Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2026-03-15 13:36:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add script to generate wireguard_webadmin.json

Browse Source
This commit is contained in:
Eduardo Silva
2026-03-14 10:41:39 -03:00
parent 1097ae90cf
commit 2030ec5904
4 changed files with 144 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

220
containers/caddy/entrypoint.sh
View File

@@ -2,223 +2,9 @@
set -eu
MANUAL_CERT_DIR="${MANUAL_CERT_DIR:-/certificates}"
CADDYFILE_PATH="${CADDYFILE_PATH:-/etc/caddy/Caddyfile}"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PYTHON="${SCRIPT_DIR}/.venv/bin/python3"
trim_value() {
printf '%s' "$1" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//'
}
is_valid_hostname() {
host_value="$1"
if [ -z "$host_value" ]; then
return 1
fi
if is_ip_host "$host_value"; then
return 1
fi
if printf '%s' "$host_value" | grep -Eq '^[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])?(\.[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])?)*$'; then
return 0
fi
return 1
}
is_ip_host() {
host_value="$1"
case "$host_value" in
\[*\]|*:*:*)
return 0
;;
*)
;;
esac
if printf '%s' "$host_value" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
return 0
fi
return 1
}
is_internal_tls_host() {
host_value="$1"
case "$host_value" in
localhost|*.localhost)
return 0
;;
esac
if is_ip_host "$host_value"; then
return 0
fi
return 1
}
normalize_host() {
raw_value="$(trim_value "$1")"
raw_value="${raw_value#http://}"
raw_value="${raw_value#https://}"
raw_value="${raw_value%%/*}"
case "$raw_value" in
\[*\]:*)
printf '%s' "${raw_value%:*}"
;;
*:*)
case "$raw_value" in
*:*:*)
printf '%s' "$raw_value"
;;
*)
printf '%s' "${raw_value%%:*}"
;;
esac
;;
*)
printf '%s' "$raw_value"
;;
esac
}
append_host() {
candidate_host="$(normalize_host "$1")"
if [ -z "$candidate_host" ]; then
return
fi
case "
$HOSTS
" in
*"
$candidate_host
"*)
return
;;
esac
if [ -z "$HOSTS" ]; then
HOSTS="$candidate_host"
return
fi
HOSTS="$HOSTS
$candidate_host"
}
append_dns_host() {
candidate_host="$(normalize_host "$1")"
if [ -z "$candidate_host" ]; then
return
fi
if is_internal_tls_host "$candidate_host"; then
return
fi
append_host "$candidate_host"
}
build_common_block() {
cat <<'EOF'
import wireguard_common
EOF
}
build_tls_block() {
domain_name="$1"
cert_file="${MANUAL_CERT_DIR}/${domain_name}/fullchain.pem"
key_file="${MANUAL_CERT_DIR}/${domain_name}/key.pem"
if [ -f "$cert_file" ] && [ -f "$key_file" ]; then
cat <<EOF
tls ${cert_file} ${key_file}
EOF
return
fi
if is_internal_tls_host "$domain_name"; then
cat <<'EOF'
tls internal
EOF
return
fi
cat <<'EOF'
tls {
issuer acme
issuer internal
}
EOF
}
HOSTS=""
PRIMARY_HOST="$(normalize_host "${SERVER_ADDRESS:-}")"
if ! is_valid_hostname "$PRIMARY_HOST"; then
echo "SERVER_ADDRESS must be a hostname, not an IP address. Received: ${SERVER_ADDRESS:-}"
exit 1
fi
append_host "$PRIMARY_HOST"
ORIGINAL_IFS="$IFS"
IFS=','
for configured_host in ${EXTRA_ALLOWED_HOSTS:-}; do
append_dns_host "$configured_host"
done
IFS="$ORIGINAL_IFS"
if [ -z "$HOSTS" ]; then
echo "No valid hostnames were provided for Caddy."
exit 1
fi
mkdir -p "$(dirname "$CADDYFILE_PATH")"
cat > "$CADDYFILE_PATH" <<'EOF'
(wireguard_common) {
encode gzip
@static path /static/*
handle @static {
root * /static
uri strip_prefix /static
file_server
header Cache-Control "public, max-age=3600"
}
handle {
reverse_proxy wireguard-webadmin:8000 {
header_up Host {host}
}
}
}
EOF
printf '%s\n' "$HOSTS" | while IFS= read -r current_host; do
if [ -z "$current_host" ]; then
continue
fi
{
printf '\n%s {\n' "$current_host"
build_common_block
build_tls_block "$current_host"
printf '}\n'
} >> "$CADDYFILE_PATH"
done
if command -v caddy >/dev/null 2>&1; then
caddy fmt --overwrite "$CADDYFILE_PATH" >/dev/null 2>&1
fi
"$PYTHON" "${SCRIPT_DIR}/export_wireguard_webadmin_config.py"
exec "$@"