Is it possible to use WireGuard in Docker as well?
bikeymouse opened this issue · comments
I'm trying to get this wg-gen web to connect to my Wireguard installation that also runs in Docker using the Linux-server Docker container..
However I'm having issues to get the API working, probably because it needs access to WireGuard inside the other container. Also I guess that if wg-gen web is updating the config it should be able trigger a restart of the WireGuard container or something, to have the config reloaded.
So I'm wondering if this even possible, or shouldn't I even try this? It would be great if we could have a single docker-compose template that would install Wireguard + WG Gen including the API in one go!
The container u are using is already managing the peers config creation.
Also I guess that if wg-gen web is updating the config it should be able trigger a restart of the WireGuard container or something, to have the config reloaded. actually no, consider reading the whole readme please
It would be great if we could have a single docker-compose template that would install Wireguard + WG Gen including the API in one go!
What is the point of having WireGuard """inside""" the container ? Wireguard is a kernel module
The container u are using is already managing the peers config creation.
Yes, but not via a web-interface and without any stats. That's why I was looking at wg-gen web to complement that.
[Also I guess that if wg-gen web is updating the config it should be able trigger a restart of the WireGuard container or something, to have the config reloaded. consider reading the whole readme please
I think using systemd is not going to work as it tries to restart the WireGuard service. But that would be tried on the host, while Wireguard is running as a Docker container, so I would assume that this does not work. Or is that not correct?
It would be great if we could have a single docker-compose template that would install Wireguard + WG Gen including the API in one go!
What is the point of having WireGuard """inside""" the container ? Wireguard is a kernel module
The point is that with a Docker-based installation I can get WireGuard + WG-Gen Web installed, updated or deleted on any host (with Docker) in 5 seconds without any manual steps or downloads.
okay i see. Wg Gen Web is generating standard WireGuard config files, its up to you to manage how WireGuard will pick them up.
The point is that with a Docker-based installation I can get WireGuard + WG-Gen Web installed, updated or deleted on any host (with Docker) in 5 seconds without any manual steps or downloads.
i was asking specifically about WireGuard, not docker in general. WireGuard is a kernel module and containers share the same kernel. Its like running iptables scripts firewall inside the container.
I had the same wish so I added it the linuxserver.io way (https://www.linuxserver.io/blog/2019-09-14-customizing-our-containers)
in /config/custom-cont-init.d/
I created two scripts
inotify:
#!/usr/bin/with-contenv bash
echo "****** Installing inotifytools ******"
apt update
apt install inotify-tools -y
wg-api
#!/usr/bin/with-contenv bash
echo "****** Installing wg-api ******"
apt update
apt install golang-1.13 -y
git clone https://github.com/jamescun/wg-api.git /wg-api
cd /wg-api
GO_ENABLED=0 GOOS=linux /usr/lib/go-1.13/bin/go build -o wg-api cmd/wg-api.go
cp wg-api /app/
cd /
rm -rf wg-api
and another two in the /config/custom-services.d/
inotify:
#!/usr/bin/with-contenv bash
while inotifywait -e modify -e create /config; do
wg-quick down wg0
wg-quick up wg0
done
wg-api:
#!/usr/bin/with-contenv bash
exec \
/app/wg-api --device wg0 --listen 0.0.0.0:8080