Skip to content
This repository has been archived by the owner on Apr 25, 2023. It is now read-only.

An image integrated user space Wireguard #86

Merged
merged 2 commits into from
Jul 23, 2020
Merged

An image integrated user space Wireguard #86

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6db42cb
make the docker image support userspace wireguard
Jul 20, 2020
fb38bb7
support detect tun
Jul 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions UserSpace.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
FROM docker.io/node:12 AS ui
WORKDIR /ui
COPY ui/package.json ui/package-lock.json /ui/
RUN npm install
COPY ui .
RUN npm run build

FROM docker.io/golang:1.14 AS build
WORKDIR /wg
RUN go get github.com/go-bindata/go-bindata/...
RUN go get github.com/elazarl/go-bindata-assetfs/...
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY . .
COPY --from=ui /ui/dist ui/dist
RUN go-bindata-assetfs -prefix ui/dist ui/dist
RUN go install .

FROM docker.io/golang:1.14 AS wg_go_build
WORKDIR /wg-go
RUN git init && \
git remote add origin https://git.zx2c4.com/wireguard-go && \
git fetch && \
git checkout tags/v0.0.20200320 -b build && \
make

FROM alpine:3.12
RUN apk add libc6-compat --no-cache
COPY ./wg-go-ui.sh /
COPY --from=build /go/bin/wireguard-ui /
COPY --from=wg_go_build /wg-go/wireguard-go /
ENTRYPOINT [ "/wg-go-ui.sh" ]
43 changes: 43 additions & 0 deletions wg-go-ui.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#!/bin/sh

set -eux

# need `SYS_ADMIN` and `NET_ADMIN` capabilities.
mkdir -p /dev/net
TUNFILE=/dev/net/tun
[ ! -c $TUNFILE ] && mknod $TUNFILE c 10 200

# Start the first process
./wireguard-go wg0
status=$?
if [ $status -ne 0 ]; then
echo "Failed to start wireguard-go: $status"
exit $status
fi

# Start the second process
./wireguard-ui $@
status=$?
if [ $status -ne 0 ]; then
echo "Failed to start wireguard-ui: $status"
exit $status
fi

# Naive check runs checks once a minute to see if either of the processes exited.
# This illustrates part of the heavy lifting you need to do if you want to run
# more than one service in a container. The container exits with an error
# if it detects that either of the processes has exited.
# Otherwise it loops forever, waking up every 60 seconds

while sleep 60; do
ps aux |grep wireguard-go |grep -q -v grep
PROCESS_1_STATUS=$?
ps aux |grep wireguard-ui |grep -q -v grep
PROCESS_2_STATUS=$?
# If the greps above find anything, they exit with 0 status
# If they are not both 0, then something is wrong
if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
echo "One of the processes has already exited."
exit 1
fi
done