Improved docker-compose to handle server_address. Also added an option to run without nginx.

Dockerfile

@@ -1,7 +1,6 @@
 # Usar uma imagem base do Python
 FROM python:3.10
 
-# Definir o diretório de trabalho no container
 WORKDIR /app
 
 RUN apt-get update && apt-get install -y \
@@ -13,25 +12,25 @@ RUN apt-get update && apt-get install -y \
     inetutils-traceroute \
     nano \
     vim-nox \
+    openssl \
     && rm -rf /var/lib/apt/lists/*
 
 # those are the really necessary packages
 #RUN apt-get update && apt-get install -y \
 #    wireguard \
 #    iptables \
+#    openssl \
 #    && rm -rf /var/lib/apt/lists/*
 
-# Copiar o arquivo requirements.txt para o container
 COPY requirements.txt /app/
-
-# Instalar as dependências do Python
 RUN pip install --no-cache-dir -r requirements.txt
 
-# Copiar o restante do código-fonte do projeto para o container
 COPY . /app/
 
-# Dar permissão de execução para o script init.sh
 RUN chmod +x /app/init.sh
+RUN chmod +x /app/entrypoint.sh
+ARG SERVER_ADDRESS
+ARG DEBUG_MODE
+ENTRYPOINT ["/app/entrypoint.sh"]
 
-# Comando para executar o script init.sh
 CMD ["/app/init.sh"]

README.md

@@ -1,4 +1,3 @@
-
 # wireguard_webadmin
 
 wireguard_webadmin is a full-featured yet easy-to-configure web interface for managing WireGuard VPN instances. Designed to simplify the administration of WireGuard networks, it provides a user-friendly interface that supports multiple users with varying access levels, multiple WireGuard instances with individual peer management, and support for crypto key routing for site-to-site interconnections.
@@ -19,31 +18,36 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 
 Follow these steps to deploy wireguard_webadmin:
 
-1. Clone the repository:
+1. **Clone the repository:**
    ```
    git clone https://github.com/eduardogsilva/wireguard_webadmin
    ```
 
-2. Create the `wireguard_webadmin/production_settings.py` file and configure the minimum required variables:
+2. **Place your SSL certificates for nginx in the `certificates` volume.**
-   ```python
+   The files should be named `nginx.pem` and `nginx.key`. You can use self-signed certificates and accept the certificate exception in your browser.
-   DEBUG = False
-   ALLOWED_HOSTS = ['your_domain']
-   CSRF_TRUSTED_ORIGINS = ['https://your_domain']
-   SECRET_KEY = 'your_secret_key'
-   ```
 
-3. Place your SSL certificates for nginx in the `certificates` volume.
+3. **Run Docker Compose (choose one):**
 
-4. Run Docker Compose:
+   ### With NGINX (Recommended)
-   ```
+   This mode is recommended for running the webadmin. Set up your certificates for nginx; you can use a self-signed certificate. If you don't have a DNS name pointing to your server, use `SERVER_ADDRESS=ip_address`.
-   docker-compose up
-   ```
 
-After completing these steps, your wireguard_webadmin should be up and running. Access your server using `http://your_domain` and start configuring it.
+   ```
+   SERVER_ADDRESS=yourserver.example.com docker-compose up --build -d
+   ```
+   Access the web interface using `https://yourserver.example.com`.
+
+   ### Without NGINX (Debug mode and testing only)
+   This mode does not require SSL certificates and runs Django with `DEBUG=True`. Not recommended for production use without HTTPS.
+   ```
+   docker-compose -f docker-compose-no-nginx.yml up --build -d
+   ```
+   Access the web interface using `http://127.0.0.1:8000`.
+
+After completing these steps, your wireguard_webadmin should be up and running. Begin configuration by accessing your server.
 
 ## Contributing
 
-Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+Contributions make the open-source community an amazing place to learn, inspire, and create. Your contributions are **greatly appreciated**.
 
 ## Support
 

docker-compose-no-nginx-dev.yml

@@ -0,0 +1,32 @@
+version: '3'
+services:
+  wireguard-webadmin:
+    container_name: wireguard-webadmin
+    restart: unless-stopped
+    build:
+      context: .
+    environment:
+      - SERVER_ADDRESS=127.0.0.1
+      - DEBUG_MODE=True
+    volumes:
+      - wireguard:/etc/wireguard
+      - static_volume:/app_static_files/
+      - .:/app
+    ports:
+      # Do not directly expose the Django port to the internet, use the reverse proxy below instead
+      - "127.0.0.1:8000:8000"
+      # dont go crazy increasing the udp port range. Docker will have a hard time handling with a large range of ports
+      # Actually, you probably will use only one port, but you can add more server instances if you want
+      - "51820-51839:51820-51839/udp"
+      
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv4.ip_forward=1
+    command: /bin/bash /app/init.sh
+
+volumes:
+  static_volume: 
+  wireguard:

docker-compose-no-nginx.yml

@@ -0,0 +1,31 @@
+version: '3'
+services:
+  wireguard-webadmin:
+    container_name: wireguard-webadmin
+    restart: unless-stopped
+    build:
+      context: .
+    environment:
+      - SERVER_ADDRESS=127.0.0.1
+      - DEBUG_MODE=True
+    volumes:
+      - wireguard:/etc/wireguard
+      - static_volume:/app_static_files/
+    ports:
+      # Do not directly expose the Django port to the internet, use the reverse proxy below instead
+      - "127.0.0.1:8000:8000"
+      # dont go crazy increasing the udp port range. Docker will have a hard time handling with a large range of ports
+      # Actually, you probably will use only one port, but you can add more server instances if you want
+      - "51820-51839:51820-51839/udp"
+      
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv4.ip_forward=1
+    command: /bin/bash /app/init.sh
+
+volumes:
+  static_volume: 
+  wireguard:

docker-compose.yml

@@ -2,15 +2,18 @@ version: '3'
 services:
   wireguard-webadmin:
     container_name: wireguard-webadmin
+    restart: unless-stopped
     build:
       context: .
+    environment:
+      - SERVER_ADDRESS=${SERVER_ADDRESS}
+      - DEBUG_MODE=${DEBUG_MODE}
     volumes:
       - wireguard:/etc/wireguard
       - static_volume:/app_static_files/
-      - .:/app
     ports:
       # Do not directly expose the Django port to the internet, use the reverse proxy below instead
-      - "127.0.0.1:8000:8000"
+      #- "127.0.0.1:8000:8000"
       # dont go crazy increasing the udp port range. Docker will have a hard time handling with a large range of ports
       # Actually, you probably will use only one port, but you can add more server instances if you want
       - "51820-51839:51820-51839/udp"
@@ -25,6 +28,7 @@ services:
 
   nginx:
     container_name: wireguard-webadmin-nginx
+    restart: unless-stopped
     image: nginx:alpine
     volumes:
       - ./virtualhost.conf:/etc/nginx/conf.d/wireguard-webadmin.conf

entrypoint.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$SERVER_ADDRESS" ]; then
+    echo "SERVER_ADDRESS environment variable is not set. Exiting."
+    exit 1
+fi
+
+DEBUG_VALUE="False"
+if [[ "${DEBUG_MODE,,}" == "true" ]]; then
+    DEBUG_VALUE="True"
+fi
+
+cat > /app/wireguard_webadmin/production_settings.py <<EOL
+DEBUG = $DEBUG_VALUE
+ALLOWED_HOSTS = ['$SERVER_ADDRESS']
+CSRF_TRUSTED_ORIGINS = ['https://$SERVER_ADDRESS']
+SECRET_KEY = '$(openssl rand -base64 32)'
+EOL
+
+exec "$@"

templates/base_login.html

@@ -3,7 +3,7 @@
 <head>
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>AdminLTE 3 | Registration Page</title>
+  <title>wireguard_webadmin</title>
 
   <!-- Google Font: Source Sans Pro -->
   <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback">