDashboard

WGDashboard

- -