Docker served on an unreliable site

[hoggatt]

For @DaanSelen

The site hosting docker is down:

I get this error when pulling docker:

I'd strongly recommend hosting the docker repo on github since it is a more reliable service.

[hoggatt]

I found your commit proposing a new docker container. Here are the errors I get now:

Starting the WireGuard Dashboard Docker container.
---------------------    CLEAN UP    -----------------------
Looking for remains of previous instances...
No pid remains found, continuing.
No pycaches found, continuing.
Setting permissions to not be world-accesible.
chmod: cannot access '/etc/wireguard/*': No such file or directory
---------------------  STARTING CORE -----------------------
Standard WG0 Configuration file not found, grabbing template.
Activating Python venv and executing the WireGuard Dashboard service.
/entrypoint.sh: line 47: /opt/wireguarddashboard/src/venv/bin/activate: No such file or directory
/entrypoint.sh: line 48: cd: /opt/wireguarddashboard/src: No such file or directory
------------------------------------------------------------
Setting relevant variables for operation.
Changing timezone.
grep: /opt/wireguarddashboard/src/wg-dashboard.ini: No such file or directory
Changing default dns.
sed: can't read /opt/wireguarddashboard/src/wg-dashboard.ini: No such file or directory
Trying to fetch the Public-IP using ifconfig.me: [redacted]
sed: can't read /opt/wireguarddashboard/src/wg-dashboard.ini: No such file or directory
------------------------------------------------------------
Ensuring container continuation.
find: '/opt/wireguarddashboard/src/log': No such file or directory

Using this config:

services:
  wireguard-dashboard:
    image: dselen/wgdashboard:latest
    restart: unless-stopped
    container_name: WGDashboard
    environment:
      - tz=America/Chicago
      #- global_dns=
      - enable=wg0
      # - isolate=wg0
      #- public_ip=
    ports:
      - 10086:10086/tcp
      - 51830:51820/udp
    volumes:
      - /data/wgdashboard/conf:/etc/wireguard
      - /data/wgdashboard/app:/opt/wireguarddashboard
    cap_add:
      - NET_ADMIN

I'm a bit confused what we want for the port (it feels like we want to use the same one as is installed on the host).

[hoggatt]

Are you trying to wireguard from inside the container? I'd prefer to run it on my host for maximum stability and just run the web interface VIA docker. Is this possible?

[DaanSelen]

For @DaanSelen

The site hosting docker is down:

I get this error when pulling docker:

I'd strongly recommend hosting the docker repo on github since it is a more reliable service.

Hello @hoggatt, thanks for notificing I was just yesterday busy with moving my efforts to Docker Hub, instead of my homelab, which is repo.nerthus.nl. I will keep you updated.

For the errors, please provide some context.

[hoggatt]

Hopefully my other comments add some context. Biggest question I have: is the docker container meant to be just the wireguard dashboard, or is it meant to run wireguard itself + the dashboard? It's just not 100% clear which is the goal.

[DaanSelen]

Hopefully my other comments add some context. Biggest question I have: is the docker container meant to be just the wireguard dashboard, or is it meant to run wireguard itself + the dashboard? It's just not 100% clear which is the goal.

The container has the wireguard and wireguard-tools package installed, with WGDashboard on op. So yes, its a VPN + Dashboard.

You were right. My server hang itself and it now back but this ideally should not be the option, pulling its latest image from my server and pushing it to Docker Hub under a specific label, I keep you updated.

I've reread your question and if you already have wireguard installed on your system, you can pass the configurations from the host to the container. In the volumes, remove the conf entry and replace it with /etc/wireguard:/etc/wireguard this maps the host directory on the host to the container.

[DaanSelen]

@hoggatt please check the new image I am working on called dselen/wgdashboard:dev

I am using this compose to deploy it:

services:
  wireguard-dashboard:
    image: dselen/wgdashboard:dev
    restart: unless-stopped
    container_name: wire-dash
    environment:
      #- tz=                # <--- Set container timezone, default: Europe/Amsterdam.
      #- global_dns=        # <--- Set global DNS address, default: 1.1.1.1.
      - enable=wg0      # <--- Set the interfaces that will be enabled on startup, default: none. The option "off" is also allowed.
      - isolate=wg0     # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
      #- public_ip=         # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
    ports:
      - 10086:10086/tcp
      - 51820:51820/udp
    volumes:
      - conf:/etc/wireguard
      - app:/opt/wireguarddashboard
    cap_add:
      - NET_ADMIN

volumes:
  conf:
  app:

Adjust the volumes as needed, but to disable the usage of WireGuard itself, I need to look into that.

[hoggatt]

Thanks for the update. Here's my config:

services:
  wireguard-dashboard:
    image: dselen/wgdashboard:dev
    restart: unless-stopped
    container_name: WGDashboard
    environment:
      - tz=America/Chicago
      #- global_dns=
      - enable=wg0
      # - isolate=wg0
      #- public_ip=
    ports:
      - 10087:10086/tcp
      - 51821:51820/udp
    volumes:
      - /etc/wireguard:/etc/wireguard
      - /data/wgdashboard/app:/opt/wireguarddashboard
    cap_add:
      - NET_ADMIN

And here is the log. Seems to be having issues with /opt/wireguarddashboard:

WGDashboard  | Starting the WireGuard Dashboard Docker container.
WGDashboard  | ------------------------ CLEAN UP --------------------------
WGDashboard  | Looking for remains of previous instances...
WGDashboard  | No pid remains found, continuing.
WGDashboard  | No pycaches found, continuing.
WGDashboard  | Activating Python venv and executing the WireGuard Dashboard service.
WGDashboard  | ---------------------- STARTING CORE -----------------------
WGDashboard  | Standard WG0 Configuration file found, using that.
WGDashboard  | Activating Python venv and executing the WireGuard Dashboard service.
WGDashboard  | ------------- SETTING ENVIRONMENT VARIABLES ----------------
WGDashboard  | /entrypoint.sh: line 36: /opt/wireguarddashboard/src/venv/bin/activate: No such file or directory
WGDashboard  | /entrypoint.sh: line 37: cd: /opt/wireguarddashboard/src: No such file or directory
WGDashboard  | /entrypoint.sh: line 57: /opt/wireguarddashboard/src/venv/bin/activate: No such file or directory
WGDashboard  | /entrypoint.sh: line 58: cd: /opt/wireguarddashboard/src: No such file or directory
WGDashboard  | Changing timezone.
WGDashboard  | grep: /opt/wireguarddashboard/src/wg-dashboard.ini: No such file or directory
WGDashboard  | Changing default dns.
WGDashboard  | sed: can't read /opt/wireguarddashboard/src/wg-dashboard.ini: No such file or directory
WGDashboard  | Trying to fetch the Public-IP using ifconfig.me: [redacted]
WGDashboard  | sed: can't read /opt/wireguarddashboard/src/wg-dashboard.ini: No such file or directory
WGDashboard  | -------------- ENSURING CONTAINER CONTINUATION -------------
WGDashboard  | Ensuring container continuation.
WGDashboard  | find: '/opt/wireguarddashboard/src/log': No such file or directory

The shared folder I'm using on my system does exist, but is empty.

[hoggatt]

Hopefully my other comments add some context. Biggest question I have: is the docker container meant to be just the wireguard dashboard, or is it meant to run wireguard itself + the dashboard? It's just not 100% clear which is the goal.

The container has the wireguard and wireguard-tools package installed, with WGDashboard on op. So yes, its a VPN + Dashboard.

You were right. My server hang itself and it now back but this ideally should not be the option, pulling its latest image from my server and pushing it to Docker Hub under a specific label, I keep you updated.

I've reread your question and if you already have wireguard installed on your system, you can pass the configurations from the host to the container. In the volumes, remove the conf entry and replace it with /etc/wireguard:/etc/wireguard this maps the host directory on the host to the container.

A potential concern people may have with hosting wirguard in this container is updates. Wireguard is a critical piece of security software for many, and if a vulnerability is discovered this docker container would need to be updated immediately. That's taking on quite a bit of risk unless that container is auto-updated each time wireguard gets updated.

Having the option to use the host's wireguard would solve this issue, but I'm not sure if WGDshboard can communicate with wireguard from inside a docker container since it won't have access to system commands like wg show.

[DaanSelen]

Essential security can be handled by going into the container itself, but you are right. i need to setup some auto building. For your issue I think I have a lead, going to work on that now.

[DaanSelen]

@hoggatt just pushed a new Docker Image version, can you test with that?

[hoggatt]

@hoggatt just pushed a new Docker Image version, can you test with that?

Works now with my config! Logs look good.

Is there a reason you recommend making a volume for /opt/wireguarddashboard? It looks like only /opt/wireguarddashboard/src/db/ and /opt/wireguarddashboard/src/wg-dashboard.ini are required to preserve your WGDashboard session if everything else is re-installed. I'd recommend just having those (plus /etc/wireguard) as the default volumes to keep things as minimal as possible.

[hoggatt]

Essential security can be handled by going into the container itself, but you are right. i need to setup some auto building. For your issue I think I have a lead, going to work on that now.

Having it auto-build when a new wireguard debian package update occurrs would be ideal. But maybe just building twice a day using a schedule trigger OR when there is a push to the master branch would be sufficient. I'm not sure there's an easy way to trigger a build when a Debian package is updated.

Update, I'm asking how they solve this issue here: https://github.com/wg-easy/wg-easy/discussions/302. Could be worthwhile.

[DaanSelen]

@hoggatt just pushed a new Docker Image version, can you test with that?

Works now with my config! Logs look good.

Is there a reason you recommend making a volume for /opt/wireguarddashboard? It looks like only /opt/wireguarddashboard/src/db/ and /opt/wireguarddashboard/src/wg-dashboard.ini are required to preserve your WGDashboard session if everything else is re-installed. I'd recommend just having those (plus /etc/wireguard) as the default volumes to keep things as minimal as possible.

Hey @hoggatt you are right. Going to test with this, the way I just made a volume of the entire directory was because I did not know yet how WGDash precisely stores values.

Going to test, watch my fork!

[DaanSelen]

Essential security can be handled by going into the container itself, but you are right. i need to setup some auto building. For your issue I think I have a lead, going to work on that now.

Having it auto-build when a new wireguard debian package update occurrs would be ideal. But maybe just building twice a day using a schedule trigger OR when there is a push to the master branch would be sufficient. I'm not sure there's an easy way to trigger a build when a Debian package is updated.

Update, I'm asking how they solve this issue here: wg-easy/wg-easy#302. Could be worthwhile.

True, and with only the persistency down to two volumes updating will be much easier. Keep you posted or if you have suggestions you can always submit some work! Make sure you document it well, though!