Update Dockerfile

Dockerfile

@@ -1,32 +1,303 @@
-
+# Dockerfile
 FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-    wireguard \
-    wireguard-tools \
-    wireguard-dkms \
-    iptables \
-    net-tools \
-    iproute2 \
-    netfilter-persistent \
-    openresolv \
-    bash \
-    python3 \
-    python3-pip && \
+        wireguard \
+        wireguard-tools \
+        iptables \
+        net-tools \
+        iproute2 \
+        curl \
+        python3 \
+        python3-pip \
+        procps && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# Enable IP forwarding
-RUN echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && \
-    echo 'net.ipv6.conf.all.forwarding=1' >> /etc/sysctl.conf
+# Create wireguard directory
+RUN mkdir -p /etc/wireguard
 
-# (No need to copy wg-config, config will be generated at runtime)
+# Copy scripts
 COPY entrypoint.sh /usr/local/bin/
 COPY generate_wireguard_config.py /usr/local/bin/
-RUN chmod +x /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/generate_wireguard_config.py
+
+# Expose WireGuard port
+EXPOSE 51820/udp
 
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 
+---
+
+# entrypoint.sh
+#!/bin/bash
+set -e
+
+echo "🐳 Starting WireGuard Docker Container"
+echo "======================================"
+
+# Check if running with required capabilities and privileges
+if [ ! -w /proc/sys/net/ipv4/ip_forward ] 2>/dev/null; then
+    echo "⚠️  Warning: Cannot write to /proc/sys - IP forwarding may not work"
+    echo "   Make sure to run with: --sysctl net.ipv4.ip_forward=1"
+else
+    echo "✅ Setting IP forwarding"
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 2>/dev/null || true
+fi
+
+# Check for NET_ADMIN capability
+if ! ip link add dummy0 type dummy 2>/dev/null; then
+    echo "❌ ERROR: Container needs NET_ADMIN capability"
+    echo "   Run with: docker run --cap-add=NET_ADMIN ..."
+    exit 1
+else
+    ip link delete dummy0 2>/dev/null || true
+    echo "✅ NET_ADMIN capability confirmed"
+fi
+
+# Generate config if it doesn't exist
+if [ ! -f /etc/wireguard/wg0.conf ]; then
+    echo "📝 Generating WireGuard configuration..."
+    python3 /usr/local/bin/generate_wireguard_config.py
+else
+    echo "✅ Using existing WireGuard configuration"
+fi
+
+# Start WireGuard
+echo "🚀 Starting WireGuard interface..."
+wg-quick up wg0
+
+# Show status
+echo "📊 WireGuard Status:"
+wg show
+
+# Keep container running and show logs
+echo "✅ WireGuard is running. Monitoring logs..."
+tail -f /dev/null
+
+---
+
+# generate_wireguard_config.py (Docker version)
+#!/usr/bin/env python3
+import os
+import subprocess
+import sys
+
+WG_DIR = "/etc/wireguard"
+SERVER_PRIVATE = os.path.join(WG_DIR, "privatekey")
+SERVER_PUBLIC = os.path.join(WG_DIR, "publickey")
+PEER_PRIVATE = os.path.join(WG_DIR, "peer1_privatekey")
+PEER_PUBLIC = os.path.join(WG_DIR, "peer1_publickey")
+
+def generate_keypair(private_path, public_path):
+    """Generate WireGuard key pair"""
+    try:
+        priv = subprocess.check_output(["wg", "genkey"]).decode().strip()
+        with open(private_path, "w") as f:
+            f.write(priv)
+        os.chmod(private_path, 0o600)
+        
+        pub = subprocess.check_output(["wg", "pubkey"], input=priv.encode()).decode().strip()
+        with open(public_path, "w") as f:
+            f.write(pub)
+        os.chmod(public_path, 0o644)
+        
+        return priv, pub
+    except Exception as e:
+        print(f"❌ Error generating keypair: {e}")
+        sys.exit(1)
+
+def get_public_ip():
+    """Get public IP - try multiple methods for Docker"""
+    import urllib.request
+    
+    # Check for environment variable first (best for Docker)
+    if 'WG_PUBLIC_IP' in os.environ:
+        return os.environ['WG_PUBLIC_IP']
+    
+    methods = [
+        'https://api.ipify.org',
+        'https://ipv4.icanhazip.com',
+        'https://checkip.amazonaws.com',
+        'https://ifconfig.me/ip'
+    ]
+    
+    for url in methods:
+        try:
+            with urllib.request.urlopen(url, timeout=10) as response:
+                ip = response.read().decode().strip()
+                if ip and '.' in ip and len(ip.split('.')) == 4:  # Basic IP validation
+                    return ip
+        except Exception as e:
+            print(f"⚠️  Failed to get IP from {url}: {e}")
+            continue
+    
+    print("⚠️  Could not determine public IP automatically")
+    return "YOUR_PUBLIC_IP_HERE"
+
+def create_server_config(server_priv, peer_pub):
+    """Create server configuration optimized for Docker"""
+    return f"""[Interface]
+Address = 10.10.0.1/24
+ListenPort = 51820
+PrivateKey = {server_priv}
+PostUp = iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
+PostUp = iptables -A FORWARD -o wg0 -j ACCEPT
+PostDown = iptables -t nat -D POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE || true
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT || true
+PostDown = iptables -D FORWARD -o wg0 -j ACCEPT || true
+
+[Peer]
+PublicKey = {peer_pub}
+AllowedIPs = 10.10.0.2/32"""
+
+def create_peer_config(peer_priv, server_pub, public_ip):
+    """Create peer configuration"""
+    return f"""[Interface]
+PrivateKey = {peer_priv}
+Address = 10.10.0.2/24
+DNS = 1.1.1.1, 8.8.8.8
+
+[Peer]
+PublicKey = {server_pub}
+Endpoint = {public_ip}:51820
+AllowedIPs = 0.0.0.0/0
+PersistentKeepalive = 25"""
+
+def main():
+    print("🔧 Docker WireGuard Configuration Generator")
+    print("=" * 45)
+    
+    # Skip root check in Docker - we run as root in container
+    print("🐳 Running in Docker container mode")
+    
+    # Create directory (should already exist)
+    os.makedirs(WG_DIR, exist_ok=True)
+    
+    # Generate keys
+    print("🔑 Generating keypairs...")
+    server_priv, server_pub = generate_keypair(SERVER_PRIVATE, SERVER_PUBLIC)
+    peer_priv, peer_pub = generate_keypair(PEER_PRIVATE, PEER_PUBLIC)
+    print("✅ Server and peer keypairs generated")
+    
+    # Get public IP
+    print("🌐 Detecting public IP...")
+    public_ip = get_public_ip()
+    print(f"📍 Public IP: {public_ip}")
+    
+    # Create server config
+    server_config = create_server_config(server_priv, peer_pub)
+    with open(os.path.join(WG_DIR, "wg0.conf"), "w") as f:
+        f.write(server_config)
+    os.chmod(os.path.join(WG_DIR, "wg0.conf"), 0o600)
+    print("✅ Server config written to wg0.conf")
+    
+    # Create peer config  
+    peer_config = create_peer_config(peer_priv, server_pub, public_ip)
+    with open(os.path.join(WG_DIR, "peer1.conf"), "w") as f:
+        f.write(peer_config)
+    os.chmod(os.path.join(WG_DIR, "peer1.conf"), 0o600)
+    print("✅ Peer config written to peer1.conf")
+    
+    print("\n🎉 WireGuard configuration completed!")
+    print("\n📱 To get the peer config:")
+    print("   docker exec <container> cat /etc/wireguard/peer1.conf")
+    
+    if public_ip == "YOUR_PUBLIC_IP_HERE":
+        print("\n⚠️  IMPORTANT: Set WG_PUBLIC_IP environment variable or")
+        print("   manually update the Endpoint in peer1.conf!")
+
+if __name__ == "__main__":
+    main()
+
+---
+
+# docker-compose.yml
+version: '3.8'
+
+services:
+  wireguard:
+    build: .
+    container_name: wireguard-server
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv6.conf.all.forwarding=1
+    ports:
+      - "51820:51820/udp"
+    volumes:
+      - ./wireguard-config:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    restart: unless-stopped
+    privileged: true  # Sometimes needed for WireGuard in containers
+
+---
+
+# docker-run.sh
+#!/bin/bash
+
+# Build the image
+docker build -t wireguard-server .
+
+# Run the container
+docker run -d \
+  --name wireguard-server \
+  --cap-add=NET_ADMIN \
+  --cap-add=SYS_MODULE \
+  --sysctl net.ipv4.ip_forward=1 \
+  --sysctl net.ipv6.conf.all.forwarding=1 \
+  -p 51820:51820/udp \
+  -v $(pwd)/wireguard-config:/etc/wireguard \
+  -v /lib/modules:/lib/modules:ro \
+  --restart unless-stopped \
+  --privileged \
+  wireguard-server
+
+echo "🚀 WireGuard container started!"
+echo "📝 Check logs: docker logs -f wireguard-server"
+echo "📁 Configs will be in: ./wireguard-config/"
+
+---
+
+# Makefile
+.PHONY: build run stop logs clean config
+
+build:
+	docker build -t wireguard-server .
+
+run: build
+	mkdir -p wireguard-config
+	docker run -d \
+		--name wireguard-server \
+		--cap-add=NET_ADMIN \
+		--cap-add=SYS_MODULE \
+		--sysctl net.ipv4.ip_forward=1 \
+		--sysctl net.ipv6.conf.all.forwarding=1 \
+		-p 51820:51820/udp \
+		-v $(PWD)/wireguard-config:/etc/wireguard \
+		--restart unless-stopped \
+		--privileged \
+		wireguard-server
+
+stop:
+	docker stop wireguard-server || true
+	docker rm wireguard-server || true
+
+logs:
+	docker logs -f wireguard-server
+
+clean: stop
+	docker rmi wireguard-server || true
+	rm -rf wireguard-config
+
+config:
+	docker exec wireguard-server cat /etc/wireguard/peer1.conf
 
+status:
+	docker exec wireguard-server wg show