This repository has been archived by the owner on Apr 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 129
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
An image integrated user space Wireguard (#86)
This commit adds a solution for those who cant/dont have WireGuard kernel module loaded on their host but still wants/have to run it in docker. It uses wireguard-go which in this case runs in userspace.
- Loading branch information
Moss
authored
Jul 23, 2020
1 parent
8839df6
commit d995af9
Showing
2 changed files
with
76 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| FROM docker.io/node:12 AS ui | ||
| WORKDIR /ui | ||
| COPY ui/package.json ui/package-lock.json /ui/ | ||
| RUN npm install | ||
| COPY ui . | ||
| RUN npm run build | ||
|
|
||
| FROM docker.io/golang:1.14 AS build | ||
| WORKDIR /wg | ||
| RUN go get github.com/go-bindata/go-bindata/... | ||
| RUN go get github.com/elazarl/go-bindata-assetfs/... | ||
| COPY go.mod . | ||
| COPY go.sum . | ||
| RUN go mod download | ||
| COPY . . | ||
| COPY --from=ui /ui/dist ui/dist | ||
| RUN go-bindata-assetfs -prefix ui/dist ui/dist | ||
| RUN go install . | ||
|
|
||
| FROM docker.io/golang:1.14 AS wg_go_build | ||
| WORKDIR /wg-go | ||
| RUN git init && \ | ||
| git remote add origin https://git.zx2c4.com/wireguard-go && \ | ||
| git fetch && \ | ||
| git checkout tags/v0.0.20200320 -b build && \ | ||
| make | ||
|
|
||
| FROM alpine:3.12 | ||
| RUN apk add libc6-compat --no-cache | ||
| COPY ./wg-go-ui.sh / | ||
| COPY --from=build /go/bin/wireguard-ui / | ||
| COPY --from=wg_go_build /wg-go/wireguard-go / | ||
| ENTRYPOINT [ "/wg-go-ui.sh" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| #!/bin/sh | ||
|
|
||
| set -eux | ||
|
|
||
| # need `SYS_ADMIN` and `NET_ADMIN` capabilities. | ||
| mkdir -p /dev/net | ||
| TUNFILE=/dev/net/tun | ||
| [ ! -c $TUNFILE ] && mknod $TUNFILE c 10 200 | ||
|
|
||
| # Start the first process | ||
| ./wireguard-go wg0 | ||
| status=$? | ||
| if [ $status -ne 0 ]; then | ||
| echo "Failed to start wireguard-go: $status" | ||
| exit $status | ||
| fi | ||
|
|
||
| # Start the second process | ||
| ./wireguard-ui $@ | ||
| status=$? | ||
| if [ $status -ne 0 ]; then | ||
| echo "Failed to start wireguard-ui: $status" | ||
| exit $status | ||
| fi | ||
|
|
||
| # Naive check runs checks once a minute to see if either of the processes exited. | ||
| # This illustrates part of the heavy lifting you need to do if you want to run | ||
| # more than one service in a container. The container exits with an error | ||
| # if it detects that either of the processes has exited. | ||
| # Otherwise it loops forever, waking up every 60 seconds | ||
|
|
||
| while sleep 60; do | ||
| ps aux |grep wireguard-go |grep -q -v grep | ||
| PROCESS_1_STATUS=$? | ||
| ps aux |grep wireguard-ui |grep -q -v grep | ||
| PROCESS_2_STATUS=$? | ||
| # If the greps above find anything, they exit with 0 status | ||
| # If they are not both 0, then something is wrong | ||
| if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then | ||
| echo "One of the processes has already exited." | ||
| exit 1 | ||
| fi | ||
| done |