From 6a2648ddf72d8eacc59a7ffa5625927d7335c940 Mon Sep 17 00:00:00 2001 From: Eduardo Silva Date: Fri, 16 Feb 2024 11:59:03 -0300 Subject: [PATCH] Improved docker-compose to handle server_address. Also added an option to run without nginx. --- Dockerfile | 13 ++++++------ README.md | 36 ++++++++++++++++++--------------- docker-compose-no-nginx-dev.yml | 32 +++++++++++++++++++++++++++++ docker-compose-no-nginx.yml | 31 ++++++++++++++++++++++++++++ docker-compose.yml | 8 ++++++-- entrypoint.sh | 22 ++++++++++++++++++++ templates/base_login.html | 2 +- 7 files changed, 118 insertions(+), 26 deletions(-) create mode 100644 docker-compose-no-nginx-dev.yml create mode 100644 docker-compose-no-nginx.yml create mode 100755 entrypoint.sh diff --git a/Dockerfile b/Dockerfile index f999eb8..db19248 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ # Usar uma imagem base do Python FROM python:3.10 -# Definir o diretório de trabalho no container WORKDIR /app RUN apt-get update && apt-get install -y \ @@ -13,25 +12,25 @@ RUN apt-get update && apt-get install -y \ inetutils-traceroute \ nano \ vim-nox \ + openssl \ && rm -rf /var/lib/apt/lists/* # those are the really necessary packages #RUN apt-get update && apt-get install -y \ # wireguard \ # iptables \ +# openssl \ # && rm -rf /var/lib/apt/lists/* -# Copiar o arquivo requirements.txt para o container COPY requirements.txt /app/ - -# Instalar as dependências do Python RUN pip install --no-cache-dir -r requirements.txt -# Copiar o restante do código-fonte do projeto para o container COPY . /app/ -# Dar permissão de execução para o script init.sh RUN chmod +x /app/init.sh +RUN chmod +x /app/entrypoint.sh +ARG SERVER_ADDRESS +ARG DEBUG_MODE +ENTRYPOINT ["/app/entrypoint.sh"] -# Comando para executar o script init.sh CMD ["/app/init.sh"] diff --git a/README.md b/README.md index 909a90b..92a7621 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ - # wireguard_webadmin wireguard_webadmin is a full-featured yet easy-to-configure web interface for managing WireGuard VPN instances. Designed to simplify the administration of WireGuard networks, it provides a user-friendly interface that supports multiple users with varying access levels, multiple WireGuard instances with individual peer management, and support for crypto key routing for site-to-site interconnections. @@ -19,31 +18,36 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file Follow these steps to deploy wireguard_webadmin: -1. Clone the repository: +1. **Clone the repository:** ``` git clone https://github.com/eduardogsilva/wireguard_webadmin ``` -2. Create the `wireguard_webadmin/production_settings.py` file and configure the minimum required variables: - ```python - DEBUG = False - ALLOWED_HOSTS = ['your_domain'] - CSRF_TRUSTED_ORIGINS = ['https://your_domain'] - SECRET_KEY = 'your_secret_key' - ``` +2. **Place your SSL certificates for nginx in the `certificates` volume.** + The files should be named `nginx.pem` and `nginx.key`. You can use self-signed certificates and accept the certificate exception in your browser. -3. Place your SSL certificates for nginx in the `certificates` volume. +3. **Run Docker Compose (choose one):** -4. Run Docker Compose: - ``` - docker-compose up - ``` + ### With NGINX (Recommended) + This mode is recommended for running the webadmin. Set up your certificates for nginx; you can use a self-signed certificate. If you don't have a DNS name pointing to your server, use `SERVER_ADDRESS=ip_address`. -After completing these steps, your wireguard_webadmin should be up and running. Access your server using `http://your_domain` and start configuring it. + ``` + SERVER_ADDRESS=yourserver.example.com docker-compose up --build -d + ``` + Access the web interface using `https://yourserver.example.com`. + + ### Without NGINX (Debug mode and testing only) + This mode does not require SSL certificates and runs Django with `DEBUG=True`. Not recommended for production use without HTTPS. + ``` + docker-compose -f docker-compose-no-nginx.yml up --build -d + ``` + Access the web interface using `http://127.0.0.1:8000`. + +After completing these steps, your wireguard_webadmin should be up and running. Begin configuration by accessing your server. ## Contributing -Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**. +Contributions make the open-source community an amazing place to learn, inspire, and create. Your contributions are **greatly appreciated**. ## Support diff --git a/docker-compose-no-nginx-dev.yml b/docker-compose-no-nginx-dev.yml new file mode 100644 index 0000000..922b459 --- /dev/null +++ b/docker-compose-no-nginx-dev.yml @@ -0,0 +1,32 @@ +version: '3' +services: + wireguard-webadmin: + container_name: wireguard-webadmin + restart: unless-stopped + build: + context: . + environment: + - SERVER_ADDRESS=127.0.0.1 + - DEBUG_MODE=True + volumes: + - wireguard:/etc/wireguard + - static_volume:/app_static_files/ + - .:/app + ports: + # Do not directly expose the Django port to the internet, use the reverse proxy below instead + - "127.0.0.1:8000:8000" + # dont go crazy increasing the udp port range. Docker will have a hard time handling with a large range of ports + # Actually, you probably will use only one port, but you can add more server instances if you want + - "51820-51839:51820-51839/udp" + + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv4.ip_forward=1 + command: /bin/bash /app/init.sh + +volumes: + static_volume: + wireguard: diff --git a/docker-compose-no-nginx.yml b/docker-compose-no-nginx.yml new file mode 100644 index 0000000..830932b --- /dev/null +++ b/docker-compose-no-nginx.yml @@ -0,0 +1,31 @@ +version: '3' +services: + wireguard-webadmin: + container_name: wireguard-webadmin + restart: unless-stopped + build: + context: . + environment: + - SERVER_ADDRESS=127.0.0.1 + - DEBUG_MODE=True + volumes: + - wireguard:/etc/wireguard + - static_volume:/app_static_files/ + ports: + # Do not directly expose the Django port to the internet, use the reverse proxy below instead + - "127.0.0.1:8000:8000" + # dont go crazy increasing the udp port range. Docker will have a hard time handling with a large range of ports + # Actually, you probably will use only one port, but you can add more server instances if you want + - "51820-51839:51820-51839/udp" + + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv4.ip_forward=1 + command: /bin/bash /app/init.sh + +volumes: + static_volume: + wireguard: diff --git a/docker-compose.yml b/docker-compose.yml index 896f9bc..337c683 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,15 +2,18 @@ version: '3' services: wireguard-webadmin: container_name: wireguard-webadmin + restart: unless-stopped build: context: . + environment: + - SERVER_ADDRESS=${SERVER_ADDRESS} + - DEBUG_MODE=${DEBUG_MODE} volumes: - wireguard:/etc/wireguard - static_volume:/app_static_files/ - - .:/app ports: # Do not directly expose the Django port to the internet, use the reverse proxy below instead - - "127.0.0.1:8000:8000" + #- "127.0.0.1:8000:8000" # dont go crazy increasing the udp port range. Docker will have a hard time handling with a large range of ports # Actually, you probably will use only one port, but you can add more server instances if you want - "51820-51839:51820-51839/udp" @@ -25,6 +28,7 @@ services: nginx: container_name: wireguard-webadmin-nginx + restart: unless-stopped image: nginx:alpine volumes: - ./virtualhost.conf:/etc/nginx/conf.d/wireguard-webadmin.conf diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..7d5a3bb --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e + +if [ -z "$SERVER_ADDRESS" ]; then + echo "SERVER_ADDRESS environment variable is not set. Exiting." + exit 1 +fi + +DEBUG_VALUE="False" +if [[ "${DEBUG_MODE,,}" == "true" ]]; then + DEBUG_VALUE="True" +fi + +cat > /app/wireguard_webadmin/production_settings.py < - AdminLTE 3 | Registration Page + wireguard_webadmin