No connection between wg-gen-web and wg-api

Question

No connection between wg-gen-web and wg-api

LegalDrokz opened this issue 4 years ago · comments

Running this docker compose file:

services:
  wg-gen-web:
    image: vx3r/wg-gen-web:latest
    container_name: wg-gen-web
    restart: unless-stopped
    ports:
      - "8080:8080"
    environment:
      - WG_CONF_DIR=/data
      - WG_INTERFACE_NAME=wg0.conf
      - SMTP_HOST=smtp.gmail.com
      - SMTP_PORT=587
      - SMTP_USERNAME=xx
      - SMTP_PASSWORD=xx
      - SMTP_FROM=xx
      - OAUTH2_PROVIDER_NAME=fake
      - WG_STATS_API=http://172.17.0.1:8182
    volumes:
      - /etc/wireguard:/data
  wg-api:
    image: james/wg-api:latest
    container_name: wg-json-api
    restart: unless-stopped
    ports:
      - "8182:8182"
    cap_add:
      - NET_ADMIN
    network_mode: "host"
    command: wg-api --device=wg0 --listen=localhost:8182

wg-gen-web works and I can request the wg-api succesfully:

curl http://172.17.0.1:8182 -H "Content-Type: application/json" -d '{"jsonrpc": "2.0", "method": "GetDeviceInfo", "params": {}}' {"jsonrpc":"2.0","result":{"device":{"name":"wg0","type":"Linux kernel","public_key":"thekeyhasbeenredacted=","listen_port":51820,"num_peers":1}},"id":null}

on the wg-gen-web status page this message is shown:

Error: 500 - Internal Server Error: Post "http://172.17.0.1:8182": dial tcp 172.17.0.1:8182: connect: connection refused

Since wg-api is running in Host mode and wg-gen-web is not, could this be the issue, or is there another solution?

pinging @h44z :)

h44z · Answer 1 · Wed Dec 02 2020 23:35:29 GMT+0800 (China Standard Time)

Well that error makes sense, as localhost in the wg-gen-web container does not resolve to the ip of the wg-api container, nor the host ip where the WireGuard interface is running.

Setting WG_STATS_API to http://:8182 should work.

basically is the IP address of the host system that is used for the given docker network. So for example if wg-gen-web is running in a docker network with an IP located in the subnet of 172.17.0.0/24, the host ip would be 172.17.0.1.

You can find that IP by inspecting the ouput of docker network inspect bridge (bridge can be replaced by the name of the network if a custom network is used). The ip address of the host system is stated in the Gateway ip address.

Can you test if setting the WG_STATS_API to the gateway ip solves your issue?

LegalDrokz · Answer 2 · Thu Dec 03 2020 02:29:39 GMT+0800 (China Standard Time)

I've checked the gateway ip:

docker network inspect bridge | grep Gateway "Gateway": "172.17.0.1"

and changed it in the compose file:

- WG_STATS_API=http://172.17.0.1:8182

the error is now:

Error: 500 - Internal Server Error: Post "http://172.17.0.1:8182": dial tcp 172.17.0.1:8182: connect: connection refused

I've added my full compose file in the issue.

h44z · Answer 3 · Thu Dec 03 2020 02:34:32 GMT+0800 (China Standard Time)

The problem is that wg-api only binds to localhost and thus is not reachable from 172.17.0.x

What if you change the command sesction in docker-compose like:

command: wg-api --device=wg0 --listen=172.17.0.1:8182

LegalDrokz · Answer 4 · Thu Dec 03 2020 02:54:29 GMT+0800 (China Standard Time)

That it's! It's up and running now. I'm just new to docker these past few days so I'm very thankful for your help.

Here is the fixed docker compose file. Maybe it's a good idea to include it on the readme page?

version: '2.0'
services:
  wg-gen-web:
    image: vx3r/wg-gen-web:latest
    container_name: wg-gen-web
    restart: unless-stopped
    ports:
      - "8080:8080"
    environment:
      - WG_CONF_DIR=/data
      - WG_INTERFACE_NAME=wg0.conf
      - SMTP_HOST=smtp.gmail.com
      - SMTP_PORT=587
      - SMTP_USERNAME=youremail@gmail.com
      - SMTP_PASSWORD=****************
      - SMTP_FROM=Full Name <youremail@gmail.com>
      - OAUTH2_PROVIDER_NAME=github
      - OAUTH2_PROVIDER=https://github.com
      - OAUTH2_CLIENT_ID=******************
      - OAUTH2_CLIENT_SECRET=******************
      - OAUTH2_REDIRECT_URL=https://subdomain.domain.tld
      - WG_STATS_API=$BRIDGE_GATEWAY_ADDRESS:8182
    volumes:
      - /etc/wireguard:/data
  wg-api:
    image: james/wg-api:latest
    container_name: wg-json-api
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    network_mode: "host"
    command: wg-api --device=wg0 --listen=$BRIDGE_GATEWAY_ADDRESS:8182

h44z · Answer 5 · Thu Dec 03 2020 15:35:50 GMT+0800 (China Standard Time)

I will update the readme =)

Ratul Saha · Answer 6 · Mon Oct 31 2022 07:44:41 GMT+0800 (China Standard Time)

@h44z sorry for hijacking this but my issue is related to this. Is there any way to connect to api from web without exposing the api port on my firewall? I dont want this api to be publicly available since it can write to my wg config. Currently listening to the gateway IP gives me the following error:

Error: 500 - : Post "http://172.17.0.1:5030": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Compose:

version: '3'
services:
  web:
    image: vx3r/wg-gen-web:latest
    container_name: wg-web
    restart: always
    ports:
      - "5020:8080"
    environment:
      - WG_CONF_DIR
      - WG_INTERFACE_NAME
      - SMTP_HOST
      - SMTP_PORT
      - SMTP_USERNAME
      - SMTP_PASSWORD
      - SMTP_FROM
      - OAUTH2_PROVIDER_NAME
      - OAUTH2_PROVIDER
      - OAUTH2_CLIENT_ID
      - OAUTH2_CLIENT_SECRET
      - OAUTH2_REDIRECT_URL
      - WG_STATS_API=http://172.17.0.1:5030
    volumes:
      - /etc/wireguard:/data
    network_mode: bridge
  api:
    image: james/wg-api:latest
    container_name: wg-api
    restart: always
    cap_add:
      - NET_ADMIN
    network_mode: host
    command: wg-api --device wg0 --listen 172.17.0.1:5030