diff --git a/assets/legacy/Dockerfile-alpine-old b/assets/legacy/Dockerfile-alpine-old new file mode 100644 index 00000000..555e0c3a --- /dev/null +++ b/assets/legacy/Dockerfile-alpine-old @@ -0,0 +1,76 @@ +FROM golang:1.24 AS awg-go + +RUN git clone https://github.com/WGDashboard/amneziawg-go /awg +WORKDIR /awg +RUN go mod download && \ + go mod verify && \ + go build -ldflags '-linkmode external -extldflags "-fno-PIC -static"' -v -o /usr/bin + +FROM alpine:latest AS awg-tools + +RUN apk update && apk add --no-cache \ + make git build-base linux-headers \ + && git clone https://github.com/WGDashboard/amneziawg-tools \ + && cd amneziawg-tools/src \ + && make \ + && chmod +x wg* + +FROM alpine:latest +LABEL maintainer="dselen@nerthus.nl" + +RUN apk update && apk add --no-cache \ + iproute2 iptables bash curl wget unzip procps sudo \ + tzdata wireguard-tools python3 py3-psutil py3-bcrypt openresolv + +COPY --from=awg-go /usr/bin/amneziawg-go /usr/bin/amneziawg-go +COPY --from=awg-tools /amneziawg-tools/src/wg /usr/bin/awg +COPY --from=awg-tools /amneziawg-tools/src/wg-quick/linux.bash /usr/bin/awg-quick + +# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. +ARG wg_net="10.0.0.1" \ + wg_port="51820" + +# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. +ENV TZ="Europe/Amsterdam" \ + global_dns="9.9.9.9" \ + wgd_port="10086" \ + public_ip="" + +# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. +ENV WGDASH=/opt/wgdashboard + +# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. +RUN mkdir /data \ + && mkdir /configs \ + && mkdir -p ${WGDASH}/src \ + && mkdir -p /etc/amnezia/amneziawg +COPY ./src ${WGDASH}/src + +# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. +# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN out_adapt=$(ip -o -4 route show to default | awk '{print $NF}') \ + && echo -e "[Interface]\n\ +Address = ${wg_net}/24\n\ +PrivateKey =\n\ +PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP\n\ +PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ +ListenPort = ${wg_port}\n\ +SaveConfig = true\n\ +DNS = ${global_dns}" > /configs/wg0.conf.template \ + && chmod 600 /configs/wg0.conf.template + +# Defining a way for Docker to check the health of the container. In this case: checking the gunicorn process. +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 + +# Copy the basic entrypoint.sh script. +COPY ./docker/entrypoint.sh /entrypoint.sh + +# Exposing the default WireGuard Dashboard port for web access. +EXPOSE 10086 +WORKDIR $WGDASH + +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index 36aab916..f8afff8c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,27 +1,36 @@ # # AWG GOLANG BUILDING STAGE -# Base: Debian +# Base: Alpine # -FROM golang:1.25 AS awg-go +FROM golang:1.25-alpine AS awg-go + +RUN apk add --no-cache \ + git \ + gcc \ + musl-dev # Standard working directory for WGDashboard RUN mkdir -p /workspace && \ git clone https://github.com/WGDashboard/amneziawg-go /workspace/awg +ENV CGO_ENABLED=1 + WORKDIR /workspace/awg RUN go mod download && \ go mod verify && \ go build -ldflags '-linkmode external -extldflags "-fno-PIC -static"' -v -o /usr/bin - # # AWG TOOLS BUILDING STAGE # Base: Debian # -FROM debian:stable-slim AS awg-tools +FROM alpine:latest AS awg-tools -RUN apt-get update && apt-get install -y --no-install-recommends \ - make git build-essential linux-headers-generic ca-certificates && \ - rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache \ + make \ + git \ + build-base \ + linux-headers \ + ca-certificates RUN mkdir -p /workspace && \ git clone https://github.com/WGDashboard/amneziawg-tools /workspace/awg-tools @@ -35,13 +44,13 @@ RUN make && chmod +x wg* # FROM python:3.13-alpine AS pip-builder -RUN apk add --no-cache --virtual .build-deps \ - build-base \ - mariadb-dev \ - pkgconfig \ - python3-dev \ - libffi-dev \ - linux-headers \ +RUN apk add --no-cache \ + build-base \ + mariadb-dev \ + pkgconfig \ + python3-dev \ + libffi-dev \ + linux-headers \ && mkdir -p /opt/wgdashboard/src \ && python3 -m venv /opt/wgdashboard/src/venv @@ -50,48 +59,44 @@ RUN . /opt/wgdashboard/src/venv/bin/activate && \ pip3 install --upgrade pip && \ pip3 install -r /opt/wgdashboard/src/requirements.txt -RUN apk del .build-deps - # # WGDashboard RUNNING STAGE # Base: Alpine # -FROM python:3.13-alpine +FROM python:3.13-alpine AS final LABEL maintainer="dselen@nerthus.nl" -RUN apk update && apk add --no-cache \ - iproute2 iptables bash curl wget unzip procps \ - sudo tzdata wireguard-tools openresolv +# Install only the runtime dependencies +RUN apk add --no-cache \ + iproute2 iptables \ + bash curl \ + wget unzip \ + procps sudo \ + tzdata wireguard-tools \ + openresolv openrc +# Copy only the final binaries from the builders COPY --from=awg-go /usr/bin/amneziawg-go /usr/bin/amneziawg-go COPY --from=awg-tools /workspace/awg-tools/src/wg /usr/bin/awg COPY --from=awg-tools /workspace/awg-tools/src/wg-quick/linux.bash /usr/bin/awg-quick -# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ARG wg_net="10.0.0.1" \ - wg_port="51820" - -# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. +# Environment variables +ARG wg_net="10.0.0.1" +ARG wg_port="51820" ENV TZ="Europe/Amsterdam" \ global_dns="9.9.9.9" \ wgd_port="10086" \ - public_ip="" + public_ip="" \ + WGDASH=/opt/wgdashboard -# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. -ENV WGDASH=/opt/wgdashboard - -# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN mkdir /data \ - && mkdir /configs \ - && mkdir -p ${WGDASH}/src \ - && mkdir -p /etc/amnezia/amneziawg +# Create directories +RUN mkdir /data /configs -p ${WGDASH}/src /etc/amnezia/amneziawg +# Copy app source and prebuilt venv only (no pip cache) COPY ./src ${WGDASH}/src COPY --from=pip-builder /opt/wgdashboard/src/venv /opt/wgdashboard/src/venv -RUN python3 -m venv /opt/wgdashboard/src/venv -# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. -# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. +# WireGuard interface template SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN out_adapt=$(ip -o -4 route show to default | awk '{print $NF}') \ && echo -e "[Interface]\n\ @@ -106,14 +111,11 @@ SaveConfig = true\n\ DNS = ${global_dns}" > /configs/wg0.conf.template \ && chmod 600 /configs/wg0.conf.template -# Defining a way for Docker to check the health of the container. In this case: checking the gunicorn process. HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 -# Copy the basic entrypoint.sh script. COPY ./docker/entrypoint.sh /entrypoint.sh -# Exposing the default WireGuard Dashboard port for web access. EXPOSE 10086 WORKDIR $WGDASH/src diff --git a/docker/Dockerfile-AWG-kernel b/docker/Dockerfile-AWG-kernel new file mode 100644 index 00000000..032874ed --- /dev/null +++ b/docker/Dockerfile-AWG-kernel @@ -0,0 +1,185 @@ +# +# AWG GOLANG BUILDING STAGE +# Base: Debian +# +FROM golang:1.25 AS awg-go + +# Standard working directory for WGDashboard +RUN mkdir -p /workspace && \ + git clone https://github.com/WGDashboard/amneziawg-go /workspace/awg + +WORKDIR /workspace/awg +RUN go mod download && \ + go mod verify && \ + go build -ldflags '-linkmode external -extldflags "-fno-PIC -static"' -v -o /usr/bin +# +# AWG TOOLS BUILDING STAGE +# Base: Debian +# +FROM debian:stable-slim AS awg-tools + +RUN apt-get update && apt-get install -y --no-install-recommends \ + make git build-essential linux-headers-generic ca-certificates && \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir -p /workspace && \ + git clone https://github.com/WGDashboard/amneziawg-tools /workspace/awg-tools + +WORKDIR /workspace/awg-tools/src +RUN make && chmod +x wg* + +# +# PIP DEPENDENCY BUILDING +# Base: Alpine +# +FROM python:3.13-alpine AS pip-builder + +RUN apk add --no-cache \ + build-base \ + mariadb-dev \ + pkgconfig \ + python3-dev \ + libffi-dev \ + linux-headers \ + && mkdir -p /opt/wgdashboard/src \ + && python3 -m venv /opt/wgdashboard/src/venv + +COPY ./src/requirements.txt /opt/wgdashboard/src +RUN . /opt/wgdashboard/src/venv/bin/activate && \ + pip3 install --upgrade pip && \ + pip3 install -r /opt/wgdashboard/src/requirements.txt + +# +# WGDashboard RUNNING STAGE +# Base: Debian +# +FROM python:3.13-alpine AS final +LABEL maintainer="dselen@nerthus.nl" + +# Install only the runtime dependencies +RUN apk add --no-cache \ + iproute2 \ + iptables \ + bash \ + curl \ + wget \ + unzip \ + procps \ + sudo \ + tzdata \ + wireguard-tools \ + openresolv + +# Copy only the final binaries from the builders +COPY --from=awg-go /usr/bin/amneziawg-go /usr/bin/amneziawg-go +COPY --from=awg-tools /workspace/awg-tools/src/wg /usr/bin/awg +COPY --from=awg-tools /workspace/awg-tools/src/wg-quick/linux.bash /usr/bin/awg-quick + +# Environment variables +ARG wg_net="10.0.0.1" +ARG wg_port="51820" +ENV TZ="Europe/Amsterdam" \ + global_dns="9.9.9.9" \ + wgd_port="10086" \ + public_ip="" \ + WGDASH=/opt/wgdashboard + +# Create directories +RUN mkdir /data /configs -p ${WGDASH}/src /etc/amnezia/amneziawg + +# Copy app source and prebuilt venv only (no pip cache) +COPY ./src ${WGDASH}/src +COPY --from=pip-builder /opt/wgdashboard/src/venv /opt/wgdashboard/src/venv + +# WireGuard interface template +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN out_adapt=$(ip -o -4 route show to default | awk '{print $NF}') \ + && echo -e "[Interface]\n\ +Address = ${wg_net}/24\n\ +PrivateKey =\n\ +PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP\n\ +PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ +ListenPort = ${wg_port}\n\ +SaveConfig = true\n\ +DNS = ${global_dns}" > /configs/wg0.conf.template \ + && chmod 600 /configs/wg0.conf.template + +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 + +COPY ./docker/entrypoint.sh /entrypoint.sh + +EXPOSE 10086 +WORKDIR $WGDASH/src + +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] + +## +## WGDashboard RUNNING STAGE +## Base: Debian +## +#FROM python:3.13-slim-trixie +#LABEL maintainer="dselen@nerthus.nl" +# +#RUN apt-get update \ +# && apt-get install -y \ +# iproute2 iptables bash curl wget unzip procps \ +# sudo tzdata wireguard-tools openresolv +# +#COPY --from=awg-go /usr/bin/amneziawg-go /usr/bin/amneziawg-go +#COPY --from=awg-tools /workspace/awg-tools/src/wg /usr/bin/awg +#COPY --from=awg-tools /workspace/awg-tools/src/wg-quick/linux.bash /usr/bin/awg-quick +# +## Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. +#ARG wg_net="10.0.0.1" \ +# wg_port="51820" +# +## Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. +#ENV TZ="Europe/Amsterdam" \ +# global_dns="9.9.9.9" \ +# wgd_port="10086" \ +# public_ip="" +# +## Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. +#ENV WGDASH=/opt/wgdashboard +# +## Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. +#RUN mkdir /data \ +# && mkdir /configs \ +# && mkdir -p ${WGDASH}/src \ +# && mkdir -p /etc/amnezia/amneziawg +# +#COPY ./src ${WGDASH}/src +#COPY --from=pip-builder /opt/wgdashboard/src/venv /opt/wgdashboard/src/venv +#RUN python3 -m venv /opt/wgdashboard/src/venv +# +## Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. +## Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. +#SHELL ["/bin/bash", "-o", "pipefail", "-c"] +#RUN out_adapt=$(ip -o -4 route show to default | awk '{print $NF}') \ +# && echo -e "[Interface]\n\ +#Address = ${wg_net}/24\n\ +#PrivateKey =\n\ +#PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +#PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP\n\ +#PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\ +#PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\ +#ListenPort = ${wg_port}\n\ +#SaveConfig = true\n\ +#DNS = ${global_dns}" > /configs/wg0.conf.template \ +# && chmod 600 /configs/wg0.conf.template +# +## Defining a way for Docker to check the health of the container. In this case: checking the gunicorn process. +#HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ +# CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1 +# +## Copy the basic entrypoint.sh script. +#COPY ./docker/entrypoint.sh /entrypoint.sh +# +## Exposing the default WireGuard Dashboard port for web access. +#EXPOSE 10086 +#WORKDIR $WGDASH/src +# +#ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file