donaldzou/WGDashboard
1
1
Fork 0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-10 08:53:51 +08:00
Code Issues Projects Releases Packages Wiki Activity

Update Docker-explain.md

Browse source
This commit is contained in:
Noxcis 2024-08-30 01:58:07 -05:00
parent 1e98b2c4b2
commit 18f58b4155
1 changed files with 111 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

160
docker/Docker-explain.md
View file

@ -1,82 +1,144 @@
# WG-Dashboard Docker Explanation:
Author: DaanSelen<br>
Author: Noxcis<br>
This document delves into how the WG-Dashboard Docker container has been built.<br>
Of course there are two stages, one before run-time and one at/after run-time.<br>
The `Dockerfile` describes how the container image is made, and the `entrypoint.sh` is executed after running the container. <br>
In this example, WireGuard is integrated into the container itself, so it should be a run-and-go.<br>
For more details on the source-code specific to this Docker image, refer to the source files, they have lots of comments.
The Image is two stage docker build based on alpine where psutil and bcrypt are compiled in the first stage before being copied to the final stage. This is done to maintain a small image footprint as bcrypt and psutil require gcc and supporting libraries.
I have tried to embed some new features such as `isolated_peers` and interface startup on container-start (through `enable_wg0`).
The `Dockerfile` describes how the container image is made, and the `entrypoint.sh` is executed to run the container. <br>
<img src="https://raw.githubusercontent.com/donaldzou/WGDashboard/main/img/logo.png" alt="WG-Dashboard Logo" title="WG-Dashboard Logo" width="150" height="150" />
In this example, WireGuard is integrated into the container itself, so it is a compose up and done.<br>
For more details on the source-code specific to this Docker image, refer to the source files, google, stackedit, reddit & ChatGPT until your curiosity is satisfied.
<img src="https://raw.githubusercontent.com/donaldzou/WGDashboard/main/img/logo.png" alt="WG-Dashboard Logo" title="WG-Dashboard Logo" width="150" height="150" />
## Getting the container running:
To get the container running you either pull the image from the repository, at the moment: `repo.nerthus.nl/app/wireguard-dashboard:latest`.<br>
To get the container running you either pull the image from the repository, at the moment: `noxcis/wgdashboard:4.0.2`. **Check DockerHub For Updated Tags**<br>
From there either use the environment variables describe below as parameters or use the Docker Compose file: `compose.yaml`.
An example of a simple command to get the container running is show below:<br>
```shell
docker run -d \
--name wireguard-dashboard \
--name wg-dashboard \
--cap-add NET_ADMIN \
--cap-add SYS_MODULE \
--restart unless-stopped \
-e enable_wg0=true \
-e isolated_peers=true \
-e WGD_USER=admin \
-e WGD_PASS=admin \
-e WGD_NET=10.0.0.1/24 \
-e WGD_PORT=51820 \
-e WGD_APP_PORT=10086 \
-e WGD_REMOTE_ENDPOINT=0.0.0.0 \
-e WGD_DNS="1.1.1.1, 1.0.0.1" \
-e WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0 \
-e WGD_KEEP_ALIVE=21 \
-e WGD_MTU=1420 \
-e WGD_WELCOME_SESSION=false \
-v wgd_configs:/etc/wireguard \
-v wgd_app:/opt/wireguarddashboard/src \
-p 10086:10086/tcp \
-p 51820:51820/udp \
--cap-add NET_ADMIN \
repo.nerthus.nl/app/wireguard-dashboard:latest
--sysctl net.ipv4.ip_forward=1 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
noxcis/wgdashboard:4.0.2
```
<br>
If you want to use Compose instead of a raw Docker command, refer to the example in the `compose.yaml` or the one pasted below:
<br><br>
```yaml
services:
wireguard-dashboard:
image: repo.nerthus.nl/app/wireguard-dashboard:latest
restart: unless-stopped
container_name: wire-dash
environment:
#- tz=
#- global_dns=
- enable_wg0=true
- isolated_peers=false
#- public_ip=
ports:
- 10086:10086/tcp
- 51820:51820/udp
volumes:
- conf:/etc/wireguard
- app:/opt/wireguarddashboard/app
cap_add:
- NET_ADMIN
wireguard-dashboard:
# build: ./ #Uncomment & comment out line below to build your own Image
image: noxcis/wgdashboard:4.0.2
container_name: wg-dashboard
cap_add:
- NET_ADMIN
- SYS_MODULE
restart: unless-stopped
environment:
- WGD_USER=admin
- WGD_PASS=admin
- WGD_NET=10.0.0.1/24
- WGD_PORT=51820
- WGD_APP_PORT=10086
- WGD_REMOTE_ENDPOINT=0.0.0.0
- WGD_DNS="1.1.1.1, 1.0.0.1"
- WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0
- WGD_KEEP_ALIVE=21
- WGD_MTU=1420
- WGD_WELCOME_SESSION=false #set to true for welcome setup
volumes:
- wgd_configs:/etc/wireguard
- wgd_app:/opt/wireguarddashboard/src
ports:
- 10086:10086/tcp
- 51820:51820/udp
# Add Port Map for New Configs and Restart Container to Apply
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
volumes:
conf:
app:
wgd_configs:
wgd_app:
```
If you want to customize the yaml, make sure the core stays the same, but for example volume PATHs can be freely changed.<br>
This setup is just generic and will use the Docker volumes.
If you want to customize the yaml, make sure to adjust your ports accordingly in respect to the dashboard and your wireguard configs. Your Wireguard & Dashboard Config will persist across container updates as long as the wgd_configs & wdg_app volumes are not deleted.
**TIPS**
> The Dashboard can be reset by deleting the **wgd_app** volume while maintaining configs and peers in the **wgd_configs** volume.
This setup is meant to be persistent and can be made ephemeral for development purpose or etc, by commenting out the docker volume section.
## Working with the container and environment variables:
| Environment variable | Default value | Example |
| -------------- | ------- | ------- |
|WGD_USER | admin | james |
|WGD_PASS | admin | ScottsMan49 |
|WGD_NET | 10.0.0.1/24 | 10.0.2.0/24 |
|WGD_PORT | 51820 | 4201 |
|WGD_APP_PORT | 10086 | 8000 |
|WGD_REMOTE_ENDPOINT | 0.0.0.0 | localhost |
|WGD_DNS | "1.1.1.1, 1.0.0.1" | "8.8.8.8, 8.8.4.4" |
|WGD_PEER_ENDPOINT_ALLOWED_IP | 0.0.0.0/0 |192.168.15.0/24, 10.0.1.0/24 |
|WGD_KEEP_ALIVE | 21 | 0
|WGD_MTU | 1420 | 1412
|WGD_WELCOME_SESSION | false | true
Once the container is running, the installation process is essentially the same as running it on bare-metal.<br>
So go to the assign TCP port in this case HTTP, like the default 10086 one in the example and log into the WEB-GUI.<br>
| Environment variable | Accepted arguments | Default value | Verbose |
| -------------- | ------- | ------- | ------- |
| tz | Europe/Amsterdam or any confirming timezone notation. | Europe/Amsterdam | Sets the timezone of the Docker container. This is to timesync the container to any other processes which would need it. |
| global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9) | 1.1.1.1 | Set the default DNS given to clients once they connect to the WireGuard tunnel (VPN).
| enable_wg0 | `true` or `false` | `false` | Enables or disables the starting of the WireGuard interface on container 'boot-up'.
| isolated_peers | `true` or `false` | `true` | For security the default is true, and it disables peers to ping or reach eachother, the WireGuard interface IS able to reach the peers (Done through `iptables`).
| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients.
## Closing remarks:
For feedback please submit an issue to the repository. Or message dselen@nerthus.nl.
For feedback please submit an issue to the repository. Or message dselen@nerthus.nl.