From a5a82c763dab7638585de5fbf7c542a24789829d Mon Sep 17 00:00:00 2001 From: Noxcis Date: Mon, 26 Aug 2024 02:02:41 -0500 Subject: [PATCH 01/11] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ad73bb2..ab47e53 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,6 +26,6 @@ RUN apk update && \ apk add --no-cache iptables ip6tables && \ chmod u+x /opt/wireguarddashboard/src/entrypoint.sh -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1 +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 ENTRYPOINT ["/opt/wireguarddashboard/src/entrypoint.sh"] \ No newline at end of file From ab9fb94c40ba045205fbe2905769a1827804dfe1 Mon Sep 17 00:00:00 2001 From: Noxcis Date: Wed, 28 Aug 2024 23:39:44 -0500 Subject: [PATCH 02/11] Added Environment File +Kill CMD via SIGTERM --- Dockerfile | 11 +++- compose.yaml | 14 ++++- docker/alpine/builder.sh | 18 +++--- ...uirements.txt => builder_requirements.txt} | 2 +- src/dashboard.py | 35 +++++++---- src/entrypoint.sh | 9 +++ src/requirements.txt | 3 +- src/wgd.sh | 60 +++++++++++++++++-- 8 files changed, 123 insertions(+), 29 deletions(-) rename docker/alpine/{requirements.txt => builder_requirements.txt} (50%) diff --git a/Dockerfile b/Dockerfile index ab47e53..53efa40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,11 +9,12 @@ RUN apk update && \ apk add --no-cache sudo gcc musl-dev rust cargo linux-headers COPY ./docker/alpine/builder.sh /opt/wireguarddashboard/src/ -COPY ./docker/alpine/requirements.txt /opt/wireguarddashboard/src/ +COPY ./docker/alpine/builder_requirements.txt /opt/wireguarddashboard/src/ RUN chmod u+x /opt/wireguarddashboard/src/builder.sh RUN /opt/wireguarddashboard/src/builder.sh + FROM alpine:latest WORKDIR /opt/wireguarddashboard/src @@ -28,4 +29,10 @@ RUN apk update && \ HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 -ENTRYPOINT ["/opt/wireguarddashboard/src/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/opt/wireguarddashboard/src/entrypoint.sh"] + + +CMD ["docker_start"] + +# Define the stop signal to be used by Docker +STOPSIGNAL SIGTERM \ No newline at end of file diff --git a/compose.yaml b/compose.yaml index a75ef45..00e8a43 100644 --- a/compose.yaml +++ b/compose.yaml @@ -8,8 +8,18 @@ services: - SYS_MODULE restart: unless-stopped environment: - - wg_net=10.0.0.1/24 - - wg_port=51820 + - WGD_NET=10.0.0.1/24 + - WGD_PORT=51820 + - WGD_WELCOME_SESSION=true + - WGD_APP_PORT=10086 + - WGD_USER=james + - WGD_PASS=admin + - WGD_REMOTE_ENDPOINT=0.0.0.0 + - WGD_DNS="10.2.0.100, 10.2.0.100" + - WGD_IPTABLES_DNS=10.2.0.100 + - WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0 + - WGD_KEEP_ALIVE=21 + - WGD_MTU=1420 volumes: - wgd_configs:/etc/wireguard - wgd_app:/opt/wireguarddashboard/src diff --git a/docker/alpine/builder.sh b/docker/alpine/builder.sh index 5511413..4fa40b1 100644 --- a/docker/alpine/builder.sh +++ b/docker/alpine/builder.sh @@ -6,13 +6,13 @@ pythonExecutable="python3" _check_and_set_venv(){ VIRTUAL_ENV="./venv" if [ ! -d $VIRTUAL_ENV ]; then - printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n" + printf "[WGDashboard][Docker] Creating Python Virtual Environment under ./venv\n" { $pythonExecutable -m venv $VIRTUAL_ENV; } >> ./log/install.txt fi if ! $venv_python --version > /dev/null 2>&1 then - printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark" + printf "[WGDashboard][Docker] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark" kill $TOP_PID fi @@ -23,21 +23,21 @@ _check_and_set_venv(){ build_core () { if [ ! -d "log" ] then - printf "[WGDashboard] Creating ./log folder\n" + printf "[WGDashboard][Docker] Creating ./log folder\n" mkdir "log" fi apk add --no-cache python3 net-tools python3-dev py3-virtualenv _check_and_set_venv - printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" + printf "[WGDashboard][Docker] Upgrading Python Package Manage (PIP)\n" { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt - printf "[WGDashboard] Building Bcrypt & Psutil\n" - { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt - printf "[WGDashboard] Build Successfull!\n" - printf "[WGDashboard] Clean Up Pip!\n" + printf "[WGDashboard][Docker] Building Bcrypt & Psutil\n" + { date; python3 -m pip install -r builder_requirements.txt ; printf "\n\n"; } >> ./log/install.txt + printf "[WGDashboard][Docker] Build Successfull!\n" + printf "[WGDashboard][Docker] Clean Up Pip!\n" { date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt } -build_core +build_core \ No newline at end of file diff --git a/docker/alpine/requirements.txt b/docker/alpine/builder_requirements.txt similarity index 50% rename from docker/alpine/requirements.txt rename to docker/alpine/builder_requirements.txt index 074ed2f..7cbd614 100644 --- a/docker/alpine/requirements.txt +++ b/docker/alpine/builder_requirements.txt @@ -1,2 +1,2 @@ bcrypt -psutil +psutil \ No newline at end of file diff --git a/src/dashboard.py b/src/dashboard.py index 1d27526..996e646 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -26,6 +26,8 @@ from flask import Flask, request, render_template, session, g from json import JSONEncoder from flask_cors import CORS +from dotenv import load_dotenv + from icmplib import ping, traceroute # Import other python files @@ -51,7 +53,20 @@ app = Flask("WGDashboard") app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 5206928 app.secret_key = secrets.token_urlsafe(32) - +#Docker ENV ARGS Import +load_dotenv() +wgd_welcome = os.environ.get('WGD_WELCOME_SESSION') +wgd_app_port = os.environ.get('WGD_APP_PORT') +wgd_user = os.environ.get('WGD_USER') +wgd_pass = os.environ.get('WGD_PASS') +wgd_global_dns = os.environ.get('WGD_DNS') +wgd_peer_endpoint_allowed_ip = os.environ.get('WGD_PEER_ENDPOINT_ALLOWED_IP') +wgd_remote_endpoint = os.environ.get('WGD_REMOTE_ENDPOINT') +if wgd_remote_endpoint == '0.0.0.0': + default_interface = ifcfg.default_interface() + wgd_remote_endpoint = default_interface['inet'] +wgd_keep_alive = os.environ.get('WGD_KEEP_ALIVE') +wgd_mtu = os.environ.get('WGD_MTU') class ModelEncoder(JSONEncoder): @@ -1107,8 +1122,8 @@ class DashboardConfig: self.hiddenAttribute = ["totp_key"] self.__default = { "Account": { - "username": "admin", - "password": "admin", + "username": wgd_user, + "password": wgd_pass, "enable_totp": "false", "totp_verified": "false", "totp_key": pyotp.random_base32() @@ -1117,7 +1132,7 @@ class DashboardConfig: "wg_conf_path": "/etc/wireguard", "app_prefix": "", "app_ip": "0.0.0.0", - "app_port": "10086", + "app_port": wgd_app_port, "auth_req": "true", "version": DASHBOARD_VERSION, "dashboard_refresh_interval": "60000", @@ -1126,15 +1141,15 @@ class DashboardConfig: "dashboard_api_key": "false" }, "Peers": { - "peer_global_DNS": "1.1.1.1", - "peer_endpoint_allowed_ip": "0.0.0.0/0", + "peer_global_DNS": wgd_global_dns, + "peer_endpoint_allowed_ip": wgd_peer_endpoint_allowed_ip, "peer_display_mode": "grid", - "remote_endpoint": ifcfg.default_interface()['inet'], - "peer_MTU": "1420", - "peer_keep_alive": "21" + "remote_endpoint": wgd_remote_endpoint, + "peer_MTU": wgd_mtu, + "peer_keep_alive": wgd_keep_alive }, "Other": { - "welcome_session": "true" + "welcome_session": wgd_welcome }, "Database":{ "type": "sqlite" diff --git a/src/entrypoint.sh b/src/entrypoint.sh index c8056f2..487e95d 100644 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -1,4 +1,8 @@ #!/bin/bash + +# Trap the SIGTERM signal and call the stop_service function +trap './wgd.sh stop' SIGTERM + echo "Starting the WireGuard Dashboard Docker container." clean_up() { @@ -32,3 +36,8 @@ chmod u+x /opt/wireguarddashboard/src/wgd.sh /opt/wireguarddashboard/src/wgd.sh install /opt/wireguarddashboard/src/wgd.sh docker_start ensure_blocking +# Store the PID of the background process +SERVICE_PID=$! + +# Wait for the service process to exit +wait $SERVICE_PID \ No newline at end of file diff --git a/src/requirements.txt b/src/requirements.txt index 2873cbc..343e29f 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -5,4 +5,5 @@ pyotp Flask flask-cors icmplib -gunicorn \ No newline at end of file +gunicorn +python-dotenv \ No newline at end of file diff --git a/src/wgd.sh b/src/wgd.sh index 6f277a2..cba88ba 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -10,6 +10,7 @@ app_official_name="WGDashboard" venv_python="./venv/bin/python3" venv_gunicorn="./venv/bin/gunicorn" pythonExecutable="python3" +svr_config="/etc/wireguard/wg0.conf" heavy_checkmark=$(printf "\xE2\x9C\x94") heavy_crossmark=$(printf "\xE2\x9C\x97") @@ -310,6 +311,7 @@ gunicorn_stop () { start_wgd () { _checkWireguard + set_env regular gunicorn_start } @@ -324,7 +326,8 @@ stop_wgd() { startwgd_docker() { _checkWireguard printf "[WGDashboard][Docker] WireGuard configuration started\n" - { date; start_core ; printf "\n\n"; } >> ./log/install.txt + set_env docker + start_core gunicorn_start } @@ -335,7 +338,7 @@ start_core() { echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration." newconf_wgd else - echo "[WGDashboard][Docker] wg0.conf already exists. Skipping WireGuard configuration generation." + echo "[WGDashboard][Docker] wg0.conf already exists. Skipping ..." fi # Re-assign config_files to ensure it includes any newly created configurations local config_files=$(find /etc/wireguard -type f -name "*.conf") @@ -350,12 +353,61 @@ start_core() { wg-quick up "$config_name" done } +set_env() { + local env_file=".env" + local env_type="$1" + # Check if the env_file exists and is not empty + if [[ -f "$env_file" && -s "$env_file" ]]; then + printf "[WGDashboard][Docker] %s Loading Enviornment File.\n" "$heavy_checkmark" + return 0 + fi + + # Create the env_file if it doesn't exist + if [[ ! -f "$env_file" ]]; then + touch "$env_file" + printf "[WGDashboard][Docker] %s Enviornment File Missing, Creating ...\n" "$heavy_checkmark" + fi + + # Clear the file to ensure it's updated with the latest values + > "$env_file" + + if [[ "$env_type" == "docker" ]]; then + printf "WGD_WELCOME_SESSION=%s\n" "${WGD_WELCOME_SESSION}" >> "$env_file" + printf "WGD_APP_PORT=%s\n" "${WGD_APP_PORT}" >> "$env_file" + printf "WGD_USER=%s\n" "${WGD_USER}" >> "$env_file" + printf "WGD_PASS=%s\n" "${WGD_PASS}" >> "$env_file" + printf "WGD_REMOTE_ENDPOINT=%s\n" "${WGD_REMOTE_ENDPOINT}" >> "$env_file" + printf "WGD_DNS=%s\n" "${WGD_DNS}" >> "$env_file" + printf "WGD_IPTABLES_DNS=%s\n" "${WGD_IPTABLES_DNS}" >> "$env_file" + printf "WGD_PEER_ENDPOINT_ALLOWED_IP=%s\n" "${WGD_PEER_ENDPOINT_ALLOWED_IP}" >> "$env_file" + printf "WGD_KEEP_ALIVE=%s\n" "${WGD_KEEP_ALIVE}" >> "$env_file" + printf "WGD_MTU=%s\n" "${WGD_MTU}" >> "$env_file" + printf "WGD_PORT_RANGE_STARTPORT=%s\n" "${WGD_PORT_RANGE_STARTPORT}" >> "$env_file" + + elif [[ "$env_type" == "regular" ]]; then + printf "WGD_WELCOME_SESSION=true\n" >> "$env_file" + printf "WGD_APP_PORT=10086\n" >> "$env_file" + printf "WGD_USER=admin\n" >> "$env_file" + printf "WGD_PASS=admin\n" >> "$env_file" + printf "WGD_REMOTE_ENDPOINT=0.0.0.0\n" >> "$env_file" + printf "WGD_DNS=1.1.1.1\n" >> "$env_file" + printf "WGD_IPTABLES_DNS=%s\n" "${WGD_IPTABLES_DNS}" >> "$env_file" + printf "WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0\n" >> "$env_file" + printf "WGD_KEEP_ALIVE=21\n" >> "$env_file" + printf "WGD_MTU=1420\n" >> "$env_file" + printf "WGD_PORT_RANGE_STARTPORT=%s\n" "${WGD_PORT_RANGE_STARTPORT}" >> "$env_file" + else + echo "Error: Invalid environment type. Use 'docker' or 'regular'." + return 1 + fi + . .env +} newconf_wgd() { - local wg_port_listen=$wg_port - local wg_addr_range=$wg_net + local wg_port_listen=$WGD_PORT + local wg_addr_range=$WGD_NET private_key=$(wg genkey) public_key=$(echo "$private_key" | wg pubkey) cat <"/etc/wireguard/wg0.conf" From 39fd58edc090a57c1d56e8debfe68963ff8b1302 Mon Sep 17 00:00:00 2001 From: Noxcis Date: Thu, 29 Aug 2024 00:13:00 -0500 Subject: [PATCH 03/11] + --- compose.yaml | 9 ++++----- src/entrypoint.sh | 25 +++++++++++++------------ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/compose.yaml b/compose.yaml index 00e8a43..c708366 100644 --- a/compose.yaml +++ b/compose.yaml @@ -8,18 +8,17 @@ services: - SYS_MODULE restart: unless-stopped environment: + - WGD_USER=admin + - WGD_PASS=admin - WGD_NET=10.0.0.1/24 - WGD_PORT=51820 - - WGD_WELCOME_SESSION=true - WGD_APP_PORT=10086 - - WGD_USER=james - - WGD_PASS=admin - WGD_REMOTE_ENDPOINT=0.0.0.0 - - WGD_DNS="10.2.0.100, 10.2.0.100" - - WGD_IPTABLES_DNS=10.2.0.100 + - WGD_DNS="1.1.1.1, 1.0.0.1" - WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0 - WGD_KEEP_ALIVE=21 - WGD_MTU=1420 + - WGD_WELCOME_SESSION=true volumes: - wgd_configs:/etc/wireguard - wgd_app:/opt/wireguarddashboard/src diff --git a/src/entrypoint.sh b/src/entrypoint.sh index 487e95d..d9c8e01 100644 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -1,12 +1,17 @@ #!/bin/bash # Trap the SIGTERM signal and call the stop_service function -trap './wgd.sh stop' SIGTERM +trap 'stop_service' SIGTERM echo "Starting the WireGuard Dashboard Docker container." +stop_service() { + echo "SIGTERM received. Stopping WireGuard Dashboard." + ./wgd.sh stop + exit 0 +} + clean_up() { - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. echo "Looking for remains of previous instances..." if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then echo "Found old .pid file, removing." @@ -15,29 +20,25 @@ clean_up() { echo "No remains found, continuing." fi } + ensure_blocking() { sleep 1s echo "Ensuring container continuation." - # This function checks if the latest error log is created and tails it for docker logs uses. if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) - tail -f "${latestErrLog}" "${latestAccLog}" + tail -f "${latestErrLog}" "${latestAccLog}" & fi - # Blocking command in case of erroring. So the container does not quit. - sleep infinity + wait } { date; clean_up; printf "\n\n"; } >> ./log/install.txt chmod u+x /opt/wireguarddashboard/src/wgd.sh /opt/wireguarddashboard/src/wgd.sh install -/opt/wireguarddashboard/src/wgd.sh docker_start -ensure_blocking -# Store the PID of the background process -SERVICE_PID=$! +/opt/wireguarddashboard/src/wgd.sh docker_start & -# Wait for the service process to exit -wait $SERVICE_PID \ No newline at end of file +SERVICE_PID=$! +ensure_blocking From 86909e929784388a8286c289e57f4e1e32e7ead5 Mon Sep 17 00:00:00 2001 From: Noxcis Date: Thu, 29 Aug 2024 10:29:47 -0500 Subject: [PATCH 04/11] Update wgd.sh --- src/wgd.sh | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index cba88ba..4c12ed3 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -330,29 +330,6 @@ startwgd_docker() { start_core gunicorn_start } - -start_core() { - local iptable_dir="/opt/wireguarddashboard/src/iptable-rules" - # Check if wg0.conf exists in /etc/wireguard - if [[ ! -f /etc/wireguard/wg0.conf ]]; then - echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration." - newconf_wgd - else - echo "[WGDashboard][Docker] wg0.conf already exists. Skipping ..." - fi - # Re-assign config_files to ensure it includes any newly created configurations - local config_files=$(find /etc/wireguard -type f -name "*.conf") - - # Set file permissions - find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \; - find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \; - - # Start WireGuard for each config file - for file in $config_files; do - config_name=$(basename "$file" ".conf") - wg-quick up "$config_name" - done -} set_env() { local env_file=".env" local env_type="$1" @@ -403,6 +380,29 @@ set_env() { fi . .env } +start_core() { + local iptable_dir="/opt/wireguarddashboard/src/iptable-rules" + # Check if wg0.conf exists in /etc/wireguard + if [[ ! -f /etc/wireguard/wg0.conf ]]; then + echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration." + newconf_wgd + else + echo "[WGDashboard][Docker] wg0.conf already exists. Skipping ..." + fi + # Re-assign config_files to ensure it includes any newly created configurations + local config_files=$(find /etc/wireguard -type f -name "*.conf") + + # Set file permissions + find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \; + find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \; + + # Start WireGuard for each config file + for file in $config_files; do + config_name=$(basename "$file" ".conf") + wg-quick up "$config_name" + done +} + newconf_wgd() { From 48905c19f22c140a64560190b97ef5237c9ddc5f Mon Sep 17 00:00:00 2001 From: Noxcis Date: Thu, 29 Aug 2024 10:39:53 -0500 Subject: [PATCH 05/11] Update wgd.sh --- src/wgd.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index 4c12ed3..f341839 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -325,7 +325,7 @@ stop_wgd() { startwgd_docker() { _checkWireguard - printf "[WGDashboard][Docker] WireGuard configuration started\n" + printf "[WGDashboard][Docker] WGD Docker Started\n" set_env docker start_core gunicorn_start @@ -336,14 +336,14 @@ set_env() { # Check if the env_file exists and is not empty if [[ -f "$env_file" && -s "$env_file" ]]; then - printf "[WGDashboard][Docker] %s Loading Enviornment File.\n" "$heavy_checkmark" + printf "[WG-DASH ENVIORNMENT] %s Loading Enviornment File.\n" "$heavy_checkmark" return 0 fi # Create the env_file if it doesn't exist if [[ ! -f "$env_file" ]]; then touch "$env_file" - printf "[WGDashboard][Docker] %s Enviornment File Missing, Creating ...\n" "$heavy_checkmark" + printf "[WG-DASH ENVIORNMENT] %s Enviornment File Missing, Creating ...\n" "$heavy_checkmark" fi # Clear the file to ensure it's updated with the latest values @@ -384,10 +384,10 @@ start_core() { local iptable_dir="/opt/wireguarddashboard/src/iptable-rules" # Check if wg0.conf exists in /etc/wireguard if [[ ! -f /etc/wireguard/wg0.conf ]]; then - echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration." + printf "[WGDashboard][Docker] %s Wireguard Configuration Missing, Creating ....\n" "$heavy_checkmark" newconf_wgd else - echo "[WGDashboard][Docker] wg0.conf already exists. Skipping ..." + printf "[WGDashboard][Docker] %s Loading Wireguard Configuartions.\n" "$heavy_checkmark" fi # Re-assign config_files to ensure it includes any newly created configurations local config_files=$(find /etc/wireguard -type f -name "*.conf") @@ -396,6 +396,8 @@ start_core() { find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \; find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \; + printf "[WGDashboard][Docker] %s Starting Wireguard Configuartions.\n" "$heavy_checkmark" + printf "%s\n" "$dashes" # Start WireGuard for each config file for file in $config_files; do config_name=$(basename "$file" ".conf") From 1e98b2c4b242e32d6fdcefdac9daf8dcd7ab5e23 Mon Sep 17 00:00:00 2001 From: Noxcis Date: Fri, 30 Aug 2024 00:41:00 -0500 Subject: [PATCH 06/11] Update Docker - Configs & Peers Persist Across Container Updates - Containers Stop time Reduction via Sigterm - Added Environment Persist and Loading - Fixed HealthCheck --- compose.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/compose.yaml b/compose.yaml index c708366..2419bf2 100644 --- a/compose.yaml +++ b/compose.yaml @@ -2,7 +2,7 @@ services: wireguard-dashboard: build: ./ - container_name: wiregate + container_name: wg-dashboard cap_add: - NET_ADMIN - SYS_MODULE @@ -18,13 +18,14 @@ services: - WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0 - WGD_KEEP_ALIVE=21 - WGD_MTU=1420 - - WGD_WELCOME_SESSION=true + - WGD_WELCOME_SESSION=false #set to true for welcome setup volumes: - wgd_configs:/etc/wireguard - wgd_app:/opt/wireguarddashboard/src ports: - - 10086:10086/tcp - - 51820:51820/udp + - 10086:10086/tcp + - 51820:51820/udp + # Add Port Map for New Configs and Restart Container to Apply sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 From 18f58b4155daf246bbab4c8615de381948ee1cee Mon Sep 17 00:00:00 2001 From: Noxcis Date: Fri, 30 Aug 2024 01:58:07 -0500 Subject: [PATCH 07/11] Update Docker-explain.md --- docker/Docker-explain.md | 160 +++++++++++++++++++++++++++------------ 1 file changed, 111 insertions(+), 49 deletions(-) diff --git a/docker/Docker-explain.md b/docker/Docker-explain.md index dd7bfe8..0c6a8ca 100644 --- a/docker/Docker-explain.md +++ b/docker/Docker-explain.md @@ -1,82 +1,144 @@ # WG-Dashboard Docker Explanation: -Author: DaanSelen
+ + +Author: Noxcis
+ + This document delves into how the WG-Dashboard Docker container has been built.
-Of course there are two stages, one before run-time and one at/after run-time.
-The `Dockerfile` describes how the container image is made, and the `entrypoint.sh` is executed after running the container.
-In this example, WireGuard is integrated into the container itself, so it should be a run-and-go.
-For more details on the source-code specific to this Docker image, refer to the source files, they have lots of comments. +The Image is two stage docker build based on alpine where psutil and bcrypt are compiled in the first stage before being copied to the final stage. This is done to maintain a small image footprint as bcrypt and psutil require gcc and supporting libraries. -I have tried to embed some new features such as `isolated_peers` and interface startup on container-start (through `enable_wg0`). +The `Dockerfile` describes how the container image is made, and the `entrypoint.sh` is executed to run the container.
-WG-Dashboard Logo +In this example, WireGuard is integrated into the container itself, so it is a compose up and done.
+ +For more details on the source-code specific to this Docker image, refer to the source files, google, stackedit, reddit & ChatGPT until your curiosity is satisfied. + + + + +WG-Dashboard Logo + + ## Getting the container running: -To get the container running you either pull the image from the repository, at the moment: `repo.nerthus.nl/app/wireguard-dashboard:latest`.
+ + +To get the container running you either pull the image from the repository, at the moment: `noxcis/wgdashboard:4.0.2`. **Check DockerHub For Updated Tags**
+ From there either use the environment variables describe below as parameters or use the Docker Compose file: `compose.yaml`. + + An example of a simple command to get the container running is show below:
+ + ```shell + docker run -d \ - --name wireguard-dashboard \ + --name wg-dashboard \ + --cap-add NET_ADMIN \ + --cap-add SYS_MODULE \ --restart unless-stopped \ - -e enable_wg0=true \ - -e isolated_peers=true \ + -e WGD_USER=admin \ + -e WGD_PASS=admin \ + -e WGD_NET=10.0.0.1/24 \ + -e WGD_PORT=51820 \ + -e WGD_APP_PORT=10086 \ + -e WGD_REMOTE_ENDPOINT=0.0.0.0 \ + -e WGD_DNS="1.1.1.1, 1.0.0.1" \ + -e WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0 \ + -e WGD_KEEP_ALIVE=21 \ + -e WGD_MTU=1420 \ + -e WGD_WELCOME_SESSION=false \ + -v wgd_configs:/etc/wireguard \ + -v wgd_app:/opt/wireguarddashboard/src \ -p 10086:10086/tcp \ -p 51820:51820/udp \ - --cap-add NET_ADMIN \ - repo.nerthus.nl/app/wireguard-dashboard:latest + --sysctl net.ipv4.ip_forward=1 \ + --sysctl net.ipv4.conf.all.src_valid_mark=1 \ + noxcis/wgdashboard:4.0.2 + ``` +
+ If you want to use Compose instead of a raw Docker command, refer to the example in the `compose.yaml` or the one pasted below:

- ```yaml + services: - wireguard-dashboard: - image: repo.nerthus.nl/app/wireguard-dashboard:latest - restart: unless-stopped - container_name: wire-dash - environment: - #- tz= - #- global_dns= - - enable_wg0=true - - isolated_peers=false - #- public_ip= - ports: - - 10086:10086/tcp - - 51820:51820/udp - volumes: - - conf:/etc/wireguard - - app:/opt/wireguarddashboard/app - cap_add: - - NET_ADMIN +wireguard-dashboard: +# build: ./ #Uncomment & comment out line below to build your own Image +image: noxcis/wgdashboard:4.0.2 +container_name: wg-dashboard +cap_add: +- NET_ADMIN +- SYS_MODULE +restart: unless-stopped +environment: +- WGD_USER=admin +- WGD_PASS=admin +- WGD_NET=10.0.0.1/24 +- WGD_PORT=51820 +- WGD_APP_PORT=10086 +- WGD_REMOTE_ENDPOINT=0.0.0.0 +- WGD_DNS="1.1.1.1, 1.0.0.1" +- WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0 +- WGD_KEEP_ALIVE=21 +- WGD_MTU=1420 +- WGD_WELCOME_SESSION=false #set to true for welcome setup +volumes: +- wgd_configs:/etc/wireguard +- wgd_app:/opt/wireguarddashboard/src +ports: +- 10086:10086/tcp +- 51820:51820/udp +# Add Port Map for New Configs and Restart Container to Apply +sysctls: +- net.ipv4.ip_forward=1 +- net.ipv4.conf.all.src_valid_mark=1 + + volumes: - conf: - app: - +wgd_configs: +wgd_app: + ``` -If you want to customize the yaml, make sure the core stays the same, but for example volume PATHs can be freely changed.
-This setup is just generic and will use the Docker volumes. + + +If you want to customize the yaml, make sure to adjust your ports accordingly in respect to the dashboard and your wireguard configs. Your Wireguard & Dashboard Config will persist across container updates as long as the wgd_configs & wdg_app volumes are not deleted. +**TIPS** + + +> The Dashboard can be reset by deleting the **wgd_app** volume while maintaining configs and peers in the **wgd_configs** volume. + + +This setup is meant to be persistent and can be made ephemeral for development purpose or etc, by commenting out the docker volume section. + + ## Working with the container and environment variables: +| Environment variable | Default value | Example | +| -------------- | ------- | ------- | +|WGD_USER | admin | james | +|WGD_PASS | admin | ScottsMan49 | +|WGD_NET | 10.0.0.1/24 | 10.0.2.0/24 | +|WGD_PORT | 51820 | 4201 | +|WGD_APP_PORT | 10086 | 8000 | +|WGD_REMOTE_ENDPOINT | 0.0.0.0 | localhost | +|WGD_DNS | "1.1.1.1, 1.0.0.1" | "8.8.8.8, 8.8.4.4" | +|WGD_PEER_ENDPOINT_ALLOWED_IP | 0.0.0.0/0 |192.168.15.0/24, 10.0.1.0/24 | +|WGD_KEEP_ALIVE | 21 | 0 +|WGD_MTU | 1420 | 1412 +|WGD_WELCOME_SESSION | false | true -Once the container is running, the installation process is essentially the same as running it on bare-metal.
-So go to the assign TCP port in this case HTTP, like the default 10086 one in the example and log into the WEB-GUI.
- -| Environment variable | Accepted arguments | Default value | Verbose | -| -------------- | ------- | ------- | ------- | -| tz | Europe/Amsterdam or any confirming timezone notation. | Europe/Amsterdam | Sets the timezone of the Docker container. This is to timesync the container to any other processes which would need it. | -| global_dns | Any IPv4 address, such as my personal recommendation: 9.9.9.9 (QUAD9) | 1.1.1.1 | Set the default DNS given to clients once they connect to the WireGuard tunnel (VPN). -| enable_wg0 | `true` or `false` | `false` | Enables or disables the starting of the WireGuard interface on container 'boot-up'. -| isolated_peers | `true` or `false` | `true` | For security the default is true, and it disables peers to ping or reach eachother, the WireGuard interface IS able to reach the peers (Done through `iptables`). -| public_ip | Any IPv4 (public recommended) address, such as the one returned by default | Default uses the return of `curl ifconfig.me` | To reach your VPN from outside your own network, you need WG-Dashboard to know what your public IP-address is, otherwise it will generate faulty config files for clients. + ## Closing remarks: - -For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. +For feedback please submit an issue to the repository. Or message dselen@nerthus.nl. \ No newline at end of file From 4d9d12c4f9b31a401fa40ed78113db5fea91c77e Mon Sep 17 00:00:00 2001 From: Noxcis Date: Fri, 30 Aug 2024 02:20:21 -0500 Subject: [PATCH 08/11] Update Dockerfile --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 53efa40..a0cf214 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,8 @@ -# Pull from small Debian stable image. +# Pull from small secure alpine image. FROM alpine:latest AS builder LABEL maintainer="dselen@nerthus.nl" +LABEL engineer="NOXCIS" WORKDIR /opt/wireguarddashboard/src From abf7c4ad19c4405a1f23625624834257e01bb8a1 Mon Sep 17 00:00:00 2001 From: Noxcis Date: Fri, 30 Aug 2024 03:03:41 -0500 Subject: [PATCH 09/11] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a0cf214..24a93c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ # Pull from small secure alpine image. FROM alpine:latest AS builder -LABEL maintainer="dselen@nerthus.nl" -LABEL engineer="NOXCIS" +LABEL Maintainer="dselen@nerthus.nl" +LABEL Deployment-Engineer="NOXCIS" WORKDIR /opt/wireguarddashboard/src From c10fe1025948a28a495ff316ee31c5fdcaaa767d Mon Sep 17 00:00:00 2001 From: Noxcis Date: Fri, 30 Aug 2024 12:39:03 -0500 Subject: [PATCH 10/11] Update wgd.sh --- src/wgd.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index f341839..b6a3fca 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -356,11 +356,11 @@ set_env() { printf "WGD_PASS=%s\n" "${WGD_PASS}" >> "$env_file" printf "WGD_REMOTE_ENDPOINT=%s\n" "${WGD_REMOTE_ENDPOINT}" >> "$env_file" printf "WGD_DNS=%s\n" "${WGD_DNS}" >> "$env_file" - printf "WGD_IPTABLES_DNS=%s\n" "${WGD_IPTABLES_DNS}" >> "$env_file" printf "WGD_PEER_ENDPOINT_ALLOWED_IP=%s\n" "${WGD_PEER_ENDPOINT_ALLOWED_IP}" >> "$env_file" printf "WGD_KEEP_ALIVE=%s\n" "${WGD_KEEP_ALIVE}" >> "$env_file" printf "WGD_MTU=%s\n" "${WGD_MTU}" >> "$env_file" - printf "WGD_PORT_RANGE_STARTPORT=%s\n" "${WGD_PORT_RANGE_STARTPORT}" >> "$env_file" + printf "WGD_PORT=%s\n" "${WGD_PORT}" >> "$env_file" + printf "WGD_NET=%s\n" "${WGD_NET}" >> "$env_file" elif [[ "$env_type" == "regular" ]]; then printf "WGD_WELCOME_SESSION=true\n" >> "$env_file" @@ -369,11 +369,11 @@ set_env() { printf "WGD_PASS=admin\n" >> "$env_file" printf "WGD_REMOTE_ENDPOINT=0.0.0.0\n" >> "$env_file" printf "WGD_DNS=1.1.1.1\n" >> "$env_file" - printf "WGD_IPTABLES_DNS=%s\n" "${WGD_IPTABLES_DNS}" >> "$env_file" printf "WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0\n" >> "$env_file" printf "WGD_KEEP_ALIVE=21\n" >> "$env_file" printf "WGD_MTU=1420\n" >> "$env_file" - printf "WGD_PORT_RANGE_STARTPORT=%s\n" "${WGD_PORT_RANGE_STARTPORT}" >> "$env_file" + printf "WGD_PORT=51820\n" >> "$env_file" + printf "WGD_NET=10.0.0.1/24\n" >> "$env_file" else echo "Error: Invalid environment type. Use 'docker' or 'regular'." return 1 From 5156163944c099a33d10bf85e14287762095347a Mon Sep 17 00:00:00 2001 From: Noxcis Date: Sat, 31 Aug 2024 04:16:04 -0500 Subject: [PATCH 11/11] Update wgd.sh --- src/wgd.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index b6a3fca..5b8801e 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -372,8 +372,6 @@ set_env() { printf "WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0\n" >> "$env_file" printf "WGD_KEEP_ALIVE=21\n" >> "$env_file" printf "WGD_MTU=1420\n" >> "$env_file" - printf "WGD_PORT=51820\n" >> "$env_file" - printf "WGD_NET=10.0.0.1/24\n" >> "$env_file" else echo "Error: Invalid environment type. Use 'docker' or 'regular'." return 1