vkrasnov
commented
5 years ago It should be easy to do once we publish it on crates.io
Open PhilsLab opened 5 years ago
vkrasnov
commented
5 years ago It should be easy to do once we publish it on crates.io
PhilsLab
commented
5 years ago I successfully tested this Dockerfile, which does not need the crate @ crates.io. With proper CI rules @ Docker Hub, it could be built every time a new release tag is created in git.
It builds boringtun via the docker builder pattern, and the copies the binary to a new debian container.
FROM rust:slim AS builder
WORKDIR /src
COPY . .
RUN cargo build --release \
&& strip ./target/release/boringtun
FROM debian:stable-slim
WORKDIR /app
COPY --from=builder /src/target/release/boringtun /app
ENV WG_LOG_LEVEL=info \
WG_THREADS=4 \
INTERFACE_NAME=wg0
ENTRYPOINT /app/boringtun --foreground $INTERFACE_NAMETo configure boringtun via the wg-tools on the host, i ran the following command:
docker build . -t boringtun
docker run -it --rm \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
-v /var/run/wireguard:/var/run/wireguard \ # for accessing the wg socket from the host
-p 36190:36190
-e WG_LOG_LEVEL=debug
boringtun
davidsarkany
commented
5 years ago I got this error
docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -v /var/run/wireguard:/var/run/wireguard -p 36190:36190 -e WG_LOG_LEVEL=debug boringtun
Failed to drop privileges: DropPrivileges("NULL from getlogin") failed to resize tty, using default size
vkrasnov
commented
5 years ago @davidsarkany are you running as root inside the container? Try --disable-drop-privileges
I'd love to run this application inside a docker container. I ran wireguard-go inside a docker container in the past, i believe this is possible with this project as well. In an example use case, the only additional requirements are adding the required capabilites via
docker run --cap-add=NET_ADMIN --device=/dev/net/tun [...]for wireguard to create the tunnel interface.Dockerfile from my wireguard-go docker image: