thor/wg-ui
1
0
Fork 0
mirror of https://github.com/Threnklyn/wg-ui.git synced 2026-05-18 21:03:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

An image integrated user space Wireguard (#86)

Browse Source 
This commit adds a solution for those who cant/dont have WireGuard kernel module loaded on their host but still wants/have to run it in docker. 

It uses wireguard-go which in this case runs in userspace.
This commit is contained in:
Moss
2020-07-23 16:07:53 +08:00
committed by GitHub
parent 8839df65cb
commit d995af98d2
2 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
UserSpace.Dockerfile
+33
View File
@@ -0,0 +1,33 @@
FROM docker.io/node:12 AS ui
WORKDIR /ui
COPY ui/package.json ui/package-lock.json /ui/
RUN npm install
COPY ui .
RUN npm run build
FROM docker.io/golang:1.14 AS build
WORKDIR /wg
RUN go get github.com/go-bindata/go-bindata/...
RUN go get github.com/elazarl/go-bindata-assetfs/...
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY . .
COPY --from=ui /ui/dist ui/dist
RUN go-bindata-assetfs -prefix ui/dist ui/dist
RUN go install .
FROM docker.io/golang:1.14 AS wg_go_build
WORKDIR /wg-go
RUN git init && \
git remote add origin https://git.zx2c4.com/wireguard-go && \
git fetch && \
git checkout tags/v0.0.20200320 -b build && \
make
FROM alpine:3.12
RUN apk add libc6-compat --no-cache
COPY ./wg-go-ui.sh /
COPY --from=build /go/bin/wireguard-ui /
COPY --from=wg_go_build /wg-go/wireguard-go /
ENTRYPOINT [ "/wg-go-ui.sh" ]
wg-go-ui.sh
Executable
+43
View File
@@ -0,0 +1,43 @@
#!/bin/sh
set -eux
# need `SYS_ADMIN` and `NET_ADMIN` capabilities.
mkdir -p /dev/net
TUNFILE=/dev/net/tun
[ ! -c $TUNFILE ] && mknod $TUNFILE c 10 200
# Start the first process
./wireguard-go wg0
status=$?
if [ $status -ne 0 ]; then
echo "Failed to start wireguard-go: $status"
exit $status
fi
# Start the second process
./wireguard-ui $@
status=$?
if [ $status -ne 0 ]; then
echo "Failed to start wireguard-ui: $status"
exit $status
fi
# Naive check runs checks once a minute to see if either of the processes exited.
# This illustrates part of the heavy lifting you need to do if you want to run
# more than one service in a container. The container exits with an error
# if it detects that either of the processes has exited.
# Otherwise it loops forever, waking up every 60 seconds
while sleep 60; do
ps aux |grep wireguard-go |grep -q -v grep
PROCESS_1_STATUS=$?
ps aux |grep wireguard-ui |grep -q -v grep
PROCESS_2_STATUS=$?
# If the greps above find anything, they exit with 0 status
# If they are not both 0, then something is wrong
if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
echo "One of the processes has already exited."
exit 1
fi
done