Trying to get wireguard running in a container.

52_wireguard/README.md

@@ -0,0 +1,79 @@
+# README
+
+Demonstrate how to get wireguard setup to access a private docker network
+
+Prebuilt
+https://www.sonicwall.com/support/knowledge-base/how-can-i-set-up-a-wireguard-tunnel-using-a-docker-container/211025104453553/
+
+## Server
+
+```sh
+# build and run server
+docker build -f ./server/Dockerfile.server -t wireguard-server ./server  
+docker run --rm -it --name wireguard-server -p 41194:41194 wireguard-server /bin/bash           
+
+ip addr
+cat /etc/wireguard/privatekey 
+cat /etc/wireguard/publickey 
+
+# replace ip and privatekey
+nano /etc/wireguard/wg0.conf 
+```
+
+## Client
+
+```sh
+# build and run client
+docker build -f ./client/Dockerfile.client -t wireguard-client ./client/  
+docker run --rm -it wireguard-client /bin/bash   
+
+ip addr
+cat /etc/wireguard/privatekey 
+cat /etc/wireguard/publickey 
+nano /etc/wireguard/wg0.conf 
+```
+
+
+
+
+
+
+
+## Docker Compose App
+```sh
+docker compose up -d --build
+
+# quick test
+docker logs $(docker ps --filter name=wireguard_wgserver_1 -q)
+docker logs $(docker ps --filter name=wireguard_wgclient_1 -q) 
+```
+
+### Cleanup
+```sh
+# bring it down and delete the volume
+docker compose down --volumes
+```
+
+### Rebuild backend and run
+```sh
+# if changes are made to backend rerun
+docker compose up -d --build
+```
+
+
+
+
+# Resources 
+https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
+
+https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/
+
+
+https://github.com/wsargent/docker-cheat-sheet/blob/master/README.md
+
+
+https://www.thomas-krenn.com/en/wiki/Ubuntu_Desktop_as_WireGuard_VPN_client_configuration
+
+
+https://www.linode.com/docs/guides/set-up-wireguard-vpn-on-ubuntu/
+

52_wireguard/client/Dockerfile.client

@@ -0,0 +1,13 @@
+FROM ubuntu:20.04
+
+RUN apt-get update && apt-get install wireguard nano -y 
+RUN apt-get install curl lsof iproute2 nmap iputils-ping -y
+
+WORKDIR /etc/wireguard
+COPY wg0.conf ./wg0.conf
+RUN umask 077; wg genkey | tee privatekey | wg pubkey > publickey
+
+WORKDIR /scratch
+COPY hold.sh .
+
+CMD [ "/bin/bash", "-c", "/scratch/hold.sh" ]

52_wireguard/client/hold.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+echo "Holding..."
+
+function trap_hup_handler() {
+    echo "SIGHUP handler exiting"
+    exit $(( 128 + 1 ))
+}
+function trap_int_handler() {
+    echo "SIGINT handler exiting"
+    exit $(( 128 + 2 ))
+}
+function trap_quit_handler() {
+    echo "SIGQUIT handler exiting"
+    exit $(( 128 + 3 ))
+}
+function trap_term_handler() {
+    echo "SIGTERM handler exiting"
+    exit $(( 128 + 15 ))
+}
+
+trap trap_hup_handler SIGHUP
+trap trap_int_handler SIGINT
+trap trap_quit_handler SIGQUIT
+trap trap_term_handler SIGTERM
+
+while true
+do
+    echo "."
+    sleep 10
+done
+

52_wireguard/client/wg0.conf

@@ -0,0 +1,19 @@
+[Interface]
+## This Desktop/client's private key ##
+PrivateKey = uJPzgCQ6WNlAUp3s5rabE/EVt1qYh3Ym01sx6oJI0V4=
+
+## Client ip address ##
+Address = 192.168.6.2/24
+
+[Peer]
+## Ubuntu 20.04 server public key ##
+PublicKey = qdjdqh2+N3DEMDUDRob8K3b+9BZFJbT59f+rBrl99zM
+
+## set ACL ##
+AllowedIPs = 192.168.6.0/24
+
+## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ##
+Endpoint = 172.105.112.120:41194
+
+##  Key connection alive ##
+PersistentKeepalive = 15

52_wireguard/docker-compose.yaml

@@ -0,0 +1,33 @@
+services:
+    internalnginx:
+        image: nginx:1.21.1
+        networks:
+            app_private_network:
+                ipv4_address: 172.16.238.64
+
+    wgserver:
+        build: 
+            context: .
+            dockerfile: ./Dockerfile.server
+        networks:
+            app_private_network:
+                ipv4_address: 172.16.238.3
+            host:
+
+    wgclient:
+        build:
+            context: . 
+            dockerfile: ./Dockerfile.client
+        networks:
+            app_private_network:
+                ipv4_address: 172.16.238.4
+            host:
+
+
+networks:
+    app_private_network:
+        ipam:
+        driver: default
+        config:
+            - subnet: "172.16.238.0/24"
+

52_wireguard/server/Dockerfile.server

@@ -0,0 +1,13 @@
+FROM ubuntu:20.04
+
+RUN apt-get update && apt-get install wireguard nano -y 
+RUN apt-get install curl lsof iproute2 nmap iputils-ping -y
+
+WORKDIR /etc/wireguard
+COPY wg0.conf ./wg0.conf
+RUN umask 077; wg genkey | tee privatekey | wg pubkey > publickey
+
+WORKDIR /scratch
+COPY hold.sh .
+
+CMD [ "/bin/bash", "-c", "/scratch/hold.sh" ]

52_wireguard/server/hold.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+echo "Holding..."
+
+function trap_hup_handler() {
+    echo "SIGHUP handler exiting"
+    exit $(( 128 + 1 ))
+}
+function trap_int_handler() {
+    echo "SIGINT handler exiting"
+    exit $(( 128 + 2 ))
+}
+function trap_quit_handler() {
+    echo "SIGQUIT handler exiting"
+    exit $(( 128 + 3 ))
+}
+function trap_term_handler() {
+    echo "SIGTERM handler exiting"
+    exit $(( 128 + 15 ))
+}
+
+trap trap_hup_handler SIGHUP
+trap trap_int_handler SIGINT
+trap trap_quit_handler SIGQUIT
+trap trap_term_handler SIGTERM
+
+while true
+do
+    echo "."
+    sleep 10
+done
+

52_wireguard/server/wg0.conf

@@ -0,0 +1,10 @@
+## Set Up WireGuard VPN on Ubuntu By Editing/Creating wg0.conf File ##
+[Interface]
+## My VPN server private IP address ##
+Address = 192.168.6.1/24
+
+## My VPN server port ##
+ListenPort = 41194
+
+## VPN server's private key i.e. /etc/wireguard/privatekey ##
+PrivateKey = ${PRIVATEKEY}