利用wireguard内网穿透

利用wireguard内网穿透web访问管理配置

配置文件

1
2
3
4
5
6
7
8
9
[email protected]:~/d_project/Lab/docker-compose/wireguard$ tree
.
├── docker-compose.yml
├── init.sh
├── watch.sh
├── wg-api
└── wg-api.sh

0 directories, 5 files

docker-compose.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
version: "3.6"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Shanghai
      # - SERVERURL=wireguard.domain.com #optional
      - SERVERURL=192.168.59.253 #optional
      - SERVERPORT=51821 #optional
      - PEERS=1 #optional
      - PEERDNS=10.13.13.1 #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
    volumes:
      - /lib/modules:/lib/modules
      - ./volumes/wireguard/config:/config
      - ./init.sh:/config/custom-cont-init.d/init.sh:ro
      - ./watch.sh:/config/custom-services.d/watch.sh:ro
      - ./wg-api:/app/wg-api:ro
      - ./wg-api.sh:/config/custom-services.d/wg-api.sh:ro
    ports:
      - 51821:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
    dns:
      - 114.114.114.114

  wg-gen-web-demo:
    image: vx3r/wg-gen-web:latest
    container_name: wg-gen-web-demo
    restart: unless-stopped
    expose:
      - 8080/tcp
    ports:
      - 51822:8080
    environment:
      - WG_CONF_DIR=/data
      - WG_INTERFACE_NAME=wg0.conf
      - WG_STATS_API=http://wireguard:8080
      - WG_STATS_API_USER=
      - WG_STATS_API_PASS=
      # - SMTP_HOST=smtp.gmail.com
      # - SMTP_PORT=587
      # - [email protected]
      # - SMTP_PASSWORD=******************
      # - SMTP_FROM=Wg Gen Web <[email protected]>
      # - OAUTH2_PROVIDER_NAME=github
      # - OAUTH2_PROVIDER=https://github.com
      # - OAUTH2_CLIENT_ID=******************
      # - OAUTH2_CLIENT_SECRET=******************
      # - OAUTH2_REDIRECT_URL=https://wg-gen-web-demo.127-0-0-1.fr
    volumes:
      - ./volumes/wireguard/config:/data
    depends_on: 
      - wireguard

init.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/usr/bin/with-contenv bash

echo "**** installing inotify-tools ****"
apt-get update && apt-get install inotify-tools -y

echo "**** installing config ****"

echo '
[Interface]
Address = '$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')'.1
ListenPort = 51820
PrivateKey = '$(cat /config/server/privatekey-server)'
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
' > /config/wg0.conf


echo '
{
  "address": [
    "'$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')'.1/24"
  ],
  "listenPort": 51820,
  "mtu": 0,
  "privateKey": "'$(cat /config/server/privatekey-server)'",
  "publicKey": "'$(cat /config/server/publickey-server)'",
  "endpoint": "'${SERVERURL}:${SERVERPORT}'",
  "persistentKeepalive": 16,
  "dns": [
    "'$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')'.1"
  ],
  "allowedips": [
    "'${ALLOWEDIPS}'"
  ],
  "preUp": "echo WireGuard PreUp",
  "postUp": "iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
  "preDown": "echo WireGuard PreDown",
  "postDown": "iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE",
  "updatedBy": "",
  "created": "'$(date +%Y-%m-%dT%H:%M:%S.%NZ)'",
  "updated": "'$(date +%Y-%m-%dT%H:%M:%S.%NZ)'"
}
' > /config/server.json

COREDNSID='44d338ce-e383-11eb-b7fa-0b1c92374c21'
echo '
{
  "id": "'$COREDNSID'",
  "name": "CoreDNS",
  "email": "[email protected]",
  "enable": false,
  "ignorePersistentKeepalive": false,
  "presharedKey": "",
  "allowedIPs": [
    "'${ALLOWEDIPS}'"
  ],
  "address": [
    "'$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')'.1/32"
  ],
  "tags": [],
  "privateKey": "",
  "publicKey": "",
  "createdBy": "",
  "updatedBy": "",
  "created": "'$(date +%Y-%m-%dT%H:%M:%S.%NZ)'",
  "updated": "'$(date +%Y-%m-%dT%H:%M:%S.%NZ)'"
}
' > /config/$COREDNSID

watch.sh

1
2
3
4
5
6
7
#!/usr/bin/with-contenv bash

while inotifywait -e modify -e create /config/wg0.conf; do
  wg-quick down wg0
  wg-quick up wg0
done

wg-api.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
#!/usr/bin/with-contenv bash

if netstat -apn | grep -q ":8080 "; then
  echo "Another service is using port 8080, disabling wg-api"
  sleep infinity
else
  exec \
    /app/wg-api --device wg0 --listen 0.0.0.0:8080
fi

ps: wg-api

1
2
3
4
git clone https://github.com/jamescun/wg-api.git
cd wg-api
CGO_ENABLED=0 GOOS=linux go build -o wg-api cmd/wg-api.go
cp wg-api ../.
updatedupdated2021-08-192021-08-19
点击刷新