No connection between wg-gen-web and wg-api
LegalDrokz opened this issue · comments
Running this docker compose file:
services:
wg-gen-web:
image: vx3r/wg-gen-web:latest
container_name: wg-gen-web
restart: unless-stopped
ports:
- "8080:8080"
environment:
- WG_CONF_DIR=/data
- WG_INTERFACE_NAME=wg0.conf
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_USERNAME=xx
- SMTP_PASSWORD=xx
- SMTP_FROM=xx
- OAUTH2_PROVIDER_NAME=fake
- WG_STATS_API=http://172.17.0.1:8182
volumes:
- /etc/wireguard:/data
wg-api:
image: james/wg-api:latest
container_name: wg-json-api
restart: unless-stopped
ports:
- "8182:8182"
cap_add:
- NET_ADMIN
network_mode: "host"
command: wg-api --device=wg0 --listen=localhost:8182
wg-gen-web works and I can request the wg-api succesfully:
curl http://172.17.0.1:8182 -H "Content-Type: application/json" -d '{"jsonrpc": "2.0", "method": "GetDeviceInfo", "params": {}}' {"jsonrpc":"2.0","result":{"device":{"name":"wg0","type":"Linux kernel","public_key":"thekeyhasbeenredacted=","listen_port":51820,"num_peers":1}},"id":null}
on the wg-gen-web status page this message is shown:
Error: 500 - Internal Server Error: Post "http://172.17.0.1:8182": dial tcp 172.17.0.1:8182: connect: connection refused
Since wg-api is running in Host mode and wg-gen-web is not, could this be the issue, or is there another solution?
pinging @h44z :)
Well that error makes sense, as localhost in the wg-gen-web container does not resolve to the ip of the wg-api container, nor the host ip where the WireGuard interface is running.
Setting WG_STATS_API to http://:8182 should work.
basically is the IP address of the host system that is used for the given docker network. So for example if wg-gen-web is running in a docker network with an IP located in the subnet of 172.17.0.0/24, the host ip would be 172.17.0.1.
You can find that IP by inspecting the ouput of docker network inspect bridge
(bridge can be replaced by the name of the network if a custom network is used). The ip address of the host system is stated in the Gateway ip address.
Can you test if setting the WG_STATS_API to the gateway ip solves your issue?
I've checked the gateway ip:
docker network inspect bridge | grep Gateway "Gateway": "172.17.0.1"
and changed it in the compose file:
- WG_STATS_API=http://172.17.0.1:8182
the error is now:
Error: 500 - Internal Server Error: Post "http://172.17.0.1:8182": dial tcp 172.17.0.1:8182: connect: connection refused
I've added my full compose file in the issue.
The problem is that wg-api only binds to localhost and thus is not reachable from 172.17.0.x
What if you change the command sesction in docker-compose like:
command: wg-api --device=wg0 --listen=172.17.0.1:8182
That it's! It's up and running now. I'm just new to docker these past few days so I'm very thankful for your help.
Here is the fixed docker compose file. Maybe it's a good idea to include it on the readme page?
version: '2.0'
services:
wg-gen-web:
image: vx3r/wg-gen-web:latest
container_name: wg-gen-web
restart: unless-stopped
ports:
- "8080:8080"
environment:
- WG_CONF_DIR=/data
- WG_INTERFACE_NAME=wg0.conf
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_USERNAME=youremail@gmail.com
- SMTP_PASSWORD=****************
- SMTP_FROM=Full Name <youremail@gmail.com>
- OAUTH2_PROVIDER_NAME=github
- OAUTH2_PROVIDER=https://github.com
- OAUTH2_CLIENT_ID=******************
- OAUTH2_CLIENT_SECRET=******************
- OAUTH2_REDIRECT_URL=https://subdomain.domain.tld
- WG_STATS_API=$BRIDGE_GATEWAY_ADDRESS:8182
volumes:
- /etc/wireguard:/data
wg-api:
image: james/wg-api:latest
container_name: wg-json-api
restart: unless-stopped
cap_add:
- NET_ADMIN
network_mode: "host"
command: wg-api --device=wg0 --listen=$BRIDGE_GATEWAY_ADDRESS:8182
I will update the readme =)
@h44z sorry for hijacking this but my issue is related to this. Is there any way to connect to api from web without exposing the api port on my firewall? I dont want this api to be publicly available since it can write to my wg config. Currently listening to the gateway IP gives me the following error:
Error: 500 - : Post "http://172.17.0.1:5030": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Compose:
version: '3'
services:
web:
image: vx3r/wg-gen-web:latest
container_name: wg-web
restart: always
ports:
- "5020:8080"
environment:
- WG_CONF_DIR
- WG_INTERFACE_NAME
- SMTP_HOST
- SMTP_PORT
- SMTP_USERNAME
- SMTP_PASSWORD
- SMTP_FROM
- OAUTH2_PROVIDER_NAME
- OAUTH2_PROVIDER
- OAUTH2_CLIENT_ID
- OAUTH2_CLIENT_SECRET
- OAUTH2_REDIRECT_URL
- WG_STATS_API=http://172.17.0.1:5030
volumes:
- /etc/wireguard:/data
network_mode: bridge
api:
image: james/wg-api:latest
container_name: wg-api
restart: always
cap_add:
- NET_ADMIN
network_mode: host
command: wg-api --device wg0 --listen 172.17.0.1:5030