diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..5c097e7
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,56 @@
+name: Docker Image Build and Analysis
+
+on:
+ schedule:
+ - cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
+ workflow_dispatch: # Manual run trigger
+ inputs:
+ trigger-build:
+ description: 'Trigger a manual build and push'
+ default: 'true'
+
+jobs:
+ build-and-analyze:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ - name: Log in to Docker Hub
+ uses: docker/login-action@v3
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Build Docker image
+ id: build-image
+ run: |
+ echo "Building Docker image..."
+ docker build -t my-app-image:latest .
+ echo "Docker image built successfully."
+
+ - name: Install Docker Scout
+ run: |
+ echo "Installing Docker Scout..."
+ curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
+ echo "Docker Scout installed successfully."
+
+ - name: Analyze Docker image with Docker Scout
+ id: analyze-image
+ run: |
+ echo "Analyzing Docker image with Docker Scout..."
+ docker scout cves my-app-image:latest > scout-results.txt
+ cat scout-results.txt # Print the report to the workflow logs for easy viewing
+ echo "Docker Scout analysis completed."
+
+ - name: Post Comment on Issue or PR
+ run: |
+ COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
+
+ # Post comment using GitHub API
+ curl -X POST \
+ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+ -H "Accept: application/vnd.github.v3+json" \
+ -d "{\"body\": \"$COMMENT\"}" \
+ "https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..ad73bb2
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,31 @@
+# Pull from small Debian stable image.
+FROM alpine:latest AS builder
+
+LABEL maintainer="dselen@nerthus.nl"
+
+WORKDIR /opt/wireguarddashboard/src
+
+RUN apk update && \
+ apk add --no-cache sudo gcc musl-dev rust cargo linux-headers
+
+COPY ./docker/alpine/builder.sh /opt/wireguarddashboard/src/
+COPY ./docker/alpine/requirements.txt /opt/wireguarddashboard/src/
+RUN chmod u+x /opt/wireguarddashboard/src/builder.sh
+RUN /opt/wireguarddashboard/src/builder.sh
+
+
+FROM alpine:latest
+WORKDIR /opt/wireguarddashboard/src
+
+COPY ./src /opt/wireguarddashboard/src/
+COPY --from=builder /opt/wireguarddashboard/src/venv /opt/wireguarddashboard/src/venv
+COPY --from=builder /opt/wireguarddashboard/src/log /opt/wireguarddashboard/src/log/
+
+RUN apk update && \
+ apk add --no-cache wireguard-tools sudo && \
+ apk add --no-cache iptables ip6tables && \
+ chmod u+x /opt/wireguarddashboard/src/entrypoint.sh
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1
+
+ENTRYPOINT ["/opt/wireguarddashboard/src/entrypoint.sh"]
\ No newline at end of file
diff --git a/README.md b/README.md
index 76b5a70..d184ff5 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,9 @@
## 📣 What's New: v4.0
+> [!TIP]
+> [📹 Demo video on YouTube](https://www.youtube.com/watch?v=0mwzd5Gr2eU)
+
### 🎉 New Features
- **Updated dashboard design**: Re-designed some of the section with more modern style and layout, the UI is faster and more responsive, it also uses less memory. But overall is still the same dashboard you're familiarized.
@@ -59,6 +62,8 @@
> Also, huge thanks to who contributed to this major release:
> @bolgovrussia, @eduardorosabales, @Profik, @airgapper, @tokon2000, @bkeenke, @kontorskiy777, @bugsse, @Johnnykson, @DaanSelen, @shuricksumy and many others!
+
+
## 📋 Table of Content
@@ -81,6 +86,7 @@
* [Debian 11.10](#debian-1110)
* [Red Hat Enterprise Linux 9.4 & CentOS 9-Stream](#red-hat-enterprise-linux-94--centos-9-stream)
* [Fedora 40 & Fedora 39 & Fedora 38](#fedora-40--fedora-39--fedora-38)
+ * [Alpine Linux 3.20.2](#alpine-linux-3202)
* [Manual Installation](#manual-installation)
* [🪜 Usage](#-usage)
* [Start/Stop/Restart WGDashboard](#startstoprestart-wgdashboard)
@@ -260,6 +266,20 @@ firewall-cmd --add-port=51820/udp --permanent && \
firewall-cmd --reload
```
+#### Alpine Linux 3.20.2
+
+```shell
+setup-interfaces -a ; \
+rc-service networking --quiet start ; \
+printf "https://mirrors.aliyun.com/alpine/latest-stable/main\nhttps://mirrors.aliyun.com/alpine/latest-stable/community" > /etc/apk/repositories ; \
+apk update ; \
+apk add wireguard-tools python3 python3-dev git iptables net-tools gcc musl-dev linux-headers sudo ; \
+git clone -b v4.0-alpine-linux https://github.com/donaldzou/WGDashboard.git ; \
+cd ./WGDashboard/src ; \
+chmod +x ./wgd.sh ; \
+./wgd.sh install
+```
+
### Manual Installation
> [!NOTE]
diff --git a/compose.yaml b/compose.yaml
new file mode 100644
index 0000000..a75ef45
--- /dev/null
+++ b/compose.yaml
@@ -0,0 +1,26 @@
+services:
+
+ wireguard-dashboard:
+ build: ./
+ container_name: wiregate
+ cap_add:
+ - NET_ADMIN
+ - SYS_MODULE
+ restart: unless-stopped
+ environment:
+ - wg_net=10.0.0.1/24
+ - wg_port=51820
+ volumes:
+ - wgd_configs:/etc/wireguard
+ - wgd_app:/opt/wireguarddashboard/src
+ ports:
+ - 10086:10086/tcp
+ - 51820:51820/udp
+ sysctls:
+ - net.ipv4.ip_forward=1
+ - net.ipv4.conf.all.src_valid_mark=1
+
+
+volumes:
+ wgd_configs:
+ wgd_app:
\ No newline at end of file
diff --git a/docker/alpine/builder.sh b/docker/alpine/builder.sh
new file mode 100644
index 0000000..5511413
--- /dev/null
+++ b/docker/alpine/builder.sh
@@ -0,0 +1,43 @@
+venv_python="./venv/bin/python3"
+venv_gunicorn="./venv/bin/gunicorn"
+pythonExecutable="python3"
+
+
+_check_and_set_venv(){
+ VIRTUAL_ENV="./venv"
+ if [ ! -d $VIRTUAL_ENV ]; then
+ printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n"
+ { $pythonExecutable -m venv $VIRTUAL_ENV; } >> ./log/install.txt
+ fi
+
+ if ! $venv_python --version > /dev/null 2>&1
+ then
+ printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark"
+ kill $TOP_PID
+ fi
+
+ source ${VIRTUAL_ENV}/bin/activate
+
+}
+
+build_core () {
+ if [ ! -d "log" ]
+ then
+ printf "[WGDashboard] Creating ./log folder\n"
+ mkdir "log"
+ fi
+
+
+ apk add --no-cache python3 net-tools python3-dev py3-virtualenv
+ _check_and_set_venv
+ printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n"
+ { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt
+ printf "[WGDashboard] Building Bcrypt & Psutil\n"
+ { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt
+ printf "[WGDashboard] Build Successfull!\n"
+ printf "[WGDashboard] Clean Up Pip!\n"
+ { date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt
+
+}
+
+build_core
diff --git a/docker/alpine/requirements.txt b/docker/alpine/requirements.txt
new file mode 100644
index 0000000..074ed2f
--- /dev/null
+++ b/docker/alpine/requirements.txt
@@ -0,0 +1,2 @@
+bcrypt
+psutil
diff --git a/src/dashboard.py b/src/dashboard.py
index 369b919..1d27526 100644
--- a/src/dashboard.py
+++ b/src/dashboard.py
@@ -442,6 +442,8 @@ class WireguardConfiguration:
return self.message
def __init__(self, name: str = None, data: dict = None):
+ print(f"[WGDashboard] Initialized Configuration: {name}")
+
self.__parser: configparser.ConfigParser = configparser.ConfigParser(strict=False)
self.__parser.optionxform = str
self.__configFileModifiedTime = None
@@ -588,83 +590,93 @@ class WireguardConfiguration:
restricted = sqlSelect("SELECT * FROM '%s_restrict_access'" % self.Name).fetchall()
for i in restricted:
self.RestrictedPeers.append(Peer(i, self))
-
+
+ def configurationFileChanged(self) :
+ mt = os.path.getmtime(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'))
+ changed = self.__configFileModifiedTime is None or self.__configFileModifiedTime != mt
+ self.__configFileModifiedTime = mt
+ return changed
+
def __getPeers(self):
- mt = os.path.getmtime(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'))
- # if self.__configFileModifiedTime is None or self.__configFileModifiedTime != mt:
- self.Peers = []
- with open(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'), 'r') as configFile:
- p = []
- pCounter = -1
- content = configFile.read().split('\n')
- try:
- peerStarts = content.index("[Peer]")
- content = content[peerStarts:]
- for i in content:
- if not regex_match("#(.*)", i) and not regex_match(";(.*)", i):
- if i == "[Peer]":
- pCounter += 1
- p.append({})
- p[pCounter]["name"] = ""
- else:
- if len(i) > 0:
- split = re.split(r'\s*=\s*', i, 1)
- if len(split) == 2:
- p[pCounter][split[0]] = split[1]
+ if self.configurationFileChanged():
+ self.Peers = []
+ with open(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'), 'r') as configFile:
+ p = []
+ pCounter = -1
+ content = configFile.read().split('\n')
+ try:
+ peerStarts = content.index("[Peer]")
+ content = content[peerStarts:]
+ for i in content:
+ if not regex_match("#(.*)", i) and not regex_match(";(.*)", i):
+ if i == "[Peer]":
+ pCounter += 1
+ p.append({})
+ p[pCounter]["name"] = ""
+ else:
+ if len(i) > 0:
+ split = re.split(r'\s*=\s*', i, 1)
+ if len(split) == 2:
+ p[pCounter][split[0]] = split[1]
+
+ if regex_match("#Name# = (.*)", i):
+ split = re.split(r'\s*=\s*', i, 1)
+ print(split)
+ if len(split) == 2:
+ p[pCounter]["name"] = split[1]
- if regex_match("#Name# = (.*)", i):
- split = re.split(r'\s*=\s*', i, 1)
- print(split)
- if len(split) == 2:
- p[pCounter]["name"] = split[1]
-
- for i in p:
- if "PublicKey" in i.keys():
- checkIfExist = sqlSelect("SELECT * FROM '%s' WHERE id = ?" % self.Name,
- ((i['PublicKey']),)).fetchone()
- if checkIfExist is None:
- newPeer = {
- "id": i['PublicKey'],
- "private_key": "",
- "DNS": DashboardConfig.GetConfig("Peers", "peer_global_DNS")[1],
- "endpoint_allowed_ip": DashboardConfig.GetConfig("Peers", "peer_endpoint_allowed_ip")[
- 1],
- "name": i.get("name"),
- "total_receive": 0,
- "total_sent": 0,
- "total_data": 0,
- "endpoint": "N/A",
- "status": "stopped",
- "latest_handshake": "N/A",
- "allowed_ip": i.get("AllowedIPs", "N/A"),
- "cumu_receive": 0,
- "cumu_sent": 0,
- "cumu_data": 0,
- "traffic": [],
- "mtu": DashboardConfig.GetConfig("Peers", "peer_mtu")[1],
- "keepalive": DashboardConfig.GetConfig("Peers", "peer_keep_alive")[1],
- "remote_endpoint": DashboardConfig.GetConfig("Peers", "remote_endpoint")[1],
- "preshared_key": i["PresharedKey"] if "PresharedKey" in i.keys() else ""
- }
- sqlUpdate(
- """
- INSERT INTO '%s'
- VALUES (:id, :private_key, :DNS, :endpoint_allowed_ip, :name, :total_receive, :total_sent,
- :total_data, :endpoint, :status, :latest_handshake, :allowed_ip, :cumu_receive, :cumu_sent,
- :cumu_data, :mtu, :keepalive, :remote_endpoint, :preshared_key);
- """ % self.Name
- , newPeer)
- # sqldb.commit()
- self.Peers.append(Peer(newPeer, self))
- else:
- sqlUpdate("UPDATE '%s' SET allowed_ip = ? WHERE id = ?" % self.Name,
- (i.get("AllowedIPs", "N/A"), i['PublicKey'],))
- # sqldb.commit()
- self.Peers.append(Peer(checkIfExist, self))
- except Exception as e:
- print(f"[WGDashboard] {self.Name} Error: {str(e)}")
- self.__configFileModifiedTime = mt
+ for i in p:
+ if "PublicKey" in i.keys():
+ checkIfExist = sqlSelect("SELECT * FROM '%s' WHERE id = ?" % self.Name,
+ ((i['PublicKey']),)).fetchone()
+ if checkIfExist is None:
+ newPeer = {
+ "id": i['PublicKey'],
+ "private_key": "",
+ "DNS": DashboardConfig.GetConfig("Peers", "peer_global_DNS")[1],
+ "endpoint_allowed_ip": DashboardConfig.GetConfig("Peers", "peer_endpoint_allowed_ip")[
+ 1],
+ "name": i.get("name"),
+ "total_receive": 0,
+ "total_sent": 0,
+ "total_data": 0,
+ "endpoint": "N/A",
+ "status": "stopped",
+ "latest_handshake": "N/A",
+ "allowed_ip": i.get("AllowedIPs", "N/A"),
+ "cumu_receive": 0,
+ "cumu_sent": 0,
+ "cumu_data": 0,
+ "traffic": [],
+ "mtu": DashboardConfig.GetConfig("Peers", "peer_mtu")[1],
+ "keepalive": DashboardConfig.GetConfig("Peers", "peer_keep_alive")[1],
+ "remote_endpoint": DashboardConfig.GetConfig("Peers", "remote_endpoint")[1],
+ "preshared_key": i["PresharedKey"] if "PresharedKey" in i.keys() else ""
+ }
+ sqlUpdate(
+ """
+ INSERT INTO '%s'
+ VALUES (:id, :private_key, :DNS, :endpoint_allowed_ip, :name, :total_receive, :total_sent,
+ :total_data, :endpoint, :status, :latest_handshake, :allowed_ip, :cumu_receive, :cumu_sent,
+ :cumu_data, :mtu, :keepalive, :remote_endpoint, :preshared_key);
+ """ % self.Name
+ , newPeer)
+ # sqldb.commit()
+ self.Peers.append(Peer(newPeer, self))
+ else:
+ sqlUpdate("UPDATE '%s' SET allowed_ip = ? WHERE id = ?" % self.Name,
+ (i.get("AllowedIPs", "N/A"), i['PublicKey'],))
+ # sqldb.commit()
+ self.Peers.append(Peer(checkIfExist, self))
+ except Exception as e:
+ print(f"[WGDashboard] {self.Name} Error: {str(e)}")
+ else:
+ self.Peers.clear()
+ checkIfExist = sqlSelect("SELECT * FROM '%s'" % self.Name).fetchall()
+ for i in checkIfExist:
+ self.Peers.append(Peer(i, self))
+
def addPeers(self, peers: list):
for p in peers:
@@ -803,12 +815,11 @@ class WireguardConfiguration:
else:
status = "stopped"
if int(latestHandshake[count + 1]) > 0:
- sqldb.execute("UPDATE '%s' SET latest_handshake = ?, status = ? WHERE id= ?" % self.Name
+ sqlUpdate("UPDATE '%s' SET latest_handshake = ?, status = ? WHERE id= ?" % self.Name
, (str(minus).split(".", maxsplit=1)[0], status, latestHandshake[count],))
else:
- sqldb.execute("UPDATE '%s' SET latest_handshake = 'No Handshake', status = ? WHERE id= ?" % self.Name
+ sqlUpdate("UPDATE '%s' SET latest_handshake = 'No Handshake', status = ? WHERE id= ?" % self.Name
, (status, latestHandshake[count],))
- sqldb.commit()
count += 2
@@ -1284,16 +1295,20 @@ def _regexMatch(regex, text):
return pattern.search(text) is not None
-def _getConfigurationList() -> [WireguardConfiguration]:
- configurations = {}
+def _getConfigurationList():
+ # configurations = {}
for i in os.listdir(WG_CONF_PATH):
if _regexMatch("^(.{1,}).(conf)$", i):
i = i.replace('.conf', '')
try:
- configurations[i] = WireguardConfiguration(i)
+ if i in WireguardConfigurations.keys():
+ if WireguardConfigurations[i].configurationFileChanged():
+ WireguardConfigurations[i] = WireguardConfiguration(i)
+ else:
+ WireguardConfigurations[i] = WireguardConfiguration(i)
except WireguardConfiguration.InvalidConfigurationFileException as e:
print(f"{i} have an invalid configuration file.")
- return configurations
+
def _checkIPWithRange(ip):
@@ -1354,8 +1369,7 @@ def _generatePrivateKey() -> [bool, str]:
except subprocess.CalledProcessError:
return False, None
-
-def _getWireguardConfigurationAvailableIP(configName: str) -> tuple[bool, list[str]] | tuple[bool, None]:
+def _getWireguardConfigurationAvailableIP(configName: str, all: bool = False) -> tuple[bool, list[str]] | tuple[bool, None]:
if configName not in WireguardConfigurations.keys():
return False, None
configuration = WireguardConfigurations[configName]
@@ -1387,8 +1401,9 @@ def _getWireguardConfigurationAvailableIP(configName: str) -> tuple[bool, list[s
if h not in existedAddress:
availableAddress.append(ipaddress.ip_network(h).compressed)
count += 1
- if network.version == 6 and count > 255:
- break
+ if not all:
+ if network.version == 6 and count > 255:
+ break
return True, availableAddress
return False, None
@@ -1534,7 +1549,7 @@ def API_SignOut():
@app.route(f'{APP_PREFIX}/api/getWireguardConfigurations', methods=["GET"])
def API_getWireguardConfigurations():
- # WireguardConfigurations = _getConfigurationList()
+ _getConfigurationList()
return ResponseObject(data=[wc for wc in WireguardConfigurations.values()])
@@ -1841,17 +1856,7 @@ def API_addPeers(configName):
if i not in availableIps[1]:
return ResponseObject(False, f"This IP is not available: {i}")
- config.addPeers([{"id": public_key, "allowed_ip": ''.join(allowed_ips)}])
- # subprocess.check_output(
- # f"wg set {config.Name} peer {public_key} allowed-ips {''.join(allowed_ips)}",
- # shell=True, stderr=subprocess.STDOUT)
- # if len(preshared_key) > 0:
- # subprocess.check_output(
- # f"wg set {config.Name} peer {public_key} preshared-key {preshared_key}",
- # shell=True, stderr=subprocess.STDOUT)
- # subprocess.check_output(
- # f"wg-quick save {config.Name}", shell=True, stderr=subprocess.STDOUT)
- # config.getPeersList()
+ config.addPeers([{"id": public_key, "allowed_ip": ','.join(allowed_ips)}])
found, peer = config.searchPeer(public_key)
if found:
return peer.updatePeer(name, private_key, preshared_key, dns_addresses, ",".join(allowed_ips),
@@ -2188,7 +2193,7 @@ _, WG_CONF_PATH = DashboardConfig.GetConfig("Server", "wg_conf_path")
WireguardConfigurations: dict[str, WireguardConfiguration] = {}
-WireguardConfigurations = _getConfigurationList()
+_getConfigurationList()
def startThreads():
bgThread = threading.Thread(target=backGroundThread)
diff --git a/src/entrypoint.sh b/src/entrypoint.sh
new file mode 100644
index 0000000..c8056f2
--- /dev/null
+++ b/src/entrypoint.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+echo "Starting the WireGuard Dashboard Docker container."
+
+clean_up() {
+ # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
+ echo "Looking for remains of previous instances..."
+ if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then
+ echo "Found old .pid file, removing."
+ rm /opt/wireguarddashboard/app/src/gunicorn.pid
+ else
+ echo "No remains found, continuing."
+ fi
+}
+ensure_blocking() {
+ sleep 1s
+ echo "Ensuring container continuation."
+
+ # This function checks if the latest error log is created and tails it for docker logs uses.
+ if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
+ latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1)
+ latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1)
+ tail -f "${latestErrLog}" "${latestAccLog}"
+ fi
+
+ # Blocking command in case of erroring. So the container does not quit.
+ sleep infinity
+}
+
+{ date; clean_up; printf "\n\n"; } >> ./log/install.txt
+
+chmod u+x /opt/wireguarddashboard/src/wgd.sh
+/opt/wireguarddashboard/src/wgd.sh install
+/opt/wireguarddashboard/src/wgd.sh docker_start
+ensure_blocking
diff --git a/src/iptable-rules/postdown.sh b/src/iptable-rules/postdown.sh
new file mode 100644
index 0000000..962772a
--- /dev/null
+++ b/src/iptable-rules/postdown.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+WIREGUARD_INTERFACE=ADMINS
+WIREGUARD_LAN=10.0.0.1/24
+MASQUERADE_INTERFACE=eth0
+
+CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"
+
+iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN
+
+# Remove and delete the WIREGUARD_wg0 chain
+iptables -D FORWARD -j $CHAIN_NAME
+iptables -F $CHAIN_NAME
+iptables -X $CHAIN_NAME
\ No newline at end of file
diff --git a/src/iptable-rules/postup.sh b/src/iptable-rules/postup.sh
new file mode 100644
index 0000000..0fc8b87
--- /dev/null
+++ b/src/iptable-rules/postup.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+WIREGUARD_INTERFACE=ADMINS
+WIREGUARD_LAN=10.0.0.1/24
+MASQUERADE_INTERFACE=eth0
+
+iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN
+
+# Add a WIREGUARD_wg0 chain to the FORWARD chain
+CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"
+iptables -N $CHAIN_NAME
+iptables -A FORWARD -j $CHAIN_NAME
+
+# Accept related or established traffic
+iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+# Accept traffic from any Wireguard IP address connected to the Wireguard server
+iptables -A $CHAIN_NAME -s $WIREGUARD_LAN -i $WIREGUARD_INTERFACE -j ACCEPT
+
+# Allow traffic to the local loopback interface
+iptables -A $CHAIN_NAME -o lo -j ACCEPT
+
+# Drop everything else coming through the Wireguard interface
+iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP
+
+# Return to FORWARD chain
+iptables -A $CHAIN_NAME -j RETURN
\ No newline at end of file
diff --git a/src/wgd.sh b/src/wgd.sh
index 9f89e0e..d080e70 100755
--- a/src/wgd.sh
+++ b/src/wgd.sh
@@ -65,10 +65,6 @@ _determineOS(){
OS=$ID
elif [ -f /etc/redhat-release ]; then
OS="redhat"
- elif [ -f /etc/alpine-release ]; then
- OS="alpine"
-# elif [ -f /etc/arch-release ]; then
-# OS="arch"
else
printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark"
printf "%s\n" "$helpMsg"
@@ -131,18 +127,6 @@ _installPythonVenv(){
ubuntu|debian)
{ sudo apt-get update; sudo apt-get install ${pythonExecutable}-venv; } &>> ./log/install.txt
;;
-# centos|fedora|redhat|rhel)
-# if command -v dnf &> /dev/null; then
-# { sudo dnf install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt
-# else
-# { sudo yum install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt
-# fi
-# ;;
-# *)
-# printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS.\n" "$heavy_crossmark"
-# printf "%s\n" "$helpMsg"
-# kill $TOP_PID
-# ;;
esac
fi
@@ -275,16 +259,17 @@ install_wgd(){
_checkPythonVersion
_installPythonVenv
_installPythonPip
- _checkWireguard
+ _checkWireguard
sudo chmod -R 755 /etc/wireguard/
if [ ! -d "db" ]
- then
- printf "[WGDashboard] Creating ./db folder\n"
- mkdir "db"
+ then
+ printf "[WGDashboard] Creating ./db folder\n"
+ mkdir "db"
fi
_check_and_set_venv
printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n"
+ { date; python3 -m ensurepip --upgrade; printf "\n\n"; } >> ./log/install.txt
{ date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt
printf "[WGDashboard] Installing latest Python dependencies\n"
{ date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt #This all works on the default installation.
@@ -309,11 +294,11 @@ check_wgd_status(){
}
certbot_create_ssl () {
- certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
+ certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
}
certbot_renew_ssl () {
- certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
+ certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
}
gunicorn_start () {
@@ -340,7 +325,7 @@ gunicorn_start () {
}
gunicorn_stop () {
- sudo kill $(cat ./gunicorn.pid)
+ sudo kill $(cat ./gunicorn.pid)
}
start_wgd () {
@@ -349,23 +334,70 @@ start_wgd () {
}
stop_wgd() {
- if test -f "$PID_FILE"; then
- gunicorn_stop
- else
- kill "$(ps aux | grep "[p]ython3 $app_name" | awk '{print $2}')"
- fi
+ if test -f "$PID_FILE"; then
+ gunicorn_stop
+ else
+ kill "$(ps aux | grep "[p]ython3 $app_name" | awk '{print $2}')"
+ fi
+}
+
+startwgd_docker() {
+ _checkWireguard
+ printf "[WGDashboard][Docker] WireGuard configuration started\n"
+ { date; start_core ; printf "\n\n"; } >> ./log/install.txt
+ gunicorn_start
+}
+
+start_core() {
+ local iptable_dir="/opt/wireguarddashboard/src/iptable-rules"
+ # Check if wg0.conf exists in /etc/wireguard
+ if [[ ! -f /etc/wireguard/wg0.conf ]]; then
+ echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration."
+ newconf_wgd
+ else
+ echo "[WGDashboard][Docker] wg0.conf already exists. Skipping WireGuard configuration generation."
+ fi
+ # Re-assign config_files to ensure it includes any newly created configurations
+ local config_files=$(find /etc/wireguard -type f -name "*.conf")
+
+ # Set file permissions
+ find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \;
+ find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \;
+
+ # Start WireGuard for each config file
+ for file in $config_files; do
+ config_name=$(basename "$file" ".conf")
+ wg-quick up "$config_name"
+ done
+}
+
+
+
+newconf_wgd() {
+ local wg_port_listen=$wg_port
+ local wg_addr_range=$wg_net
+ private_key=$(wg genkey)
+ public_key=$(echo "$private_key" | wg pubkey)
+ cat <"/etc/wireguard/wg0.conf"
+[Interface]
+PrivateKey = $private_key
+Address = $wg_addr_range
+ListenPort = $wg_port_listen
+SaveConfig = true
+PostUp = /opt/wireguarddashboard/src/iptable-rules/postup.sh
+PreDown = /opt/wireguarddashboard/src/iptable-rules/postdown.sh
+EOF
}
start_wgd_debug() {
- printf "%s\n" "$dashes"
- _checkWireguard
- printf "[WGDashboard] Starting WGDashboard in the foreground.\n"
- sudo "$venv_python" "$app_name"
- printf "%s\n" "$dashes"
+ printf "%s\n" "$dashes"
+ _checkWireguard
+ printf "[WGDashboard] Starting WGDashboard in the foreground.\n"
+ sudo "$venv_python" "$app_name"
+ printf "%s\n" "$dashes"
}
update_wgd() {
-
_determineOS
if ! python3 --version > /dev/null 2>&1
then