Merge branch 'master' into production

.github/workflows/deploy-nightly.yml

@@ -0,0 +1,38 @@
+name: Build & Publish Docker Image to Docker Hub
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 12 * * *"
+
+jobs:
+  deploy:
+    name: Build & Deploy
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        ref: production
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v1 
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+          
+    # Set environment variables
+    - run: echo RELEASE=$(cat ./src/package.json | jq -r .release) >> $GITHUB_ENV
+    
+    # Build & Publish
+    - name: Build & Publish Docker Image
+      uses: docker/build-push-action@v2
+      with:
+        push: true
+        platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8
+        tags: weejewel/wg-easy:nightly, weejewel/wg-easy:${{ env.RELEASE }}-nightly

.github/workflows/deploy.yml

@@ -4,14 +4,8 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - testing
-      - testing/**
-      - staging
-      - staging/**
       - production
       - production/**
-  schedule:
-    - cron: "0 12 * * *"
 
 jobs:
   deploy:

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/node:14-alpine@sha256:dc92f36e7cd917816fa2df041d4e9081453366381a00f40398d99e9392e78664
+FROM docker.io/library/node:16-alpine
 
 # Install Linux packages
 RUN apk add -U --no-cache wireguard-tools dumb-init

README.md

@@ -83,10 +83,13 @@ These options can be configured by setting environment variables using `-e KEY="
 | `PASSWORD` | - | `foobar123` | When set, requires a password when logging in to the Web UI. |
 | `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server. |
 | `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will always listen on `51820` inside the Docker container. |
+| `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU. |
 | `WG_PERSISTENT_KEEPALIVE` | `0` | `25` | Value in seconds to keep the "connection" open. |
 | `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range. |
 | `WG_DEFAULT_DNS` | `1.1.1.1` | `8.8.8.8, 8.8.4.4` | DNS server clients will use. |
 | `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | `192.168.15.0/24, 10.0.1.0/24` | Allowed IPs clients will use. |
+| `WG_POST_UP` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L19) for the default value. |
+| `WG_POST_DOWN` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L26) for the default value. |
 
 > If you change `WG_PORT`, make sure to also change the exposed port.
 

docker-compose.yml

@@ -11,6 +11,7 @@ services:
       # - WG_PORT=51820
       # - WG_DEFAULT_ADDRESS=10.8.0.x
       # - WG_DEFAULT_DNS=1.1.1.1
+      # - WG_MTU=1420
       # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
       
     image: weejewel/wg-easy

docs/changelog.json

@@ -2,5 +2,6 @@
   "1": "Initial version. Enjoy!",
   "2": "You can now rename a client, and update the address. Enjoy!",
   "3": "Many improvements and small changes. Enjoy!",
-  "4": "Now with pretty charts for client's network speed. Enjoy!"
+  "4": "Now with pretty charts for client's network speed. Enjoy!",
+  "5": "Many small improvements & feature requests. Enjoy!"
 }

src/config.js

@@ -8,9 +8,19 @@ module.exports.PASSWORD = process.env.PASSWORD;
 module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/';
 module.exports.WG_HOST = process.env.WG_HOST;
 module.exports.WG_PORT = process.env.WG_PORT || 51820;
+module.exports.WG_MTU = process.env.WG_MTU || null;
 module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || 0;
 module.exports.WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.x';
 module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string'
   ? process.env.WG_DEFAULT_DNS
   : '1.1.1.1';
 module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0';
+
+module.exports.WG_POST_UP = process.env.WG_POST_UP || `
+iptables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE;
+iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
+iptables -A FORWARD -i wg0 -j ACCEPT;
+iptables -A FORWARD -o wg0 -j ACCEPT;
+`.split('\n').join(' ');
+
+module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || '';

src/lib/WireGuard.js

@@ -14,10 +14,13 @@ const {
   WG_PATH,
   WG_HOST,
   WG_PORT,
+  WG_MTU,
   WG_DEFAULT_DNS,
   WG_DEFAULT_ADDRESS,
   WG_PERSISTENT_KEEPALIVE,
   WG_ALLOWED_IPS,
+  WG_POST_UP,
+  WG_POST_DOWN,
 } = require('../config');
 
 module.exports = class WireGuard {
@@ -55,11 +58,17 @@ module.exports = class WireGuard {
 
         await this.__saveConfig(config);
         await Util.exec('wg-quick down wg0').catch(() => { });
-        await Util.exec('wg-quick up wg0');
-        await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE`);
-        await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
-        await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
-        await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
+        await Util.exec('wg-quick up wg0').catch(err => {
+          if (err && err.message && err.message.includes('Cannot find device "wg0"')) {
+            throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!');
+          }
+
+          throw err;
+        });
+        // await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE`);
+        // await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
+        // await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
+        // await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
         await this.__syncConfig();
 
         return config;
@@ -84,7 +93,10 @@ module.exports = class WireGuard {
 [Interface]
 PrivateKey = ${config.server.privateKey}
 Address = ${config.server.address}/24
-ListenPort = 51820`;
+ListenPort = 51820
+PostUp = ${WG_POST_UP}
+PostDown = ${WG_POST_DOWN}
+`;
 
     for (const [clientId, client] of Object.entries(config.clients)) {
       if (!client.enabled) continue;
@@ -98,14 +110,18 @@ PresharedKey = ${client.preSharedKey}
 AllowedIPs = ${client.address}/32`;
     }
 
-    debug('Saving config...');
-    await fs.writeFile(path.join(WG_PATH, 'wg0.json'), JSON.stringify(config, false, 2));
-    await fs.writeFile(path.join(WG_PATH, 'wg0.conf'), result);
+    debug('Config saving...');
+    await fs.writeFile(path.join(WG_PATH, 'wg0.json'), JSON.stringify(config, false, 2), {
+      mode: 0o660,
+    });
+    await fs.writeFile(path.join(WG_PATH, 'wg0.conf'), result, {
+      mode: 0o600,
+    });
     debug('Config saved.');
   }
 
   async __syncConfig() {
-    debug('Syncing config...');
+    debug('Config syncing...');
     await Util.exec('wg syncconf wg0 <(wg-quick strip wg0)');
     debug('Config synced.');
   }
@@ -181,6 +197,7 @@ AllowedIPs = ${client.address}/32`;
 PrivateKey = ${client.privateKey}
 Address = ${client.address}/24
 ${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}` : ''}
+${WG_MTU ? `MTU = ${WG_MTU}` : ''}
 
 [Peer]
 PublicKey = ${config.server.publicKey}

src/package.json

@@ -1,5 +1,5 @@
 {
-  "release": 4,
+  "release": 5,
   "name": "wg-easy",
   "version": "1.0.0",
   "description": "",
@@ -28,6 +28,6 @@
     ]
   },
   "engines": {
-    "node": "14"
+    "node": "16"
   }
 }

src/www/index.html

@@ -3,10 +3,10 @@
 
 <head>
   <title>WireGuard</title>
-  <link href="/css/vendor/tailwind.min.css" rel="stylesheet">
-  <link rel="manifest" href="manifest.json">
-  <link rel="icon" type="image/png" href="img/favicon.png">
-  <link rel="apple-touch-icon" href="img/apple-touch-icon.png">
+  <link href="./css/vendor/tailwind.min.css" rel="stylesheet">
+  <link rel="manifest" href="./manifest.json">
+  <link rel="icon" type="image/png" href="./img/favicon.png">
+  <link rel="apple-touch-icon" href="./img/apple-touch-icon.png">
   <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
   <meta name="apple-mobile-web-app-capable" content="yes">
 </head>
@@ -200,7 +200,7 @@
 
                     <!-- Show QR-->
                     <button class="align-middle bg-gray-100 hover:bg-red-800 hover:text-white p-2 rounded transition"
-                      title="Show QR Code" @click="qrcode = `/api/wireguard/client/${client.id}/qrcode.svg`">
+                      title="Show QR Code" @click="qrcode = `./api/wireguard/client/${client.id}/qrcode.svg`">
                       <svg class="w-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"
                         stroke="currentColor">
                         <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
@@ -209,7 +209,7 @@
                     </button>
 
                     <!-- Download Config -->
-                    <a :href="'/api/wireguard/client/' + client.id + '/configuration'" download
+                    <a :href="'./api/wireguard/client/' + client.id + '/configuration'" download
                       class="align-middle inline-block bg-gray-100 hover:bg-red-800 hover:text-white p-2 rounded transition"
                       title="Download Configuration">
                       <svg class="w-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"
@@ -473,13 +473,13 @@
 
   </div>
 
-  <script src="/js/vendor/vue.min.js"></script>
-  <script src="/js/vendor/apexcharts.min.js"></script>
-  <script src="/js/vendor/vue-apexcharts.min.js"></script>
-  <script src="/js/vendor/md5.min.js"></script>
-  <script src="/js/vendor/timeago.min.js"></script>
-  <script src="/js/api.js"></script>
-  <script src="/js/app.js"></script>
+  <script src="./js/vendor/vue.min.js"></script>
+  <script src="./js/vendor/apexcharts.min.js"></script>
+  <script src="./js/vendor/vue-apexcharts.min.js"></script>
+  <script src="./js/vendor/md5.min.js"></script>
+  <script src="./js/vendor/timeago.min.js"></script>
+  <script src="./js/api.js"></script>
+  <script src="./js/app.js"></script>
 </body>
 
 </html>

src/www/js/app.js

@@ -5,6 +5,24 @@
 
 'use strict';
 
+function bytes(bytes, decimals, kib, maxunit) {
+  kib = kib || false;
+  if (bytes === 0) return '0 B';
+  if (Number.isNaN(parseFloat(bytes)) && !Number.isFinite(bytes)) return 'NaN';
+  const k = kib ? 1024 : 1000;
+  const dm = decimals != null && !Number.isNaN(decimals) && decimals >= 0 ? decimals : 2;
+  const sizes = kib
+    ? ['B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB', 'BiB']
+    : ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB', 'BB'];
+  let i = Math.floor(Math.log(bytes) / Math.log(k));
+  if (maxunit !== undefined) {
+    const index = sizes.indexOf(maxunit);
+    if (index !== -1) i = index;
+  }
+  // eslint-disable-next-line no-restricted-properties
+  return `${parseFloat((bytes / Math.pow(k, i)).toFixed(dm))} ${sizes[i]}`;
+}
+
 new Vue({
   el: '#app',
   components: {
@@ -276,21 +294,3 @@ new Vue({
     }).catch(console.error);
   },
 });
-
-function bytes(bytes, decimals, kib, maxunit) {
-  kib = kib || false;
-  if (bytes === 0) return '0 B';
-  if (Number.isNaN(parseFloat(bytes)) && !Number.isFinite(bytes)) return 'NaN';
-  const k = kib ? 1024 : 1000;
-  const dm = decimals != null && !Number.isNaN(decimals) && decimals >= 0 ? decimals : 2;
-  const sizes = kib
-    ? ['B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB', 'BiB']
-    : ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB', 'BB'];
-  let i = Math.floor(Math.log(bytes) / Math.log(k));
-  if (maxunit !== undefined) {
-    const index = sizes.indexOf(maxunit);
-    if (index !== -1) i = index;
-  }
-  // eslint-disable-next-line no-restricted-properties
-  return `${parseFloat((bytes / Math.pow(k, i)).toFixed(dm))} ${sizes[i]}`;
-}