From c837ab8693a5a4196c8be07771b038970af41935 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 16:41:03 +0200 Subject: [PATCH 01/13] Complete Docker Container redo, making updates possible. - Through symlinks. Refactored the set env variables function. --- Dockerfile | 5 ++- docker/compose.yaml | 11 +++--- entrypoint.sh | 82 +++++++++++++++++++++++++++++++-------------- 3 files changed, 65 insertions(+), 33 deletions(-) diff --git a/Dockerfile b/Dockerfile index e74f075..09c38b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,10 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH} +RUN mkdir -p /setup/conf \ + && mkdir /setup/app \ + && mkdir ${WGDASH} \ + && mkdir /data COPY ./src /setup/app/src # Set the volume to be used for WireGuard configuration persistency. diff --git a/docker/compose.yaml b/docker/compose.yaml index 68e7efc..b0f5617 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,6 +1,6 @@ services: wireguard-dashboard: - image: test:latest + image: donaldzou/wgdashboard:latest restart: unless-stopped container_name: wgdashboard environment: @@ -12,12 +12,11 @@ services: ports: - 10086:10086/tcp - 51820:51820/udp - volumes: # Can be customized to only the /opt/wireguarddashboard/src/db folder with the /opt/wireguarddashboard/src/wg-dashboard.ini file. - - ./app:/opt/wireguarddashboard - - ./conf:/etc/wireguard + volumes: + - conf:/etc/wireguard + - data:/data cap_add: - NET_ADMIN - volumes: - app: conf: + data: diff --git a/entrypoint.sh b/entrypoint.sh index bf5e20c..6fe0368 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -10,13 +10,24 @@ ensure_installation() { if [ -z "$(ls -A "${WGDASH}")" ]; then echo "Detected empty directory, moving over..." - mv /setup/app/* "${WGDASH}" - #mv /setup/app/.* "${WGDASH}" + # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) + mv -v /setup/app/* "${WGDASH}" + + if [ ! -d "/data/db" ]; then + echo "Creating database dir" + mkdir /data/db + ln -s /data/db ${WGDASH}/src/db + fi + + if [ ! -f "/data/wg-dashboard.ini" ]; then + echo "Creating wg-dashboard.ini file" + touch /data/wg-dashboard.ini + ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini + fi python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" - # Extra step for Alpine mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages @@ -84,31 +95,54 @@ clean_up() { # === SET ENV VARS === set_envvars() { - #printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" + printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" - # Changing the DNS used for clients and the dashboard itself. - if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Changing default dns." + # Path to the configuration file (exists because of previous function). + config_file="/opt/wireguarddashboard/src/wg-dashboard.ini" + + # Check if the file is empty + if [ ! -s "$config_file" ]; then + echo "Config file is empty. Creating [Peers] section." + + # Create [Peers] section with initial values + { + echo "[Peers]" + echo "remote_endpoint = ${public_ip}" + echo "peer_global_dns = ${global_dns}" + } > "$config_file" - #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. - sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/src/wg-dashboard.ini else - echo "DNS is set correctly." - fi + echo "Config file is not empty" - # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. - if [ "${public_ip}" = "0.0.0.0" ]; then - default_ip=$(curl -s ifconfig.me) - echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" + cat /opt/wireguarddashboard/src/wg-dashboard.ini + # Check and update the DNS if it has changed + current_dns=$(grep "peer_global_dns = " "$config_file" | awk '{print $NF}') + if [ "${global_dns}" != "$current_dns" ]; then + echo "Changing default DNS." + sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" "$config_file" + else + echo "DNS is set correctly." + fi - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini - elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Setting the Public-IP using given variable: ${public_ip}" + # Determine the public IP and update if necessary + if [ "${public_ip}" = "0.0.0.0" ]; then + default_ip=$(curl -s ifconfig.me) + echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" "$config_file" + else + current_ip=$(grep "remote_endpoint = " "$config_file" | awk '{print $NF}') + if [ "${public_ip}" != "$current_ip" ]; then + echo "Setting the Public-IP using given variable: ${public_ip}" + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" "$config_file" + fi + + fi - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/src/wg-dashboard.ini fi } + + # === CORE SERVICES === start_core() { printf "\n---------------------- STARTING CORE -----------------------\n" @@ -116,7 +150,7 @@ start_core() { echo "Activating Python venv and executing the WireGuard Dashboard service." . "${WGDASH}"/src/venv/bin/activate cd "${WGDASH}"/src || return - bash wgd.sh start &>> /dev/null + bash wgd.sh start # Isolated peers feature, first converting the existing configuration files and the given names to arrays. local configurations=(/etc/wireguard/*) @@ -199,12 +233,8 @@ start_core() { ensure_blocking() { #printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" - . "${WGDASH}"/src/venv/bin/activate - cd "${WGDASH}"/src || return - bash wgd.sh restart - sleep 1s - echo "Ensuring container continuation." + echo -e "\nEnsuring container continuation." # This function checks if the latest error log is created and tails it for docker logs uses. if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then @@ -220,7 +250,7 @@ ensure_blocking() { # Execute functions for the WireGuard Dashboard services, then set the environment variables ensure_installation +set_envvars clean_up start_core -set_envvars ensure_blocking \ No newline at end of file From fbac41a7748f1a1c4b4f4725dd6cf07adfb0cf0f Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 16:57:40 +0200 Subject: [PATCH 02/13] Changed ensure install --- entrypoint.sh | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 6fe0368..88449a8 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -41,14 +41,15 @@ ensure_installation() { fi # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. + # This is done so WGDashboard it works out of the box + if [ ! -f "/etc/wireguard/wg0.conf" ]; then echo "Standard wg0 Configuration file not found, grabbing template." cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" - echo "Setting a secure private key." + echo "Setting a secure private key." # SORRY 4 BE4 - Daan - local privateKey - privateKey=$(wg genkey) + local privateKey=$(wg genkey) sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf @@ -58,12 +59,12 @@ ensure_installation() { fi } -# === CLEAN UP === clean_up() { printf "\n------------------------ CLEAN UP --------------------------\n" # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. echo "Looking for remains of previous instances..." + local pid_file="${WGDASH}/src/gunicorn.pid" if [ -f "$pid_file" ]; then echo "Found old pid file, removing." @@ -73,6 +74,8 @@ clean_up() { fi # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy + echo "Looking for remains of pycache..." + local pycache="${WGDASH}/src/__pycache__" if [ -d "$pycache" ]; then local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) @@ -86,19 +89,20 @@ clean_up() { echo "No pycaches found, continuing." fi + # Cleaning up the logs from the previous instance. + echo "Cleaning log directory..." + local logdir="${WGDASH}/src/log" - echo "Cleaning log directory." - find /opt/wireguarddashboard/src/log -name 'access_*.log' -exec rm {} + - find /opt/wireguarddashboard/src/log -name 'error_*.log' -exec rm {} + + find $logdir -name 'access_*.log' -exec rm {} + + find $logdir -name 'error_*.log' -exec rm {} + echo "Removed unneeded logs!" } -# === SET ENV VARS === set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" # Path to the configuration file (exists because of previous function). - config_file="/opt/wireguarddashboard/src/wg-dashboard.ini" + local config_file="/opt/wireguarddashboard/src/wg-dashboard.ini" # Check if the file is empty if [ ! -s "$config_file" ]; then @@ -148,11 +152,16 @@ start_core() { printf "\n---------------------- STARTING CORE -----------------------\n" echo "Activating Python venv and executing the WireGuard Dashboard service." + . "${WGDASH}"/src/venv/bin/activate cd "${WGDASH}"/src || return bash wgd.sh start # Isolated peers feature, first converting the existing configuration files and the given names to arrays. + # + # WILL BE REMOVED IN FUTURE WHEN WGDASHBOARD ITSELF SUPPORTS THIS!! + # + local configurations=(/etc/wireguard/*) IFS=',' read -r -a do_isolate <<< "${isolate}" non_isolate=() @@ -205,6 +214,10 @@ start_core() { done # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. + # + # WILL BE REMOVED IN FUTURE WHEN WGDASHBOARD ITSELF SUPPORTS THIS!! + # + IFS=',' read -r -a enable_array <<< "${enable}" for interface in "${enable_array[@]}"; do From 4ffb00c9f5c60e133b124b03ddd0fba1f981cc95 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 16:57:51 +0200 Subject: [PATCH 03/13] Updated ensure install. --- entrypoint.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 88449a8..b1544d2 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,7 +7,7 @@ ensure_installation() { # When using a custom directory to store the files, this part moves over and makes sure the installation continues. echo "Checking if everything is present." - if [ -z "$(ls -A "${WGDASH}")" ]; then + if [ -z "$(ls -A "${WGDASH}")" ]; then # [ ! -f "/data/wg-dashboard.ini" ] && [ ! -d "/data/db" ] echo "Detected empty directory, moving over..." # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) @@ -16,14 +16,14 @@ ensure_installation() { if [ ! -d "/data/db" ]; then echo "Creating database dir" mkdir /data/db - ln -s /data/db ${WGDASH}/src/db fi + ln -s /data/db ${WGDASH}/src/db if [ ! -f "/data/wg-dashboard.ini" ]; then echo "Creating wg-dashboard.ini file" touch /data/wg-dashboard.ini - ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini fi + ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" @@ -161,7 +161,7 @@ start_core() { # # WILL BE REMOVED IN FUTURE WHEN WGDASHBOARD ITSELF SUPPORTS THIS!! # - + local configurations=(/etc/wireguard/*) IFS=',' read -r -a do_isolate <<< "${isolate}" non_isolate=() From 83560bc7753cbe167345a1a79db83ce59e7e2796 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 22:40:40 +0200 Subject: [PATCH 04/13] Changed around Docker image building and entrypoint. - Succeeding my tests. --- Dockerfile | 6 ++-- docker/compose.yaml | 1 + entrypoint.sh | 67 ++++++++++++++++++++------------------------- 3 files changed, 34 insertions(+), 40 deletions(-) diff --git a/Dockerfile b/Dockerfile index 09c38b1..aaccc43 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,9 +30,9 @@ RUN mkdir -p /setup/conf \ && mkdir /data COPY ./src /setup/app/src -# Set the volume to be used for WireGuard configuration persistency. -VOLUME /etc/wireguard -VOLUME ${WGDASH} +# Set the volume to be used for WireGuard configuration persistency. Can be ignored so it does not create volumes when not specified. +#VOLUME /etc/wireguard +#VOLUME /data # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. diff --git a/docker/compose.yaml b/docker/compose.yaml index b0f5617..17b7f96 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -17,6 +17,7 @@ services: - data:/data cap_add: - NET_ADMIN + volumes: conf: data: diff --git a/entrypoint.sh b/entrypoint.sh index b1544d2..f46134c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -13,17 +13,12 @@ ensure_installation() { # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) mv -v /setup/app/* "${WGDASH}" - if [ ! -d "/data/db" ]; then - echo "Creating database dir" - mkdir /data/db - fi - ln -s /data/db ${WGDASH}/src/db + [ ! -d "/data/db" ] && echo "Creating database dir" && mkdir /data/db + ln -s /data/db "${WGDASH}/src/db" + + [ ! -f "/data/wg-dashboard.ini" ] && echo "Creating wg-dashboard.ini file" && touch /data/wg-dashboard.ini + ln -s /data/wg-dashboard.ini "${WGDASH}/src/wg-dashboard.ini" - if [ ! -f "/data/wg-dashboard.ini" ]; then - echo "Creating wg-dashboard.ini file" - touch /data/wg-dashboard.ini - fi - ln -s /data/wg-dashboard.ini ${WGDASH}/src/wg-dashboard.ini python3 -m venv "${WGDASH}"/src/venv . "${WGDASH}/src/venv/bin/activate" @@ -50,9 +45,8 @@ ensure_installation() { echo "Setting a secure private key." # SORRY 4 BE4 - Daan local privateKey=$(wg genkey) - - sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf + echo "Done setting template." else echo "Existing wg0 configuration file found, using that." @@ -62,42 +56,40 @@ ensure_installation() { clean_up() { printf "\n------------------------ CLEAN UP --------------------------\n" - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. + local pid_file="${WGDASH}/src/gunicorn.pid" + local pycache="${WGDASH}/src/__pycache__" + local logdir="${WGDASH}/src/log" + echo "Looking for remains of previous instances..." - local pid_file="${WGDASH}/src/gunicorn.pid" + # Handle the .pid file cleanup if [ -f "$pid_file" ]; then echo "Found old pid file, removing." - rm $pid_file + rm -f "$pid_file" else echo "No pid remains found, continuing." fi - # Also check for Python caches (pycache) inspired by https://github.com/shuricksumy + # Remove Python caches (__pycache__) echo "Looking for remains of pycache..." - - local pycache="${WGDASH}/src/__pycache__" if [ -d "$pycache" ]; then - local pycache_filecount=$(find "$pycache" -maxdepth 1 -type f | wc -l) - if [ "$pycache_filecount" -gt 0 ]; then + if find "$pycache" -type f -print -quit | grep -q .; then echo "Found old pycaches, removing." - rm -rf "$pycache"/* + rm -rf "$pycache" else echo "No pycaches found, continuing." fi else - echo "No pycaches found, continuing." + echo "No pycaches directory found, continuing." fi - # Cleaning up the logs from the previous instance. + # Clean up log files echo "Cleaning log directory..." - - local logdir="${WGDASH}/src/log" - find $logdir -name 'access_*.log' -exec rm {} + - find $logdir -name 'error_*.log' -exec rm {} + + find "$logdir" -type f -name 'access_*.log' -o -name 'error_*.log' -exec rm -f {} + echo "Removed unneeded logs!" } + set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" @@ -118,7 +110,6 @@ set_envvars() { else echo "Config file is not empty" - cat /opt/wireguarddashboard/src/wg-dashboard.ini # Check and update the DNS if it has changed current_dns=$(grep "peer_global_dns = " "$config_file" | awk '{print $NF}') if [ "${global_dns}" != "$current_dns" ]; then @@ -242,22 +233,24 @@ start_core() { done } -# === CLEAN UP === ensure_blocking() { - #printf "\n-------------- ENSURING CONTAINER CONTINUATION -------------\n" - sleep 1s echo -e "\nEnsuring container continuation." - # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) + # Find and tail the latest error and access logs if they exist + local logdir="/opt/wireguarddashboard/src/log" + + latestErrLog=$(find "$logdir" -name "error_*.log" -type f -print | sort -r | head -n 1) + latestAccLog=$(find "$logdir" -name "access_*.log" -type f -print | sort -r | head -n 1) - tail -f "${latestErrLog}" "${latestAccLog}" + # Only tail the logs if they are found + if [ -n "$latestErrLog" ] || [ -n "$latestAccLog" ]; then + tail -f "$latestErrLog" "$latestAccLog" + else + echo "No log files found to tail." fi - # Blocking command in case of erroring. So the container does not quit. + # Blocking command to keep the container running as a last resort. sleep infinity } From 166fcda1933d05496454ff90d3cc02a9e68d4499 Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 23:15:41 +0200 Subject: [PATCH 05/13] Minor changes to compose and Dockerfile. --- Dockerfile | 4 ++-- docker/compose.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index aaccc43..6597624 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest AS build +FROM alpine:latest LABEL maintainer="dselen@nerthus.nl" # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. @@ -59,4 +59,4 @@ COPY entrypoint.sh /entrypoint.sh # Exposing the default WireGuard Dashboard port for web access. EXPOSE 10086 -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] diff --git a/docker/compose.yaml b/docker/compose.yaml index 17b7f96..f06461f 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -7,7 +7,7 @@ services: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - global_dns=9.9.9.9 # <--- Set global DNS address, default: 1.1.1.1. - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0 # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. + - isolate=wg0 # <--- Set the interfaces that will disallow peer communication, default: wg0. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp From 4902b5f351621fdc1a613656a40a795ea9a4241f Mon Sep 17 00:00:00 2001 From: Daan Date: Wed, 23 Oct 2024 23:47:00 +0200 Subject: [PATCH 06/13] Initial testing to update from version 4.0.3 to 4.0.4 have succeeded! --- docker/README.md | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/docker/README.md b/docker/README.md index 2160e7e..349424c 100644 --- a/docker/README.md +++ b/docker/README.md @@ -13,7 +13,7 @@ I have tried to embed some new features such as `isolate` and interface startup ## Getting the container running: -To get the container running you either pull the image from the repository, `dselen/wgdashboard:latest`.
+To get the container running you either pull the image from the repository, `donaldzou/wgdashboard:latest`.
From there either use the environment variables describe below as parameters or use the Docker Compose file: `compose.yaml`.
Be careful, the default generated WireGuard configuration file uses port 51820/udp. So use this port if you want to use it out of the box.
Otherwise edit the configuration file in `/etc/wireguard/wg0.conf`. @@ -22,14 +22,14 @@ An example of a simple command to get the container running is show below:
```shell docker run -d \ - --name wireguard-dashboard \ + --name wgdashboard \ --restart unless-stopped \ -e enable=wg0 \ -e isolate=wg0 \ -p 10086:10086/tcp \ -p 51820:51820/udp \ --cap-add NET_ADMIN \ - dselen/wgdashboard:latest + donaldzou/wgdashboard:latest ```
If you want to use Compose instead of a raw Docker command, refer to the example in the `compose.yaml` or the one pasted below: @@ -37,34 +37,38 @@ If you want to use Compose instead of a raw Docker command, refer to the example ```yaml services: - wireguard-dashboard: - image: dselen/wgdashboard:latest + wgdashboard: + image: donaldzou/wgdashboard:latest restart: unless-stopped - container_name: wire-dash + container_name: wgdashboard environment: - #- tz= + #- tz= #- global_dns= - - enable=none - - isolate=wg0 + #- enable= + #- isolate= #- public_ip= ports: - 10086:10086/tcp - 51820:51820/udp volumes: - conf:/etc/wireguard - - app:/opt/wireguarddashboard/app + - data:/data cap_add: - NET_ADMIN volumes: conf: - app: + data: ``` -If you want to customize the yaml, make sure the core stays the same, but for example volume PATHs can be freely changed.
+If you want to customize the yaml, make sure the core stays the same, but for example volume PATHs (ON THE HOST) can be freely changed.
This setup is just generic and will use the Docker volumes. +## Updating the container: + +Updating is right now in Alpha stage. I have got it to work, testing methods. + ## Working with the container and environment variables: Once the container is running, the installation process is essentially the same as running it on bare-metal.
@@ -76,7 +80,7 @@ So go to the assign TCP port in this case HTTP, like the default 10086 one in th | global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9). | `1.1.1.1` | `8.8.8.8` or any IP-Address that resolves DNS-names, and of course is reachable | Set the default DNS given to clients once they connect to the WireGuard tunnel, and for new peers, set to Cloudflare DNS for reliability. | enable | Anything, preferably an existing WireGuard interface name. | `none` | `wg0,wg2,wg13` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. | isolate | Anything, preferably an existing WireGuard interface name. | `wg0` | `wg1,wg0` | For security premade `wg0` interface comes with this feature enabled by default. Declaring `isolate=none` in the Docker Compose file will remove this. The WireGuard interface itself IS able to reach the peers (Done through the `iptables` package). -| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `23.50.131.156` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. +| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `89.20.83.118` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. ## Be careful with: @@ -87,8 +91,9 @@ The latter opens up UDP ports from 51820 to 51830, so all ports in between as we To build the image yourself, you need to do a couple things:
1. Clone the Github repository containing the source code of WGDashboard including the docker directory. For example do: `git clone https://github.com/donaldzou/WGDashboard.git` -1. Navigate into the docker directory. -1. (Make sure you have Docker correctly installed, if not: [Click here](https://docs.docker.com/engine/install/)) and run: `docker build . -t :` as an example: `docker build . -t dselen/wgdashboard:latest`.
This will make Docker compile the image from the resources in the directory you mention, in this case the current one. Let it compile, it takes about a minute or maximally two. +1. Navigate into the cloned repository. +1. (Make sure you have Docker correctly installed, if not: [Click here](https://docs.docker.com/engine/install/)) and run: `docker build . -t :` as an example: `docker build . -t dselen/wgdashboard:latest`.
+This will make Docker compile the image from the resources in the directory you mention, in this case the source/root one. Let it compile, it takes only a couple seconds with a minute at most. 1. If all went well, see your image with `docker images`. Example below: ```shell @@ -99,8 +104,4 @@ dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB ## Closing remarks: -For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. - -## In Progress: - -Auto-Updating Capabilities, together with Donald I am working on it. \ No newline at end of file +For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. \ No newline at end of file From ba5ba2f1d64f6f416dead825976a55db8fb6db64 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 00:09:27 +0200 Subject: [PATCH 07/13] Removed copy step in entrypoint.sh Tested updating, works as long as presistent files are compatible. --- Dockerfile | 12 +++++------- entrypoint.sh | 39 ++++++++++++++------------------------- 2 files changed, 19 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6597624..8f4a152 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,11 +24,9 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /setup/conf \ - && mkdir /setup/app \ - && mkdir ${WGDASH} \ - && mkdir /data -COPY ./src /setup/app/src +RUN mkdir -p /data/conf \ + && mkdir -p ${WGDASH}/src +COPY ./src ${WGDASH}/src # Set the volume to be used for WireGuard configuration persistency. Can be ignored so it does not create volumes when not specified. #VOLUME /etc/wireguard @@ -47,8 +45,8 @@ PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQ PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ ListenPort = ${wg_port}\n\ SaveConfig = true\n\ -DNS = ${global_dns}" > /setup/conf/wg0.conf \ - && chmod 600 /setup/conf/wg0.conf +DNS = ${global_dns}" > /data/conf/wg0.conf \ + && chmod 600 /data/conf/wg0.conf # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ diff --git a/entrypoint.sh b/entrypoint.sh index f46134c..c33e382 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,42 +5,32 @@ echo "Starting the WireGuard Dashboard Docker container." ensure_installation() { # When using a custom directory to store the files, this part moves over and makes sure the installation continues. - echo "Checking if everything is present." + echo "Quick-installing..." - if [ -z "$(ls -A "${WGDASH}")" ]; then # [ ! -f "/data/wg-dashboard.ini" ] && [ ! -d "/data/db" ] - echo "Detected empty directory, moving over..." + [ ! -d "/data/db" ] && echo "Creating database dir" && mkdir /data/db + ln -s /data/db "${WGDASH}/src/db" - # Moving over source files. (This does not include src/db and src/wg-dashboard.ini folder and file.) - mv -v /setup/app/* "${WGDASH}" + [ ! -f "/data/wg-dashboard.ini" ] && echo "Creating wg-dashboard.ini file" && touch /data/wg-dashboard.ini + ln -s /data/wg-dashboard.ini "${WGDASH}/src/wg-dashboard.ini" - [ ! -d "/data/db" ] && echo "Creating database dir" && mkdir /data/db - ln -s /data/db "${WGDASH}/src/db" + python3 -m venv "${WGDASH}"/src/venv + . "${WGDASH}/src/venv/bin/activate" - [ ! -f "/data/wg-dashboard.ini" ] && echo "Creating wg-dashboard.ini file" && touch /data/wg-dashboard.ini - ln -s /data/wg-dashboard.ini "${WGDASH}/src/wg-dashboard.ini" + mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages + mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages + chmod +x "${WGDASH}"/src/wgd.sh + cd "${WGDASH}"/src || exit + ./wgd.sh install - python3 -m venv "${WGDASH}"/src/venv - . "${WGDASH}/src/venv/bin/activate" - - mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages - mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages - - chmod +x "${WGDASH}"/src/wgd.sh - cd "${WGDASH}"/src || exit - ./wgd.sh install - - echo "Looks like the installation succesfully moved over." - else - echo "Looks like everything is present. Or the directory is not empty." - fi + echo "Looks like the installation succeeded." # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. # This is done so WGDashboard it works out of the box if [ ! -f "/etc/wireguard/wg0.conf" ]; then echo "Standard wg0 Configuration file not found, grabbing template." - cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf" + cp -a "/data/conf/wg0.conf" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." # SORRY 4 BE4 - Daan @@ -89,7 +79,6 @@ clean_up() { echo "Removed unneeded logs!" } - set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" From 5ad9c0e77a839211462a63f83f1febafc515d02d Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 00:23:12 +0200 Subject: [PATCH 08/13] Fixed issue where the wg0.conf template got obliterated. Moved it to a safe spot. --- Dockerfile | 7 ++++--- entrypoint.sh | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8f4a152..5f37723 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,8 @@ ENV WGDASH=/opt/wireguarddashboard # Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. # Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir -p /data/conf \ +RUN mkdir /data \ + && mkdir /configs \ && mkdir -p ${WGDASH}/src COPY ./src ${WGDASH}/src @@ -45,8 +46,8 @@ PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQ PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ ListenPort = ${wg_port}\n\ SaveConfig = true\n\ -DNS = ${global_dns}" > /data/conf/wg0.conf \ - && chmod 600 /data/conf/wg0.conf +DNS = ${global_dns}" > /configs/wg0.conf.template \ + && chmod 600 /configs/wg0.conf.template # Defining a way for Docker to check the health of the container. In this case: checking the login URL. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ diff --git a/entrypoint.sh b/entrypoint.sh index c33e382..e64e8dc 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -30,7 +30,7 @@ ensure_installation() { if [ ! -f "/etc/wireguard/wg0.conf" ]; then echo "Standard wg0 Configuration file not found, grabbing template." - cp -a "/data/conf/wg0.conf" "/etc/wireguard/wg0.conf" + cp -a "/configs/wg0.conf.template" "/etc/wireguard/wg0.conf" echo "Setting a secure private key." # SORRY 4 BE4 - Daan From 3ac9c23573ddaf81ea4e525fb0105dde95b29226 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 10:13:33 +0200 Subject: [PATCH 09/13] Removed the default value: wg0 in isolate and enable. Removed clean_up() function because persistency is done differently. Overal tried to make readability better in entrypoint.sh Fixed bug where local config variable causes issues. Applied ShellCheck recommendations. --- Dockerfile | 8 +--- docker/README.md | 4 +- docker/compose.yaml | 8 ++-- entrypoint.sh | 98 +++++++++++++++++++-------------------------- 4 files changed, 49 insertions(+), 69 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5f37723..c3bd8d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ARG wg_port="51820" ENV TZ="Europe/Amsterdam" ENV global_dns="1.1.1.1" ENV enable="none" -ENV isolate="wg0" +ENV isolate="none" ENV public_ip="0.0.0.0" # Doing package management operations, such as upgrading @@ -29,10 +29,6 @@ RUN mkdir /data \ && mkdir -p ${WGDASH}/src COPY ./src ${WGDASH}/src -# Set the volume to be used for WireGuard configuration persistency. Can be ignored so it does not create volumes when not specified. -#VOLUME /etc/wireguard -#VOLUME /data - # Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. # Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -49,7 +45,7 @@ SaveConfig = true\n\ DNS = ${global_dns}" > /configs/wg0.conf.template \ && chmod 600 /configs/wg0.conf.template -# Defining a way for Docker to check the health of the container. In this case: checking the login URL. +# Defining a way for Docker to check the health of the container. In this case: checking the gunicorn process. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 diff --git a/docker/README.md b/docker/README.md index 349424c..541581b 100644 --- a/docker/README.md +++ b/docker/README.md @@ -79,7 +79,7 @@ So go to the assign TCP port in this case HTTP, like the default 10086 one in th | tz | Europe/Amsterdam or any confirming timezone notation. | `Europe/Amsterdam` | `America/New_York` | Sets the timezone of the Docker container. This is to timesync the container to any other processes which would need it. | | global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9). | `1.1.1.1` | `8.8.8.8` or any IP-Address that resolves DNS-names, and of course is reachable | Set the default DNS given to clients once they connect to the WireGuard tunnel, and for new peers, set to Cloudflare DNS for reliability. | enable | Anything, preferably an existing WireGuard interface name. | `none` | `wg0,wg2,wg13` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. -| isolate | Anything, preferably an existing WireGuard interface name. | `wg0` | `wg1,wg0` | For security premade `wg0` interface comes with this feature enabled by default. Declaring `isolate=none` in the Docker Compose file will remove this. The WireGuard interface itself IS able to reach the peers (Done through the `iptables` package). +| isolate | Anything, preferably an existing WireGuard interface name. | `none` | `wg1,wg0` | The Wireguard interface itself IS able to reach the peers (Done through the `iptables` package). | public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | `89.20.83.118` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. This happends because it is inside a Docker/Kubernetes container. In or outside of NAT is not relevant as long as the given IP-address is reachable from the internet or the target network. ## Be careful with: @@ -104,4 +104,4 @@ dselen/wgdashboard latest c96fd96ee3b3 42 minutes ago 314MB ## Closing remarks: -For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. \ No newline at end of file +For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. diff --git a/docker/compose.yaml b/docker/compose.yaml index f06461f..e5c7b6e 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -5,10 +5,10 @@ services: container_name: wgdashboard environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - - global_dns=9.9.9.9 # <--- Set global DNS address, default: 1.1.1.1. - - enable=wg0 # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed. - - isolate=wg0 # <--- Set the interfaces that will disallow peer communication, default: wg0. - #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. + #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. + #- enable= # <--- Set the interfaces that will be enabled on startup, default: 'none'. + #- isolate= # <--- Set the interfaces that will disallow peer communication, default: 'none'. + #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. ports: - 10086:10086/tcp - 51820:51820/udp diff --git a/entrypoint.sh b/entrypoint.sh index e64e8dc..08ed769 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -34,7 +34,8 @@ ensure_installation() { echo "Setting a secure private key." # SORRY 4 BE4 - Daan - local privateKey=$(wg genkey) + local privateKey + privateKey=$(wg genkey) sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf echo "Done setting template." @@ -43,42 +44,6 @@ ensure_installation() { fi } -clean_up() { - printf "\n------------------------ CLEAN UP --------------------------\n" - - local pid_file="${WGDASH}/src/gunicorn.pid" - local pycache="${WGDASH}/src/__pycache__" - local logdir="${WGDASH}/src/log" - - echo "Looking for remains of previous instances..." - - # Handle the .pid file cleanup - if [ -f "$pid_file" ]; then - echo "Found old pid file, removing." - rm -f "$pid_file" - else - echo "No pid remains found, continuing." - fi - - # Remove Python caches (__pycache__) - echo "Looking for remains of pycache..." - if [ -d "$pycache" ]; then - if find "$pycache" -type f -print -quit | grep -q .; then - echo "Found old pycaches, removing." - rm -rf "$pycache" - else - echo "No pycaches found, continuing." - fi - else - echo "No pycaches directory found, continuing." - fi - - # Clean up log files - echo "Cleaning log directory..." - find "$logdir" -type f -name 'access_*.log' -o -name 'error_*.log' -exec rm -f {} + - echo "Removed unneeded logs!" -} - set_envvars() { printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n" @@ -97,7 +62,7 @@ set_envvars() { } > "$config_file" else - echo "Config file is not empty" + echo "Config file is not empty, enforcing environment variables." # Check and update the DNS if it has changed current_dns=$(grep "peer_global_dns = " "$config_file" | awk '{print $NF}') @@ -111,12 +76,15 @@ set_envvars() { # Determine the public IP and update if necessary if [ "${public_ip}" = "0.0.0.0" ]; then default_ip=$(curl -s ifconfig.me) + echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" "$config_file" else current_ip=$(grep "remote_endpoint = " "$config_file" | awk '{print $NF}') + if [ "${public_ip}" != "$current_ip" ]; then echo "Setting the Public-IP using given variable: ${public_ip}" + sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" "$config_file" fi @@ -125,8 +93,6 @@ set_envvars() { fi } - - # === CORE SERVICES === start_core() { printf "\n---------------------- STARTING CORE -----------------------\n" @@ -148,49 +114,64 @@ start_core() { # Checking if there are matches between the two arrays. for config in "${configurations[@]}"; do - local config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') + config=$(echo "$config" | sed -e 's|.*/etc/wireguard/||' -e 's|\.conf$||') + + local found found=false + for interface in "${do_isolate[@]}"; do + if [[ "$config" == "$interface" ]]; then found=true break fi + done + if [ "$found" = false ]; then non_isolate+=("$config") fi + done # Isolating the matches. for interface in "${do_isolate[@]}"; do - if [ "$interface" = "none" ]; then + + if [ "$interface" = "none" ] || [ "$interface" = "" ]; then echo "Found: $interface, stopping isolation checking." break else if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Isolating interface:" $interface - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf) + echo "Isolating interface:" "$interface" + + upblocking=$(grep -c "PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf) + downblocking=$(grep -c "PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf) if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf - sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/${interface}.conf + sed -i "/PostUp =/a PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf + sed -i "/PreDown =/a PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP" /etc/wireguard/"${interface}".conf fi + else - echo "Configuration for $interface does not seem to exist, continuing." + echo "Configuration for $interface in enforce isolation does not seem to exist, continuing." fi + fi + done # Removing isolation for the configurations that did not match. for interface in "${non_isolate[@]}"; do + if [ -f "/etc/wireguard/${interface}.conf" ]; then - echo "Removing Isolation if present for:" $interface - sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf - sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/${interface}.conf + echo "Removing isolation, if isolation is present for:" "$interface" + + sed -i "/PostUp = iptables -I FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/"${interface}".conf + sed -i "/PreDown = iptables -D FORWARD -i ${interface} -o ${interface} -j DROP/d" /etc/wireguard/"${interface}".conf else - echo "Configuration for $interface does not seem to exist, continuing." + echo "Configuration for $interface in removing isolation does not seem to exist, continuing." fi + done # The following section takes care of enabling wireguard interfaces on startup. Using arrays and given arguments. @@ -201,24 +182,28 @@ start_core() { IFS=',' read -r -a enable_array <<< "${enable}" for interface in "${enable_array[@]}"; do + if [ "$interface" = "none" ]; then echo "Found: $interface, stopping enabling checking." break else - echo "Enabling interface:" $interface + echo "Enabling interface:" "$interface" - local fileperms=$(stat -c "%a" /etc/wireguard/${interface}.conf) - if [ $fileperms -eq 644 ]; then + local fileperms + fileperms=$(stat -c "%a" /etc/wireguard/"${interface}".conf) + if [ "$fileperms" -eq 644 ]; then echo "Configuration is world accessible, adjusting." chmod 600 "/etc/wireguard/${interface}.conf" fi if [ -f "/etc/wireguard/${interface}.conf" ]; then - wg-quick up $interface + wg-quick up "$interface" else echo "No corresponding configuration file found for $interface doing nothing." fi + fi + done } @@ -246,6 +231,5 @@ ensure_blocking() { # Execute functions for the WireGuard Dashboard services, then set the environment variables ensure_installation set_envvars -clean_up start_core ensure_blocking \ No newline at end of file From 747f1a6fae490456191b5c2a026afdbc89bed1b0 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 10:24:22 +0200 Subject: [PATCH 10/13] SEC: Fixed CVE-2024-9143 presence. --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c3bd8d1..250cf48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,8 @@ ENV public_ip="0.0.0.0" RUN apk update \ && apk add --no-cache bash git tzdata \ iptables ip6tables openrc curl wireguard-tools \ - sudo py3-psutil py3-bcrypt + sudo py3-psutil py3-bcrypt \ + && apk upgrade # Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. ENV WGDASH=/opt/wireguarddashboard From adeb57864bd0c0c0ced2c9dda642224eb91f1ce1 Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 10:48:14 +0200 Subject: [PATCH 11/13] Fixed incorrect Docker_IMAGE variable from dselen/ -> donaldzou/ --- .github/workflows/docker-analyze.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-analyze.yaml b/.github/workflows/docker-analyze.yaml index 2cfbb0a..a3533a7 100644 --- a/.github/workflows/docker-analyze.yaml +++ b/.github/workflows/docker-analyze.yaml @@ -10,7 +10,7 @@ on: default: 'true' env: - DOCKER_IMAGE: dselen/wgdashboard + DOCKER_IMAGE: donaldzou/wgdashboard jobs: docker_analyze: From 81168c27c67ea95d56f604dcf4090458fc275e9c Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 24 Oct 2024 23:10:36 +0200 Subject: [PATCH 12/13] Fixed issue https://github.com/donaldzou/WGDashboard/issues/329. Regarding being able to pass in the -y flag. --- src/wgd.sh | 126 +++++++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 57 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index 389da1a..888b51b 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -380,20 +380,29 @@ update_wgd() { new_ver=$($venv_python -c "import json; import urllib.request; data = urllib.request.urlopen('https://api.github.com/repos/donaldzou/WGDashboard/releases/latest').read(); output = json.loads(data);print(output['tag_name'])") printf "%s\n" "$dashes" - printf "[WGDashboard] Are you sure you want to update to the %s? (Y/N): " "$new_ver" - read up + + if [ "$commandConfirmed" = "true" ]; then + printf "[WGDashboard] Confirmation granted.\n" + up="Y" + else + printf "[WGDashboard] Are you sure you want to update to the %s? (Y/N): " "$new_ver" + read up + fi + if [ "$up" = "Y" ] || [ "$up" = "y" ]; then printf "[WGDashboard] Shutting down WGDashboard\n" + if check_wgd_status; then stop_wgd fi - mv wgd.sh wgd.sh.old - printf "[WGDashboard] Downloading %s from GitHub..." "$new_ver" - { date; git stash; git pull https://github.com/donaldzou/WGDashboard.git $new_ver --force; } >> ./log/update.txt - chmod +x ./wgd.sh - sudo ./wgd.sh install - printf "[WGDashboard] Update completed!\n" - printf "%s\n" "$dashes" + + mv wgd.sh wgd.sh.old && \ + printf "[WGDashboard] Downloading %s from GitHub..." "$new_ver" && \ + { date; git stash; git pull https://github.com/donaldzou/WGDashboard.git $new_ver --force; } >> ./log/update.txt && \ + chmod +x ./wgd.sh && \ + sudo ./wgd.sh install && \ + printf "[WGDashboard] Update completed!\n" && \ + printf "%s\n" "$dashes"; \ rm wgd.sh.old else printf "%s\n" "$dashes" @@ -402,52 +411,55 @@ update_wgd() { fi } -if [ "$#" != 1 ]; - then - help - else - if [ "$1" = "start" ]; then - if check_wgd_status; then - printf "%s\n" "$dashes" - printf "[WGDashboard] WGDashboard is already running.\n" - printf "%s\n" "$dashes" - else - start_wgd - fi - elif [ "$1" = "stop" ]; then - if check_wgd_status; then - printf "%s\n" "$dashes" - stop_wgd - printf "[WGDashboard] WGDashboard is stopped.\n" - printf "%s\n" "$dashes" - else - printf "%s\n" "$dashes" - printf "[WGDashboard] WGDashboard is not running.\n" - printf "%s\n" "$dashes" - fi - elif [ "$1" = "update" ]; then - update_wgd - elif [ "$1" = "install" ]; then - printf "%s\n" "$dashes" - install_wgd - printf "%s\n" "$dashes" - elif [ "$1" = "restart" ]; then - if check_wgd_status; then - printf "%s\n" "$dashes" - stop_wgd - printf "| WGDashboard is stopped. |\n" - sleep 4 - start_wgd - else - start_wgd - fi - elif [ "$1" = "debug" ]; then - if check_wgd_status; then - printf "| WGDashboard is already running. |\n" - else - start_wgd_debug - fi - else - help - fi +if [ "$#" -lt 1 ]; then + help +else + if [ "$2" = "-y" ] || [ "$2" = "-Y" ]; then + commandConfirmed="true" + fi + + if [ "$1" = "start" ]; then + if check_wgd_status; then + printf "%s\n" "$dashes" + printf "[WGDashboard] WGDashboard is already running.\n" + printf "%s\n" "$dashes" + else + start_wgd + fi + elif [ "$1" = "stop" ]; then + if check_wgd_status; then + printf "%s\n" "$dashes" + stop_wgd + printf "[WGDashboard] WGDashboard is stopped.\n" + printf "%s\n" "$dashes" + else + printf "%s\n" "$dashes" + printf "[WGDashboard] WGDashboard is not running.\n" + printf "%s\n" "$dashes" + fi + elif [ "$1" = "update" ]; then + update_wgd + elif [ "$1" = "install" ]; then + printf "%s\n" "$dashes" + install_wgd + printf "%s\n" "$dashes" + elif [ "$1" = "restart" ]; then + if check_wgd_status; then + printf "%s\n" "$dashes" + stop_wgd + printf "| WGDashboard is stopped. |\n" + sleep 4 + start_wgd + else + start_wgd + fi + elif [ "$1" = "debug" ]; then + if check_wgd_status; then + printf "| WGDashboard is already running. |\n" + else + start_wgd_debug + fi + else + help + fi fi From a93291b38fd1219586c06fafa86ee87916621a4a Mon Sep 17 00:00:00 2001 From: Daan Date: Thu, 31 Oct 2024 20:16:45 +0100 Subject: [PATCH 13/13] Changed the workflow from every night to: on every commit in the main branch. --- .github/workflows/docker-analyze.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-analyze.yaml b/.github/workflows/docker-analyze.yaml index a3533a7..eb1d319 100644 --- a/.github/workflows/docker-analyze.yaml +++ b/.github/workflows/docker-analyze.yaml @@ -1,8 +1,10 @@ name: Docker-Analyze on: - schedule: - - cron: "0 0 * * *" # Daily at midnight UTC + #schedule: + # - cron: "0 0 * * *" # Daily at midnight UTC + push: + branches: [ main ] workflow_dispatch: inputs: trigger-build: