add readme and some improvements

Signed-off-by: Guillem Bonet <[email protected]>
Guillembonet · Jan 18, 2023 · a2dc436 · a2dc436
1 parent c2ef29c
commit a2dc436
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -1 +1,56 @@
-This code has been almost fully generated by Chat GPT.
+# nginx-wg-proxy
+
+[![Docker Version](https://img.shields.io/docker/v/bunetz/nginx-wg-proxy?sort=date)](https://hub.docker.com/r/bunetz/nginx-wg-proxy)
+[![Docker Pulls](https://img.shields.io/docker/pulls/bunetz/nginx-wg-proxy)](https://hub.docker.com/r/bunetz/nginx-wg-proxy)
+[![GoDoc](https://godoc.org/github.com/guillembonet/nginx-wg-proxy?status.svg)](http://godoc.org/github.com/guillembonet/nginx-wg-proxy)
+
+### **This code has been almost fully generated by Chat GPT.**
+## Description
+Small docker container which allows proxying http requests through a wireguard tunnel. Useful to expose your home computer local app with a public endpoint.
+
+## Usage
+The container needs to run with `NET_ADMIN` capability enabled, it doesn't need to run with host networking.
+
+1. Once the container is running check logs to copy the wireguard configuration to your peer. Copy the contents of:
+```
+*** Wireguard config for peer ***
+<contents>
+*********      End      *********
+```
+2. Paste it in a file named `wg0.conf`
+3. Run `sudo wg-quick up ./wg0.conf` in the file location
+4. You may need to allow connections to your `nginxProxyPort` in the firewall.
+### Flags:
+You need to set IP and port for wgEndpoint or WgPeerEndpoint.
+
+You also need to specify values for the flags which don't have defaults.
+```
+  -nginxIP string
+        IP address for the nginx to listen on (default "0.0.0.0")
+  -nginxPort string
+        Port for the nginx to listen on (default "8080")
+  -nginxProxyPort string
+        Port for the nginx to proxy to (default "8080")
+  -nginxServerName string
+        Server name for the nginx server (default "wg-proxy")
+  -wgEndpointIP string
+        Peer endpoint IP used by the peer for the Wireguard tunnel
+  -wgEndpointPort string
+        Peer endpoint port used by the peer for the Wireguard tunnel (default "52122")
+  -wgIP string
+        IP address for the Wireguard interface (default "10.0.0.1")
+  -wgPeerAllowedIPs string
+        Allowed IPs for the peer for the Wireguard tunnel (default "10.0.0.2/32")
+  -wgPeerEndpointIP string
+        Peer endpoint IP used by the host for the Wireguard tunnel
+  -wgPeerEndpointPort string
+        Peer endpoint port used by the host for the Wireguard tunnel (default "52122")
+  -wgPeerPublicKey string
+        Public key of the peer for the Wireguard tunnel
+  -wgPeerWireguardPort string
+        Port for the Wireguard interface of the peer (default "52122")
+  -wgPort string
+        Port for the Wireguard interface (default "52122")
+  -wgPrivateKey string
+        Private key for the Wireguard interface
+```
diff --git a/main.go b/main.go
@@ -14,13 +14,16 @@ import (
 )
 
 var (
-	wireguardIP             = flag.String("wgIP", "10.0.0.1", "IP address for the Wireguard interface")
-	wireguardPort           = flag.String("wgPort", "52122", "Port for the Wireguard interface")
-	wireguardPrivateKey     = flag.String("wgPrivateKey", "", "Private key for the Wireguard interface")
-	wireguardEndpointIP     = flag.String("wgEndpointIP", "", "Endpoint IP used by the peer for the Wireguard tunnel")
-	wireguardEndpointPort   = flag.String("wgEndpointPort", "", "Endpoint port used by the peer for the Wireguard tunnel")
-	wireguardPeerPublicKey  = flag.String("wgPeerPublicKey", "", "Public key of the peer for the Wireguard tunnel")
-	wireguardPeerAllowedIPs = flag.String("wgPeerAllowedIPs", "10.0.0.2/32", "Allowed IPs for the peer for the Wireguard tunnel")
+	wireguardIP                = flag.String("wgIP", "10.0.0.1", "IP address for the Wireguard interface")
+	wireguardPort              = flag.String("wgPort", "52122", "Port for the Wireguard interface")
+	wireguardPrivateKey        = flag.String("wgPrivateKey", "", "Private key for the Wireguard interface")
+	wireguardEndpointIP        = flag.String("wgEndpointIP", "", "Peer endpoint IP used by the peer for the Wireguard tunnel")
+	wireguardEndpointPort      = flag.String("wgEndpointPort", "52122", "Peer endpoint port used by the peer for the Wireguard tunnel")
+	wireguardPeerPublicKey     = flag.String("wgPeerPublicKey", "", "Public key of the peer for the Wireguard tunnel")
+	wireguardPeerWireguardPort = flag.String("wgPeerWireguardPort", "52122", "Port for the Wireguard interface of the peer")
+	wireguardPeerEndpointIP    = flag.String("wgPeerEndpointIP", "", "Peer endpoint IP used by the host for the Wireguard tunnel")
+	wireguardPeerEndpointPort  = flag.String("wgPeerEndpointPort", "52122", "Peer endpoint port used by the host for the Wireguard tunnel")
+	wireguardPeerAllowedIPs    = flag.String("wgPeerAllowedIPs", "10.0.0.2/32", "Allowed IPs for the peer for the Wireguard tunnel")
 
 	nginxListenIP   = flag.String("nginxIP", "0.0.0.0", "IP address for the nginx to listen on")
 	nginxListenPort = flag.String("nginxPort", "8080", "Port for the nginx to listen on")
@@ -30,37 +33,32 @@ var (
 
 func main() {
 	flag.Parse()
-	if *wireguardEndpointPort == "" && *wireguardPort != "" {
-		log.Println("wireguard endpoint port is not specified, using wireguard port")
-		*wireguardEndpointPort = *wireguardPort
-	}
 	// check if all the required flags are passed or not
 	if *wireguardIP == "" || *wireguardPort == "" || *wireguardPrivateKey == "" ||
-		*wireguardPeerPublicKey == "" || *wireguardEndpointIP == "" ||
-		*wireguardEndpointPort == "" || *wireguardPeerAllowedIPs == "" ||
+		*wireguardPeerPublicKey == "" || *wireguardPeerWireguardPort == "" || *wireguardPeerAllowedIPs == "" ||
 		*nginxListenIP == "" || *nginxListenPort == "" ||
 		*nginxServerName == "" || *nginxProxyPort == "" {
 		log.Fatal("All flags are not provided")
 	}
 
+	if (*wireguardEndpointIP == "" || *wireguardEndpointPort == "") && (*wireguardPeerEndpointIP == "" || *wireguardPeerEndpointPort == "") {
+		log.Fatal("Need to specify at least one endpoint ip and port")
+	}
+
 	// Create Wireguard config file
-	wireguardConfig := []byte(fmt.Sprintf("[Interface]\nAddress = %s/32\nListenPort = %s\nPrivateKey = %s\n\n[Peer]\nPublicKey = %s\nAllowedIPs = %s\n",
-		*wireguardIP, *wireguardPort, *wireguardPrivateKey, *wireguardPeerPublicKey, *wireguardPeerAllowedIPs))
-	err := ioutil.WriteFile("wg0.conf", wireguardConfig, 0644)
+	wireguardConfig := fmt.Sprintf("[Interface]\nAddress = %s/32\nListenPort = %s\nPrivateKey = %s\n\n[Peer]\nPublicKey = %s\nAllowedIPs = %s\n",
+		*wireguardIP, *wireguardPort, *wireguardPrivateKey, *wireguardPeerPublicKey, *wireguardPeerAllowedIPs)
+	if *wireguardPeerEndpointIP != "" && *wireguardPeerEndpointPort != "" {
+		wireguardConfig = fmt.Sprintf("%sEndpoint = %s:%s\nPersistentKeepalive = 25\n", wireguardConfig, *wireguardPeerEndpointIP, *wireguardPeerEndpointPort)
+	}
+	err := ioutil.WriteFile("wg0.conf", []byte(wireguardConfig), 0644)
 	if err != nil {
 		log.Fatal(err)
 	}
 	fmt.Println("Wireguard config file created")
 
-	// Stop previous tunnel
-	cmd := exec.Command("wg-quick", "down", "./wg0.conf")
-	err = cmd.Run()
-	if err != nil {
-		log.Println("failed to stop previous tunnel:", err)
-	}
-
 	// Start Wireguard tunnel
-	cmd = exec.Command("wg-quick", "up", "./wg0.conf")
+	cmd := exec.Command("wg-quick", "up", "./wg0.conf")
 	err = cmd.Run()
 	if err != nil {
 		log.Fatal(err)
@@ -69,7 +67,7 @@ func main() {
 
 	peerIpSplit := strings.Split(*wireguardPeerAllowedIPs, "/")
 	if len(peerIpSplit) != 2 {
-		log.Fatal(fmt.Errorf("peer allowed ips has bad format: %s", *wireguardPeerAllowedIPs))
+		log.Fatalf("peer allowed ips has bad format: %s", *wireguardPeerAllowedIPs)
 	}
 	// Create nginx config file
 	nginxConfig := []byte(fmt.Sprintf("events {\n    worker_connections 1024;\n}\n\nhttp {\n    server {\n        listen %s:%s;\n        server_name %s;\n\n        location / {\n            proxy_pass http://%s:%s;\n        }\n    }\n}",
@@ -97,7 +95,10 @@ func main() {
 	}
 	// Print Wireguard config file for the peer
 	fmt.Println("*** Wireguard config for peer ***")
-	fmt.Printf("[Interface]\nAddress = %s\nPrivateKey = privateKey\n\n[Peer]\nPublicKey = %s\nEndpoint = %s:%s\nAllowedIPs = %s/32\nPersistentKeepalive = 25\n", *wireguardPeerAllowedIPs, key.PublicKey().String(), *wireguardEndpointIP, *wireguardEndpointPort, *wireguardIP)
+	fmt.Printf("[Interface]\nAddress = %s\nListenPort = %s\nPrivateKey = privateKey\n\n[Peer]\nPublicKey = %s\nAllowedIPs = %s/32\n", *wireguardPeerAllowedIPs, *wireguardPeerWireguardPort, key.PublicKey().String(), *wireguardIP)
+	if *wireguardEndpointIP != "" && *wireguardEndpointPort != "" {
+		fmt.Printf("Endpoint = %s:%s\nPersistentKeepalive = 25\n", *wireguardEndpointIP, *wireguardEndpointPort)
+	}
 	fmt.Println("*********      End      *********")
 
 	sig := make(chan os.Signal, 1)