mirror of
https://github.com/unraid/webgui.git
synced 2026-05-03 08:19:27 -05:00
Docker: add route for remote WireGuard access
Containers with network 'br0' can be remotely accessed by WireGuard without the need to configure static router on the home router (gateway) "Host access to custom networks" must be enabled to allow access
This commit is contained in:
bergware
@@ -1,7 +1,7 @@
|
||||
<?PHP
|
||||
/* Copyright 2005-2021, Lime Technology
|
||||
* Copyright 2015-2021, Guilherme Jardim, Eric Schultz, Jon Panozzo.
|
||||
* Copyright 2012-2021, Bergware International.
|
||||
/* Copyright 2005-2022, Lime Technology
|
||||
* Copyright 2015-2022, Guilherme Jardim, Eric Schultz, Jon Panozzo.
|
||||
* Copyright 2012-2022, Bergware International.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2,
|
||||
@@ -145,6 +145,7 @@ if (isset($_POST['contName'])) {
|
||||
}
|
||||
if ($startContainer) $cmd = str_replace('/docker create ', '/docker run -d ', $cmd);
|
||||
execCommand($cmd);
|
||||
if ($startContainer) addRoute($Name); // add route for remote WireGuard access
|
||||
|
||||
echo '<div style="text-align:center"><button type="button" onclick="done()">'._('Done').'</button></div><br>';
|
||||
goto END;
|
||||
@@ -175,15 +176,18 @@ if (isset($_GET['updateContainer'])){
|
||||
if ($echo && !pullImage($Name, $Repository)) continue;
|
||||
$oldContainerInfo = $DockerClient->getContainerDetails($Name);
|
||||
// determine if the container is still running
|
||||
$startContainer = false;
|
||||
if (!empty($oldContainerInfo) && !empty($oldContainerInfo['State']) && !empty($oldContainerInfo['State']['Running'])) {
|
||||
// since container was already running, put it back it to a running state after update
|
||||
$cmd = str_replace('/docker create ', '/docker run -d ', $cmd);
|
||||
$startContainer = true;
|
||||
// attempt graceful stop of container first
|
||||
stopContainer($Name, $echo);
|
||||
}
|
||||
// force kill container if still running after 10 seconds
|
||||
if (empty($_GET['communityApplications'])) removeContainer($Name, $echo);
|
||||
execCommand($cmd, $echo);
|
||||
if ($startContainer) addRoute($Name); // add route for remote WireGuard access
|
||||
$DockerClient->flushCaches();
|
||||
$newImageID = $DockerClient->getImageID($Repository);
|
||||
// remove old orphan image since it's no longer used by this container
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?PHP
|
||||
/* Copyright 2005-2021, Lime Technology
|
||||
* Copyright 2014-2021, Guilherme Jardim, Eric Schultz, Jon Panozzo.
|
||||
* Copyright 2012-2021, Bergware International.
|
||||
/* Copyright 2005-2022, Lime Technology
|
||||
* Copyright 2014-2022, Guilherme Jardim, Eric Schultz, Jon Panozzo.
|
||||
* Copyright 2012-2022, Bergware International.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2,
|
||||
@@ -760,6 +760,7 @@ class DockerClient {
|
||||
public function startContainer($id) {
|
||||
$this->getDockerJSON("/containers/$id/start", 'POST', $code);
|
||||
$this->flushCache($this::$containersCache);
|
||||
addRoute($id); // add route for remote WireGuard access
|
||||
return $code;
|
||||
}
|
||||
|
||||
@@ -788,6 +789,7 @@ class DockerClient {
|
||||
public function restartContainer($id) {
|
||||
$this->getDockerJSON("/containers/$id/restart", 'POST', $code);
|
||||
$this->flushCache($this::$containersCache);
|
||||
addRoute($id); // add route for remote WireGuard access
|
||||
return $code;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?PHP
|
||||
/* Copyright 2005-2020, Lime Technology
|
||||
* Copyright 2014-2020, Guilherme Jardim, Eric Schultz, Jon Panozzo.
|
||||
* Copyright 2012-2020, Bergware International.
|
||||
/* Copyright 2005-2022, Lime Technology
|
||||
* Copyright 2014-2022, Guilherme Jardim, Eric Schultz, Jon Panozzo.
|
||||
* Copyright 2012-2022, Bergware International.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2,
|
||||
@@ -12,6 +12,19 @@
|
||||
*/
|
||||
?>
|
||||
<?
|
||||
function addRoute($ct) {
|
||||
// add static route(s) for remote WireGuard access
|
||||
[$pid,$net] = explode(' ',exec("docker inspect --format='{{.State.Pid}} {{.NetworkSettings.Networks}}' $ct"));
|
||||
$net = substr($net,4,strpos($net,':')-4);
|
||||
if ($net != 'br0') return;
|
||||
$dev = is_dir('/sys/class/net/br0') ? 'br0' : (is_dir('/sys/class/net/bond0') ? 'bond0' : 'eth0');
|
||||
$thisip = exec("ip -4 addr show dev $dev|grep -Pom1 'inet \\K[^/]+'");
|
||||
foreach (glob('/etc/wireguard/wg*.cfg') as $cfg) {
|
||||
$network = exec("grep -Pom1 '^Network:0=\"\\K[^\"]+' $cfg");
|
||||
if ($network) exec("nsenter -n -t $pid ip -4 route add $network via $thisip 2>/dev/null");
|
||||
}
|
||||
}
|
||||
|
||||
function xml_encode($string) {
|
||||
return htmlspecialchars($string, ENT_XML1, 'UTF-8');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user