diff --git a/apps/wireguard-easy/14/.env.sample b/apps/wireguard-easy/14/.env.sample new file mode 100644 index 00000000..690e8c7b --- /dev/null +++ b/apps/wireguard-easy/14/.env.sample @@ -0,0 +1,11 @@ +CONTAINER_NAME="wireguard-easy" +DATA_PATH="./data" +HOST_ADDRESS="172.17.0.1" +PANEL_APP_PORT_HTTP=40074 +WG_ALLOWED_IPS="10.0.8.0/24" +WG_DEFAULT_ADDRESS="10.8.0.x" +WG_DEFAULT_DNS="119.29.29.29,1.1.1.1" +WG_MTU=1420 +WG_PERSISTENT_KEEPALIVE=25 +WIREGUARD_PORT=51820 +PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a" diff --git a/apps/wireguard-easy/14/data.yml b/apps/wireguard-easy/14/data.yml new file mode 100644 index 00000000..1bc83373 --- /dev/null +++ b/apps/wireguard-easy/14/data.yml @@ -0,0 +1,74 @@ +additionalProperties: + formFields: + - default: "40074" + edit: true + envKey: PANEL_APP_PORT_HTTP + labelEn: WebUI Port + labelZh: 网页端口 + required: true + rule: paramPort + type: number + - default: "51820" + edit: true + envKey: WIREGUARD_PORT + labelEn: Wireguard port + labelZh: Wireguard 端口 + required: true + rule: paramPort + type: number + - default: "./data" + edit: true + envKey: DATA_PATH + labelEn: Data folder path + labelZh: 数据文件夹路径 + required: true + type: text + - default: "$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a" + edit: true + envKey: PASSWORD_HASH + labelEn: Webui password hash (Note to check the documentation for instructions, the default is `PAssw00rd`) + labelZh: 网页密码 hash (注意查看说明文档,默认为`PAssw00rd`) + required: true + type: password + - default: "172.17.0.1" + edit: true + envKey: HOST_ADDRESS + labelEn: Host address (must change item) + labelZh: 本机地址(必改项) + required: true + type: text + - default: "10.8.0.x" + edit: true + envKey: WG_DEFAULT_ADDRESS + labelEn: Default Wireguard Segment + labelZh: 默认 Wireguard 网段 + required: true + type: text + - default: "119.29.29.29,1.1.1.1" + edit: true + envKey: WG_DEFAULT_DNS + labelEn: Default Wireguard DNS + labelZh: 默认 Wireguard DNS + required: true + type: text + - default: "1420" + edit: true + envKey: WG_MTU + labelEn: Wireguard MTU + labelZh: Wireguard MTU + required: true + type: number + - default: "10.0.8.0/24" + edit: true + envKey: WG_ALLOWED_IPS + labelEn: Wireguard Allowed IPs + labelZh: Wireguard 允许的 IP 段 + required: true + type: text + - default: "25" + edit: true + envKey: WG_PERSISTENT_KEEPALIVE + labelEn: Wireguard Persistent Keepalive + labelZh: Wireguard 保活间隔 + required: true + type: number diff --git a/apps/wireguard-easy/14/docker-compose.yml b/apps/wireguard-easy/14/docker-compose.yml new file mode 100644 index 00000000..c58d6842 --- /dev/null +++ b/apps/wireguard-easy/14/docker-compose.yml @@ -0,0 +1,34 @@ +services: + wg-easy: + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + environment: + - WG_HOST=${HOST_ADDRESS} + - WG_PORT=${WIREGUARD_PORT} + - PORT=${PANEL_APP_PORT_HTTP} + - WG_DEFAULT_ADDRESS=${WG_DEFAULT_ADDRESS} + - WG_DEFAULT_DNS=${WG_DEFAULT_DNS} + - WG_MTU=${WG_MTU} + - WG_ALLOWED_IPS=${WG_ALLOWED_IPS} + - WG_PERSISTENT_KEEPALIVE=${WG_PERSISTENT_KEEPALIVE} + - PASSWORD_HASH=${PASSWORD_HASH} + volumes: + - ${DATA_PATH}:/etc/wireguard + ports: + - "${WIREGUARD_PORT}:${WIREGUARD_PORT}/udp" + - "${PANEL_APP_PORT_HTTP}:${PANEL_APP_PORT_HTTP}/tcp" + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + image: "ghcr.io/wg-easy/wg-easy:14" + labels: + createdBy: "Apps" + +networks: + 1panel-network: + external: true diff --git a/apps/wireguard-easy/14/scripts/upgrade.sh b/apps/wireguard-easy/14/scripts/upgrade.sh new file mode 100644 index 00000000..b63a25de --- /dev/null +++ b/apps/wireguard-easy/14/scripts/upgrade.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [[ -f ./.env ]]; then + + # 如果 .env 文件中有 WEBUI_PWD 的设置,删除该行 + if grep -q 'WEBUI_PWD' ./.env; then + sed -i '/WEBUI_PWD/d' ./.env + echo "已移除 .env 文件中的 WEBUI_PWD 参数" + fi + + # 检查并添加 WG_ALLOWED_IPS 参数 + if ! grep -q 'WG_ALLOWED_IPS' ./.env; then + echo 'WG_ALLOWED_IPS="10.0.8.0/24"' >> ./.env + echo "已添加 WG_ALLOWED_IPS=10.0.8.0/24" + else + echo "WG_ALLOWED_IPS 参数已存在" + fi + + # 检查并添加 WG_DEFAULT_ADDRESS 参数 + if ! grep -q 'WG_DEFAULT_ADDRESS' ./.env; then + echo 'WG_DEFAULT_ADDRESS="10.8.0.x"' >> ./.env + echo "已添加 WG_DEFAULT_ADDRESS=10.8.0.x" + else + echo "WG_DEFAULT_ADDRESS 参数已存在" + fi + + # 检查并添加 WG_DEFAULT_DNS 参数 + if ! grep -q 'WG_DEFAULT_DNS' ./.env; then + echo 'WG_DEFAULT_DNS="119.29.29.29,1.1.1.1"' >> ./.env + echo "已添加 WG_DEFAULT_DNS=119.29.29.29,1.1.1.1" + else + echo "WG_DEFAULT_DNS 参数已存在" + fi + + # 检查并添加 WG_MTU 参数 + if ! grep -q 'WG_MTU' ./.env; then + echo 'WG_MTU=1420' >> ./.env + echo "已添加 WG_MTU=1420" + else + echo "WG_MTU 参数已存在" + fi + + # 检查并添加 WG_PERSISTENT_KEEPALIVE 参数 + if ! grep -q 'WG_PERSISTENT_KEEPALIVE' ./.env; then + echo 'WG_PERSISTENT_KEEPALIVE=25' >> ./.env + echo "已添加 WG_PERSISTENT_KEEPALIVE=25" + else + echo "WG_PERSISTENT_KEEPALIVE 参数已存在" + fi + + # 检查并添加 WIREGUARD_PORT 参数 + if ! grep -q 'WIREGUARD_PORT' ./.env; then + echo 'WIREGUARD_PORT=51820' >> ./.env + echo "已添加 WIREGUARD_PORT=51820" + else + echo "WIREGUARD_PORT 参数已存在" + fi + + # 检查并添加 PASSWORD_HASH 参数 + if ! grep -q 'PASSWORD_HASH' ./.env; then + echo 'PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a"' >> ./.env + echo '已添加 PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a"' + else + echo "PASSWORD_HASH 参数已存在" + fi + +else + echo ".env 文件不存在" +fi diff --git a/apps/wireguard-easy/7/.env.sample b/apps/wireguard-easy/7/.env.sample deleted file mode 100644 index b05d07cc..00000000 --- a/apps/wireguard-easy/7/.env.sample +++ /dev/null @@ -1,6 +0,0 @@ -CONTAINER_NAME="wireguard-easy" -DATA_PATH="./data" -HOST_ADDRESS="172.17.0.1" -PANEL_APP_PORT_HTTP="40074" -WEBUI_PWD="password" -WIREGUARD_PORT="51820" diff --git a/apps/wireguard-easy/7/data.yml b/apps/wireguard-easy/7/data.yml deleted file mode 100644 index adeadc5f..00000000 --- a/apps/wireguard-easy/7/data.yml +++ /dev/null @@ -1,42 +0,0 @@ -additionalProperties: - formFields: - - default: 40074 - edit: true - envKey: PANEL_APP_PORT_HTTP - labelEn: WebUI Port - labelZh: 网页端口 - required: true - rule: paramPort - type: number - - default: 51820 - edit: true - envKey: WIREGUARD_PORT - labelEn: Wireguard port - labelZh: Wireguard端口 - required: true - rule: paramPort - type: number - - default: ./data - edit: true - envKey: DATA_PATH - labelEn: Data folder path - labelZh: 数据文件夹路径 - required: true - type: text - - default: "password" - edit: true - envKey: WEBUI_PWD - labelEn: Webui password - labelZh: 网页密码 - random: false - required: true - rule: paramComplexity - type: password - - default: 172.17.0.1 - edit: true - envKey: HOST_ADDRESS - labelEn: Local IP address (must change item) - labelZh: 本机IP地址(必改项) - required: true - rule: paramCommon - type: text \ No newline at end of file diff --git a/apps/wireguard-easy/7/docker-compose.yml b/apps/wireguard-easy/7/docker-compose.yml deleted file mode 100644 index 4884b6f8..00000000 --- a/apps/wireguard-easy/7/docker-compose.yml +++ /dev/null @@ -1,37 +0,0 @@ -services: - wg-easy: - container_name: ${CONTAINER_NAME} - restart: always - networks: - - 1panel-network - environment: - - WG_HOST=${HOST_ADDRESS} - - PASSWORD=${WEBUI_PWD} - - WG_PORT=${WIREGUARD_PORT} - # Optional: - # - WG_DEFAULT_ADDRESS=10.8.0.x - # - WG_DEFAULT_DNS=1.1.1.1 - # - WG_MTU=1420 - # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 - # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt - # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt - # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt - # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt - volumes: - - ${DATA_PATH}:/etc/wireguard - ports: - - "${WIREGUARD_PORT}:${WIREGUARD_PORT}/udp" - - "${PANEL_APP_PORT_HTTP}:51821/tcp" - cap_add: - - NET_ADMIN - - SYS_MODULE - sysctls: - - net.ipv4.ip_forward=1 - - net.ipv4.conf.all.src_valid_mark=1 - image: weejewel/wg-easy:7 - labels: - createdBy: "Apps" - -networks: - 1panel-network: - external: true diff --git a/apps/wireguard-easy/README.md b/apps/wireguard-easy/README.md index ca38d60c..f43147fe 100644 --- a/apps/wireguard-easy/README.md +++ b/apps/wireguard-easy/README.md @@ -1,115 +1,38 @@ # WireGuard Easy -[![Build & Publish Docker Image to Docker Hub](https://github.com/WeeJeWel/wg-easy/actions/workflows/deploy.yml/badge.svg?branch=production)](https://github.com/WeeJeWel/wg-easy/actions/workflows/deploy.yml) -[![Lint](https://github.com/WeeJeWel/wg-easy/actions/workflows/lint.yml/badge.svg?branch=master)](https://github.com/WeeJeWel/wg-easy/actions/workflows/lint.yml) -[![Docker](https://img.shields.io/docker/v/weejewel/wg-easy/latest)](https://hub.docker.com/r/weejewel/wg-easy) -[![Docker](https://img.shields.io/docker/pulls/weejewel/wg-easy.svg)](https://hub.docker.com/r/weejewel/wg-easy) -[![Sponsor](https://img.shields.io/github/sponsors/weejewel)](https://github.com/sponsors/WeeJeWel) -![GitHub Stars](https://img.shields.io/github/stars/weejewel/wg-easy) +**WireGuard Easy** 是最简单的安装和管理 WireGuard 的方法,适用于任何 Linux 主机! -You have found the easiest way to install & manage WireGuard on any Linux host! +## 使用说明 -

- -

+> **14版本以上启用了bcrypt 密码哈希,以前设置密码方式失效** -## Features +`wg-password`(也称为 **wgpw**)是一个生成 bcrypt 密码哈希的脚本,旨在通过与 **`wg-easy`** 集成来提高安全性,方便管理 WireGuard 配置。 -* All-in-one: WireGuard + Web UI. -* Easy installation, simple to use. -* List, create, edit, delete, enable & disable clients. -* Show a client's QR code. -* Download a client's configuration file. -* Statistics for which clients are connected. -* Tx/Rx charts for each connected client. -* Gravatar support. +### Docker 使用方法 -## Requirements +使用 Docker 生成 bcrypt 密码哈希,运行以下命令: -* A host with a kernel that supports WireGuard (all modern kernels). -* A host with Docker installed. - -## Installation - -### 1. Install Docker - -If you haven't installed Docker yet, install it by running: - -```bash -$ curl -sSL https://get.docker.com | sh -$ sudo usermod -aG docker $(whoami) -$ exit +```sh +docker run -it ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD ``` -And log in again. - -### 2. Run WireGuard Easy - -To automatically install & run wg-easy, simply run: - -
-$ docker run -d \
-  --name=wg-easy \
-  -e WG_HOST=🚨YOUR_SERVER_IP \
-  -e PASSWORD=🚨YOUR_ADMIN_PASSWORD \
-  -v ~/.wg-easy:/etc/wireguard \
-  -p 51820:51820/udp \
-  -p 51821:51821/tcp \
-  --cap-add=NET_ADMIN \
-  --cap-add=SYS_MODULE \
-  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
-  --sysctl="net.ipv4.ip_forward=1" \
-  --restart unless-stopped \
-  weejewel/wg-easy
-
- -> 💡 Replace `YOUR_SERVER_IP` with your WAN IP, or a Dynamic DNS hostname. -> -> 💡 Replace `YOUR_ADMIN_PASSWORD` with a password to log in on the Web UI. - -The Web UI will now be available on `http://0.0.0.0:51821`. - -> 💡 Your configuration files will be saved in `~/.wg-easy` - -### 3. Sponsor - -Are you enjoying this project? [Buy me a beer!](https://github.com/sponsors/WeeJeWel) 🍻 - -## Options - -These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command. - -| Env | Default | Example | Description | -| - | - | - | - | -| `PASSWORD` | - | `foobar123` | When set, requires a password when logging in to the Web UI. | -| `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server. | -| `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through. | -| `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will always listen on `51820` inside the Docker container. | -| `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU. | -| `WG_PERSISTENT_KEEPALIVE` | `0` | `25` | Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. | -| `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range. | -| `WG_DEFAULT_DNS` | `1.1.1.1` | `8.8.8.8, 8.8.4.4` | DNS server clients will use. | -| `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | `192.168.15.0/24, 10.0.1.0/24` | Allowed IPs clients will use. | -| `WG_PRE_UP` | `...` | - | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L19) for the default value. | -| `WG_POST_UP` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L20) for the default value. | -| `WG_PRE_DOWN` | `...` | - | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L27) for the default value. | -| `WG_POST_DOWN` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L28) for the default value. | - -> If you change `WG_PORT`, make sure to also change the exposed port. - -## Updating - -To update to the latest version, simply run: - -```bash -docker stop wg-easy -docker rm wg-easy -docker pull weejewel/wg-easy +示例输出: +```sh +PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' ``` -And then run the `docker run -d \ ...` command above again. +如果未提供密码,工具将提示您输入: -## Common Use Cases +```sh +docker run -it ghcr.io/wg-easy/wg-easy wgpw +Enter your password: # 输入密码(输入不可见) +PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' +``` -* [Using WireGuard-Easy with Pi-Hole](https://github.com/WeeJeWel/wg-easy/wiki/Using-WireGuard-Easy-with-Pi-Hole) -* [Using WireGuard-Easy with nginx/SSL](https://github.com/WeeJeWel/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL) +### 重要说明 + +- **在 `docker-compose.yml` 中使用**:在 `docker-compose.yml` 文件中,将生成的哈希中的每个 `$` 替换为 `$$`,以防止解释错误。 + +```yaml +- PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG +``` \ No newline at end of file diff --git a/apps/wireguard-easy/data.yml b/apps/wireguard-easy/data.yml index 114f5a0d..e929dffb 100644 --- a/apps/wireguard-easy/data.yml +++ b/apps/wireguard-easy/data.yml @@ -1,8 +1,7 @@ name: WireGuard Easy tags: - - 工具 + - 实用工具 title: 运行 WireGuard VPN + 基于 Web 的管理 UI 的最简单方法 -type: 工具 description: 运行 WireGuard VPN + 基于 Web 的管理 UI 的最简单方法 additionalProperties: key: wireguard-easy diff --git a/apps/wireguard-easy/latest/.env.sample b/apps/wireguard-easy/latest/.env.sample index b05d07cc..690e8c7b 100644 --- a/apps/wireguard-easy/latest/.env.sample +++ b/apps/wireguard-easy/latest/.env.sample @@ -1,6 +1,11 @@ CONTAINER_NAME="wireguard-easy" DATA_PATH="./data" HOST_ADDRESS="172.17.0.1" -PANEL_APP_PORT_HTTP="40074" -WEBUI_PWD="password" -WIREGUARD_PORT="51820" +PANEL_APP_PORT_HTTP=40074 +WG_ALLOWED_IPS="10.0.8.0/24" +WG_DEFAULT_ADDRESS="10.8.0.x" +WG_DEFAULT_DNS="119.29.29.29,1.1.1.1" +WG_MTU=1420 +WG_PERSISTENT_KEEPALIVE=25 +WIREGUARD_PORT=51820 +PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a" diff --git a/apps/wireguard-easy/latest/data.yml b/apps/wireguard-easy/latest/data.yml index adeadc5f..1bc83373 100644 --- a/apps/wireguard-easy/latest/data.yml +++ b/apps/wireguard-easy/latest/data.yml @@ -1,42 +1,74 @@ additionalProperties: - formFields: - - default: 40074 - edit: true - envKey: PANEL_APP_PORT_HTTP - labelEn: WebUI Port - labelZh: 网页端口 - required: true - rule: paramPort - type: number - - default: 51820 - edit: true - envKey: WIREGUARD_PORT - labelEn: Wireguard port - labelZh: Wireguard端口 - required: true - rule: paramPort - type: number - - default: ./data - edit: true - envKey: DATA_PATH - labelEn: Data folder path - labelZh: 数据文件夹路径 - required: true - type: text - - default: "password" - edit: true - envKey: WEBUI_PWD - labelEn: Webui password - labelZh: 网页密码 - random: false - required: true - rule: paramComplexity - type: password - - default: 172.17.0.1 - edit: true - envKey: HOST_ADDRESS - labelEn: Local IP address (must change item) - labelZh: 本机IP地址(必改项) - required: true - rule: paramCommon - type: text \ No newline at end of file + formFields: + - default: "40074" + edit: true + envKey: PANEL_APP_PORT_HTTP + labelEn: WebUI Port + labelZh: 网页端口 + required: true + rule: paramPort + type: number + - default: "51820" + edit: true + envKey: WIREGUARD_PORT + labelEn: Wireguard port + labelZh: Wireguard 端口 + required: true + rule: paramPort + type: number + - default: "./data" + edit: true + envKey: DATA_PATH + labelEn: Data folder path + labelZh: 数据文件夹路径 + required: true + type: text + - default: "$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a" + edit: true + envKey: PASSWORD_HASH + labelEn: Webui password hash (Note to check the documentation for instructions, the default is `PAssw00rd`) + labelZh: 网页密码 hash (注意查看说明文档,默认为`PAssw00rd`) + required: true + type: password + - default: "172.17.0.1" + edit: true + envKey: HOST_ADDRESS + labelEn: Host address (must change item) + labelZh: 本机地址(必改项) + required: true + type: text + - default: "10.8.0.x" + edit: true + envKey: WG_DEFAULT_ADDRESS + labelEn: Default Wireguard Segment + labelZh: 默认 Wireguard 网段 + required: true + type: text + - default: "119.29.29.29,1.1.1.1" + edit: true + envKey: WG_DEFAULT_DNS + labelEn: Default Wireguard DNS + labelZh: 默认 Wireguard DNS + required: true + type: text + - default: "1420" + edit: true + envKey: WG_MTU + labelEn: Wireguard MTU + labelZh: Wireguard MTU + required: true + type: number + - default: "10.0.8.0/24" + edit: true + envKey: WG_ALLOWED_IPS + labelEn: Wireguard Allowed IPs + labelZh: Wireguard 允许的 IP 段 + required: true + type: text + - default: "25" + edit: true + envKey: WG_PERSISTENT_KEEPALIVE + labelEn: Wireguard Persistent Keepalive + labelZh: Wireguard 保活间隔 + required: true + type: number diff --git a/apps/wireguard-easy/latest/docker-compose.yml b/apps/wireguard-easy/latest/docker-compose.yml index b91b6c2a..07af2fa2 100644 --- a/apps/wireguard-easy/latest/docker-compose.yml +++ b/apps/wireguard-easy/latest/docker-compose.yml @@ -6,32 +6,29 @@ services: - 1panel-network environment: - WG_HOST=${HOST_ADDRESS} - - PASSWORD=${WEBUI_PWD} - WG_PORT=${WIREGUARD_PORT} - # Optional: - # - WG_DEFAULT_ADDRESS=10.8.0.x - # - WG_DEFAULT_DNS=1.1.1.1 - # - WG_MTU=1420 - # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 - # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt - # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt - # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt - # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt + - PORT=${PANEL_APP_PORT_HTTP} + - WG_DEFAULT_ADDRESS=${WG_DEFAULT_ADDRESS} + - WG_DEFAULT_DNS=${WG_DEFAULT_DNS} + - WG_MTU=${WG_MTU} + - WG_ALLOWED_IPS=${WG_ALLOWED_IPS} + - WG_PERSISTENT_KEEPALIVE=${WG_PERSISTENT_KEEPALIVE} + - PASSWORD_HASH=${PASSWORD_HASH} volumes: - ${DATA_PATH}:/etc/wireguard ports: - "${WIREGUARD_PORT}:${WIREGUARD_PORT}/udp" - - "${PANEL_APP_PORT_HTTP}:51821/tcp" + - "${PANEL_APP_PORT_HTTP}:${PANEL_APP_PORT_HTTP}/tcp" cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - image: weejewel/wg-easy:latest - labels: + image: "ghcr.io/wg-easy/wg-easy:latest" + labels: createdBy: "Apps" -networks: - 1panel-network: +networks: + 1panel-network: external: true diff --git a/apps/wireguard-easy/latest/scripts/upgrade.sh b/apps/wireguard-easy/latest/scripts/upgrade.sh new file mode 100644 index 00000000..b63a25de --- /dev/null +++ b/apps/wireguard-easy/latest/scripts/upgrade.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [[ -f ./.env ]]; then + + # 如果 .env 文件中有 WEBUI_PWD 的设置,删除该行 + if grep -q 'WEBUI_PWD' ./.env; then + sed -i '/WEBUI_PWD/d' ./.env + echo "已移除 .env 文件中的 WEBUI_PWD 参数" + fi + + # 检查并添加 WG_ALLOWED_IPS 参数 + if ! grep -q 'WG_ALLOWED_IPS' ./.env; then + echo 'WG_ALLOWED_IPS="10.0.8.0/24"' >> ./.env + echo "已添加 WG_ALLOWED_IPS=10.0.8.0/24" + else + echo "WG_ALLOWED_IPS 参数已存在" + fi + + # 检查并添加 WG_DEFAULT_ADDRESS 参数 + if ! grep -q 'WG_DEFAULT_ADDRESS' ./.env; then + echo 'WG_DEFAULT_ADDRESS="10.8.0.x"' >> ./.env + echo "已添加 WG_DEFAULT_ADDRESS=10.8.0.x" + else + echo "WG_DEFAULT_ADDRESS 参数已存在" + fi + + # 检查并添加 WG_DEFAULT_DNS 参数 + if ! grep -q 'WG_DEFAULT_DNS' ./.env; then + echo 'WG_DEFAULT_DNS="119.29.29.29,1.1.1.1"' >> ./.env + echo "已添加 WG_DEFAULT_DNS=119.29.29.29,1.1.1.1" + else + echo "WG_DEFAULT_DNS 参数已存在" + fi + + # 检查并添加 WG_MTU 参数 + if ! grep -q 'WG_MTU' ./.env; then + echo 'WG_MTU=1420' >> ./.env + echo "已添加 WG_MTU=1420" + else + echo "WG_MTU 参数已存在" + fi + + # 检查并添加 WG_PERSISTENT_KEEPALIVE 参数 + if ! grep -q 'WG_PERSISTENT_KEEPALIVE' ./.env; then + echo 'WG_PERSISTENT_KEEPALIVE=25' >> ./.env + echo "已添加 WG_PERSISTENT_KEEPALIVE=25" + else + echo "WG_PERSISTENT_KEEPALIVE 参数已存在" + fi + + # 检查并添加 WIREGUARD_PORT 参数 + if ! grep -q 'WIREGUARD_PORT' ./.env; then + echo 'WIREGUARD_PORT=51820' >> ./.env + echo "已添加 WIREGUARD_PORT=51820" + else + echo "WIREGUARD_PORT 参数已存在" + fi + + # 检查并添加 PASSWORD_HASH 参数 + if ! grep -q 'PASSWORD_HASH' ./.env; then + echo 'PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a"' >> ./.env + echo '已添加 PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a"' + else + echo "PASSWORD_HASH 参数已存在" + fi + +else + echo ".env 文件不存在" +fi diff --git a/apps/wireguard-easy/nightly/.env.sample b/apps/wireguard-easy/nightly/.env.sample index b05d07cc..690e8c7b 100644 --- a/apps/wireguard-easy/nightly/.env.sample +++ b/apps/wireguard-easy/nightly/.env.sample @@ -1,6 +1,11 @@ CONTAINER_NAME="wireguard-easy" DATA_PATH="./data" HOST_ADDRESS="172.17.0.1" -PANEL_APP_PORT_HTTP="40074" -WEBUI_PWD="password" -WIREGUARD_PORT="51820" +PANEL_APP_PORT_HTTP=40074 +WG_ALLOWED_IPS="10.0.8.0/24" +WG_DEFAULT_ADDRESS="10.8.0.x" +WG_DEFAULT_DNS="119.29.29.29,1.1.1.1" +WG_MTU=1420 +WG_PERSISTENT_KEEPALIVE=25 +WIREGUARD_PORT=51820 +PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a" diff --git a/apps/wireguard-easy/nightly/data.yml b/apps/wireguard-easy/nightly/data.yml index adeadc5f..1bc83373 100644 --- a/apps/wireguard-easy/nightly/data.yml +++ b/apps/wireguard-easy/nightly/data.yml @@ -1,42 +1,74 @@ additionalProperties: - formFields: - - default: 40074 - edit: true - envKey: PANEL_APP_PORT_HTTP - labelEn: WebUI Port - labelZh: 网页端口 - required: true - rule: paramPort - type: number - - default: 51820 - edit: true - envKey: WIREGUARD_PORT - labelEn: Wireguard port - labelZh: Wireguard端口 - required: true - rule: paramPort - type: number - - default: ./data - edit: true - envKey: DATA_PATH - labelEn: Data folder path - labelZh: 数据文件夹路径 - required: true - type: text - - default: "password" - edit: true - envKey: WEBUI_PWD - labelEn: Webui password - labelZh: 网页密码 - random: false - required: true - rule: paramComplexity - type: password - - default: 172.17.0.1 - edit: true - envKey: HOST_ADDRESS - labelEn: Local IP address (must change item) - labelZh: 本机IP地址(必改项) - required: true - rule: paramCommon - type: text \ No newline at end of file + formFields: + - default: "40074" + edit: true + envKey: PANEL_APP_PORT_HTTP + labelEn: WebUI Port + labelZh: 网页端口 + required: true + rule: paramPort + type: number + - default: "51820" + edit: true + envKey: WIREGUARD_PORT + labelEn: Wireguard port + labelZh: Wireguard 端口 + required: true + rule: paramPort + type: number + - default: "./data" + edit: true + envKey: DATA_PATH + labelEn: Data folder path + labelZh: 数据文件夹路径 + required: true + type: text + - default: "$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a" + edit: true + envKey: PASSWORD_HASH + labelEn: Webui password hash (Note to check the documentation for instructions, the default is `PAssw00rd`) + labelZh: 网页密码 hash (注意查看说明文档,默认为`PAssw00rd`) + required: true + type: password + - default: "172.17.0.1" + edit: true + envKey: HOST_ADDRESS + labelEn: Host address (must change item) + labelZh: 本机地址(必改项) + required: true + type: text + - default: "10.8.0.x" + edit: true + envKey: WG_DEFAULT_ADDRESS + labelEn: Default Wireguard Segment + labelZh: 默认 Wireguard 网段 + required: true + type: text + - default: "119.29.29.29,1.1.1.1" + edit: true + envKey: WG_DEFAULT_DNS + labelEn: Default Wireguard DNS + labelZh: 默认 Wireguard DNS + required: true + type: text + - default: "1420" + edit: true + envKey: WG_MTU + labelEn: Wireguard MTU + labelZh: Wireguard MTU + required: true + type: number + - default: "10.0.8.0/24" + edit: true + envKey: WG_ALLOWED_IPS + labelEn: Wireguard Allowed IPs + labelZh: Wireguard 允许的 IP 段 + required: true + type: text + - default: "25" + edit: true + envKey: WG_PERSISTENT_KEEPALIVE + labelEn: Wireguard Persistent Keepalive + labelZh: Wireguard 保活间隔 + required: true + type: number diff --git a/apps/wireguard-easy/nightly/docker-compose.yml b/apps/wireguard-easy/nightly/docker-compose.yml index e74f3398..708203bc 100644 --- a/apps/wireguard-easy/nightly/docker-compose.yml +++ b/apps/wireguard-easy/nightly/docker-compose.yml @@ -6,32 +6,29 @@ services: - 1panel-network environment: - WG_HOST=${HOST_ADDRESS} - - PASSWORD=${WEBUI_PWD} - WG_PORT=${WIREGUARD_PORT} - # Optional: - # - WG_DEFAULT_ADDRESS=10.8.0.x - # - WG_DEFAULT_DNS=1.1.1.1 - # - WG_MTU=1420 - # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 - # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt - # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt - # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt - # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt + - PORT=${PANEL_APP_PORT_HTTP} + - WG_DEFAULT_ADDRESS=${WG_DEFAULT_ADDRESS} + - WG_DEFAULT_DNS=${WG_DEFAULT_DNS} + - WG_MTU=${WG_MTU} + - WG_ALLOWED_IPS=${WG_ALLOWED_IPS} + - WG_PERSISTENT_KEEPALIVE=${WG_PERSISTENT_KEEPALIVE} + - PASSWORD_HASH=${PASSWORD_HASH} volumes: - ${DATA_PATH}:/etc/wireguard ports: - "${WIREGUARD_PORT}:${WIREGUARD_PORT}/udp" - - "${PANEL_APP_PORT_HTTP}:51821/tcp" + - "${PANEL_APP_PORT_HTTP}:${PANEL_APP_PORT_HTTP}/tcp" cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - image: weejewel/wg-easy:nightly - labels: + image: "ghcr.io/wg-easy/wg-easy:nightly" + labels: createdBy: "Apps" -networks: - 1panel-network: +networks: + 1panel-network: external: true diff --git a/apps/wireguard-easy/nightly/scripts/upgrade.sh b/apps/wireguard-easy/nightly/scripts/upgrade.sh new file mode 100644 index 00000000..b63a25de --- /dev/null +++ b/apps/wireguard-easy/nightly/scripts/upgrade.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [[ -f ./.env ]]; then + + # 如果 .env 文件中有 WEBUI_PWD 的设置,删除该行 + if grep -q 'WEBUI_PWD' ./.env; then + sed -i '/WEBUI_PWD/d' ./.env + echo "已移除 .env 文件中的 WEBUI_PWD 参数" + fi + + # 检查并添加 WG_ALLOWED_IPS 参数 + if ! grep -q 'WG_ALLOWED_IPS' ./.env; then + echo 'WG_ALLOWED_IPS="10.0.8.0/24"' >> ./.env + echo "已添加 WG_ALLOWED_IPS=10.0.8.0/24" + else + echo "WG_ALLOWED_IPS 参数已存在" + fi + + # 检查并添加 WG_DEFAULT_ADDRESS 参数 + if ! grep -q 'WG_DEFAULT_ADDRESS' ./.env; then + echo 'WG_DEFAULT_ADDRESS="10.8.0.x"' >> ./.env + echo "已添加 WG_DEFAULT_ADDRESS=10.8.0.x" + else + echo "WG_DEFAULT_ADDRESS 参数已存在" + fi + + # 检查并添加 WG_DEFAULT_DNS 参数 + if ! grep -q 'WG_DEFAULT_DNS' ./.env; then + echo 'WG_DEFAULT_DNS="119.29.29.29,1.1.1.1"' >> ./.env + echo "已添加 WG_DEFAULT_DNS=119.29.29.29,1.1.1.1" + else + echo "WG_DEFAULT_DNS 参数已存在" + fi + + # 检查并添加 WG_MTU 参数 + if ! grep -q 'WG_MTU' ./.env; then + echo 'WG_MTU=1420' >> ./.env + echo "已添加 WG_MTU=1420" + else + echo "WG_MTU 参数已存在" + fi + + # 检查并添加 WG_PERSISTENT_KEEPALIVE 参数 + if ! grep -q 'WG_PERSISTENT_KEEPALIVE' ./.env; then + echo 'WG_PERSISTENT_KEEPALIVE=25' >> ./.env + echo "已添加 WG_PERSISTENT_KEEPALIVE=25" + else + echo "WG_PERSISTENT_KEEPALIVE 参数已存在" + fi + + # 检查并添加 WIREGUARD_PORT 参数 + if ! grep -q 'WIREGUARD_PORT' ./.env; then + echo 'WIREGUARD_PORT=51820' >> ./.env + echo "已添加 WIREGUARD_PORT=51820" + else + echo "WIREGUARD_PORT 参数已存在" + fi + + # 检查并添加 PASSWORD_HASH 参数 + if ! grep -q 'PASSWORD_HASH' ./.env; then + echo 'PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a"' >> ./.env + echo '已添加 PASSWORD_HASH="$$2a$$12$$0AL3hGeedv8fOfsNtfZY5OO3mMvBqlnZA8QmeBGfWPAQEoZ7LZ/7a"' + else + echo "PASSWORD_HASH 参数已存在" + fi + +else + echo ".env 文件不存在" +fi