diff --git a/52_wireguard/README.md b/52_wireguard/README.md new file mode 100644 index 0000000..f9db201 --- /dev/null +++ b/52_wireguard/README.md @@ -0,0 +1,79 @@ +# README + +Demonstrate how to get wireguard setup to access a private docker network + +Prebuilt +https://www.sonicwall.com/support/knowledge-base/how-can-i-set-up-a-wireguard-tunnel-using-a-docker-container/211025104453553/ + +## Server + +```sh +# build and run server +docker build -f ./server/Dockerfile.server -t wireguard-server ./server +docker run --rm -it --name wireguard-server -p 41194:41194 wireguard-server /bin/bash + +ip addr +cat /etc/wireguard/privatekey +cat /etc/wireguard/publickey + +# replace ip and privatekey +nano /etc/wireguard/wg0.conf +``` + +## Client + +```sh +# build and run client +docker build -f ./client/Dockerfile.client -t wireguard-client ./client/ +docker run --rm -it wireguard-client /bin/bash + +ip addr +cat /etc/wireguard/privatekey +cat /etc/wireguard/publickey +nano /etc/wireguard/wg0.conf +``` + + + + + + + +## Docker Compose App +```sh +docker compose up -d --build + +# quick test +docker logs $(docker ps --filter name=wireguard_wgserver_1 -q) +docker logs $(docker ps --filter name=wireguard_wgclient_1 -q) +``` + +### Cleanup +```sh +# bring it down and delete the volume +docker compose down --volumes +``` + +### Rebuild backend and run +```sh +# if changes are made to backend rerun +docker compose up -d --build +``` + + + + +# Resources +https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/ + +https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/ + + +https://github.com/wsargent/docker-cheat-sheet/blob/master/README.md + + +https://www.thomas-krenn.com/en/wiki/Ubuntu_Desktop_as_WireGuard_VPN_client_configuration + + +https://www.linode.com/docs/guides/set-up-wireguard-vpn-on-ubuntu/ + diff --git a/52_wireguard/client/Dockerfile.client b/52_wireguard/client/Dockerfile.client new file mode 100644 index 0000000..ea09d20 --- /dev/null +++ b/52_wireguard/client/Dockerfile.client @@ -0,0 +1,13 @@ +FROM ubuntu:20.04 + +RUN apt-get update && apt-get install wireguard nano -y +RUN apt-get install curl lsof iproute2 nmap iputils-ping -y + +WORKDIR /etc/wireguard +COPY wg0.conf ./wg0.conf +RUN umask 077; wg genkey | tee privatekey | wg pubkey > publickey + +WORKDIR /scratch +COPY hold.sh . + +CMD [ "/bin/bash", "-c", "/scratch/hold.sh" ] diff --git a/52_wireguard/client/hold.sh b/52_wireguard/client/hold.sh new file mode 100755 index 0000000..89dc65e --- /dev/null +++ b/52_wireguard/client/hold.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +echo "Holding..." + +function trap_hup_handler() { + echo "SIGHUP handler exiting" + exit $(( 128 + 1 )) +} +function trap_int_handler() { + echo "SIGINT handler exiting" + exit $(( 128 + 2 )) +} +function trap_quit_handler() { + echo "SIGQUIT handler exiting" + exit $(( 128 + 3 )) +} +function trap_term_handler() { + echo "SIGTERM handler exiting" + exit $(( 128 + 15 )) +} + +trap trap_hup_handler SIGHUP +trap trap_int_handler SIGINT +trap trap_quit_handler SIGQUIT +trap trap_term_handler SIGTERM + +while true +do + echo "." + sleep 10 +done + diff --git a/52_wireguard/client/wg0.conf b/52_wireguard/client/wg0.conf new file mode 100644 index 0000000..4fbd4ba --- /dev/null +++ b/52_wireguard/client/wg0.conf @@ -0,0 +1,19 @@ +[Interface] +## This Desktop/client's private key ## +PrivateKey = uJPzgCQ6WNlAUp3s5rabE/EVt1qYh3Ym01sx6oJI0V4= + +## Client ip address ## +Address = 192.168.6.2/24 + +[Peer] +## Ubuntu 20.04 server public key ## +PublicKey = qdjdqh2+N3DEMDUDRob8K3b+9BZFJbT59f+rBrl99zM + +## set ACL ## +AllowedIPs = 192.168.6.0/24 + +## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ## +Endpoint = 172.105.112.120:41194 + +## Key connection alive ## +PersistentKeepalive = 15 \ No newline at end of file diff --git a/52_wireguard/docker-compose.yaml b/52_wireguard/docker-compose.yaml new file mode 100644 index 0000000..8c587f1 --- /dev/null +++ b/52_wireguard/docker-compose.yaml @@ -0,0 +1,33 @@ +services: + internalnginx: + image: nginx:1.21.1 + networks: + app_private_network: + ipv4_address: 172.16.238.64 + + wgserver: + build: + context: . + dockerfile: ./Dockerfile.server + networks: + app_private_network: + ipv4_address: 172.16.238.3 + host: + + wgclient: + build: + context: . + dockerfile: ./Dockerfile.client + networks: + app_private_network: + ipv4_address: 172.16.238.4 + host: + + +networks: + app_private_network: + ipam: + driver: default + config: + - subnet: "172.16.238.0/24" + diff --git a/52_wireguard/server/Dockerfile.server b/52_wireguard/server/Dockerfile.server new file mode 100644 index 0000000..3ee6e3d --- /dev/null +++ b/52_wireguard/server/Dockerfile.server @@ -0,0 +1,13 @@ +FROM ubuntu:20.04 + +RUN apt-get update && apt-get install wireguard nano -y +RUN apt-get install curl lsof iproute2 nmap iputils-ping -y + +WORKDIR /etc/wireguard +COPY wg0.conf ./wg0.conf +RUN umask 077; wg genkey | tee privatekey | wg pubkey > publickey + +WORKDIR /scratch +COPY hold.sh . + +CMD [ "/bin/bash", "-c", "/scratch/hold.sh" ] \ No newline at end of file diff --git a/52_wireguard/server/hold.sh b/52_wireguard/server/hold.sh new file mode 100755 index 0000000..89dc65e --- /dev/null +++ b/52_wireguard/server/hold.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +echo "Holding..." + +function trap_hup_handler() { + echo "SIGHUP handler exiting" + exit $(( 128 + 1 )) +} +function trap_int_handler() { + echo "SIGINT handler exiting" + exit $(( 128 + 2 )) +} +function trap_quit_handler() { + echo "SIGQUIT handler exiting" + exit $(( 128 + 3 )) +} +function trap_term_handler() { + echo "SIGTERM handler exiting" + exit $(( 128 + 15 )) +} + +trap trap_hup_handler SIGHUP +trap trap_int_handler SIGINT +trap trap_quit_handler SIGQUIT +trap trap_term_handler SIGTERM + +while true +do + echo "." + sleep 10 +done + diff --git a/52_wireguard/server/wg0.conf b/52_wireguard/server/wg0.conf new file mode 100644 index 0000000..5eb6f37 --- /dev/null +++ b/52_wireguard/server/wg0.conf @@ -0,0 +1,10 @@ +## Set Up WireGuard VPN on Ubuntu By Editing/Creating wg0.conf File ## +[Interface] +## My VPN server private IP address ## +Address = 192.168.6.1/24 + +## My VPN server port ## +ListenPort = 41194 + +## VPN server's private key i.e. /etc/wireguard/privatekey ## +PrivateKey = ${PRIVATEKEY} \ No newline at end of file