forks
/
amnezia-wg-easy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

patched for kmod usage

This commit is contained in:
Artem 2025-03-02 19:59:41 +00:00
parent 34ba0c6bbe
commit 40801993b0
4 changed files with 42 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@
.DS_Store .DS_Store
*.swp *.swp
.idea .idea
package-lock.json

39
Dockerfile
View File

@ -1,6 +1,6 @@
# As a workaround we have to build on nodejs 18 # As a workaround we have to build on nodejs 18
# nodejs 20 hangs on build with armv6/armv7 # nodejs 20 hangs on build with armv6/armv7
FROM docker.io/library/node:18-alpine AS build_node_modules FROM docker.io/library/node:20-alpine AS build_node_modules
# Update npm to latest # Update npm to latest
RUN npm install -g npm@latest RUN npm install -g npm@latest
@ -13,7 +13,7 @@ RUN npm ci --omit=dev &&\
# Copy build result to a new image. # Copy build result to a new image.
# This saves a lot of disk space. # This saves a lot of disk space.
FROM amneziavpn/amnezia-wg:latest FROM amneziavpn/amneziawg-go:latest
HEALTHCHECK CMD /usr/bin/timeout 5s /bin/sh -c "/usr/bin/wg show | /bin/grep -q interface || exit 1" --interval=1m --timeout=5s --retries=3 HEALTHCHECK CMD /usr/bin/timeout 5s /bin/sh -c "/usr/bin/wg show | /bin/grep -q interface || exit 1" --interval=1m --timeout=5s --retries=3
COPY --from=build_node_modules /app /app COPY --from=build_node_modules /app /app
@ -39,7 +39,40 @@ RUN apk add --no-cache \
npm npm
#Use iptables-legacy #Use iptables-legacy
RUN update-alternatives --install /sbin/iptables iptables /sbin/iptables-legacy 10 --slave /sbin/iptables-restore iptables-restore /sbin/iptables-legacy-restore --slave /sbin/iptables-save iptables-save /sbin/iptables-legacy-save # RUN update-alternatives --install /sbin/iptables iptables /sbin/iptables-legacy 10 --slave /sbin/iptables-restore iptables-restore /sbin/iptables-legacy-restore --slave /sbin/iptables-save iptables-save /sbin/iptables-legacy-save
# Tune network
RUN echo -e " \n\
fs.file-max = 51200 \n\
\n\
net.core.rmem_max = 67108864 \n\
net.core.wmem_max = 67108864 \n\
net.core.netdev_max_backlog = 250000 \n\
net.core.somaxconn = 4096 \n\
\n\
net.ipv4.tcp_syncookies = 1 \n\
net.ipv4.tcp_tw_reuse = 1 \n\
net.ipv4.tcp_tw_recycle = 0 \n\
net.ipv4.tcp_fin_timeout = 30 \n\
net.ipv4.tcp_keepalive_time = 1200 \n\
net.ipv4.ip_local_port_range = 10000 65000 \n\
net.ipv4.tcp_max_syn_backlog = 8192 \n\
net.ipv4.tcp_max_tw_buckets = 5000 \n\
net.ipv4.tcp_fastopen = 3 \n\
net.ipv4.tcp_mem = 25600 51200 102400 \n\
net.ipv4.tcp_rmem = 4096 87380 67108864 \n\
net.ipv4.tcp_wmem = 4096 65536 67108864 \n\
net.ipv4.tcp_mtu_probing = 1 \n\
net.ipv4.tcp_congestion_control = hybla \n\
# for low-latency network, use cubic instead \n\
# net.ipv4.tcp_congestion_control = cubic \n\
" | sed -e 's/^\s\+//g' | tee -a /etc/sysctl.conf && \
mkdir -p /etc/security && \
echo -e " \n\
* soft nofile 51200 \n\
* hard nofile 51200 \n\
" | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf
# Set Environment # Set Environment
ENV DEBUG=Server,WireGuard ENV DEBUG=Server,WireGuard

6
src/lib/WireGuard.js
View File

@ -89,8 +89,8 @@ module.exports = class WireGuard {
const config = await this.__buildConfig(); const config = await this.__buildConfig();
await this.__saveConfig(config); await this.__saveConfig(config);
await Util.exec('wg-quick down wg0').catch(() => {}); await Util.exec('awg-quick down /etc/wireguard/wg0.conf').catch(() => {});
await Util.exec('wg-quick up wg0').catch((err) => { await Util.exec('awg-quick up /etc/wireguard/wg0.conf').catch((err) => {
if (err && err.message && err.message.includes('Cannot find device "wg0"')) { if (err && err.message && err.message.includes('Cannot find device "wg0"')) {
throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!'); throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!');
} }
@ -162,7 +162,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
async __syncConfig() { async __syncConfig() {
debug('Config syncing...'); debug('Config syncing...');
await Util.exec('wg syncconf wg0 <(wg-quick strip wg0)'); await Util.exec('wg syncconf wg0 <(wg-quick strip /etc/wireguard/wg0.conf)');
debug('Config synced.'); debug('Config synced.');
} }

89
w0rng_amnezia-wg-easy.patch
View File

@ -1,89 +0,0 @@
diff --git a/Dockerfile b/Dockerfile
index 1528a3a..2021362 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
# As a workaround we have to build on nodejs 18
# nodejs 20 hangs on build with armv6/armv7
-FROM docker.io/library/node:18-alpine AS build_node_modules
+FROM docker.io/library/node:20-alpine AS build_node_modules
# Update npm to latest
RUN npm install -g npm@latest
@@ -13,7 +13,7 @@ RUN npm ci --omit=dev &&\
# Copy build result to a new image.
# This saves a lot of disk space.
-FROM amneziavpn/amnezia-wg:latest
+FROM amneziavpn/amneziawg-go:latest
HEALTHCHECK CMD /usr/bin/timeout 5s /bin/sh -c "/usr/bin/wg show | /bin/grep -q interface || exit 1" --interval=1m --timeout=5s --retries=3
COPY --from=build_node_modules /app /app
@@ -38,8 +38,41 @@ RUN apk add --no-cache \
nodejs \
npm
-# Use iptables-legacy
-RUN update-alternatives --install /sbin/iptables iptables /sbin/iptables-legacy 10 --slave /sbin/iptables-restore iptables-restore /sbin/iptables-legacy-restore --slave /sbin/iptables-save iptables-save /sbin/iptables-legacy-save
+#Use iptables-legacy
+# RUN update-alternatives --install /sbin/iptables iptables /sbin/iptables-legacy 10 --slave /sbin/iptables-restore iptables-restore /sbin/iptables-legacy-restore --slave /sbin/iptables-save iptables-save /sbin/iptables-legacy-save
+
+# Tune network
+RUN echo -e " \n\
+ fs.file-max = 51200 \n\
+ \n\
+ net.core.rmem_max = 67108864 \n\
+ net.core.wmem_max = 67108864 \n\
+ net.core.netdev_max_backlog = 250000 \n\
+ net.core.somaxconn = 4096 \n\
+ \n\
+ net.ipv4.tcp_syncookies = 1 \n\
+ net.ipv4.tcp_tw_reuse = 1 \n\
+ net.ipv4.tcp_tw_recycle = 0 \n\
+ net.ipv4.tcp_fin_timeout = 30 \n\
+ net.ipv4.tcp_keepalive_time = 1200 \n\
+ net.ipv4.ip_local_port_range = 10000 65000 \n\
+ net.ipv4.tcp_max_syn_backlog = 8192 \n\
+ net.ipv4.tcp_max_tw_buckets = 5000 \n\
+ net.ipv4.tcp_fastopen = 3 \n\
+ net.ipv4.tcp_mem = 25600 51200 102400 \n\
+ net.ipv4.tcp_rmem = 4096 87380 67108864 \n\
+ net.ipv4.tcp_wmem = 4096 65536 67108864 \n\
+ net.ipv4.tcp_mtu_probing = 1 \n\
+ net.ipv4.tcp_congestion_control = hybla \n\
+ # for low-latency network, use cubic instead \n\
+ # net.ipv4.tcp_congestion_control = cubic \n\
+ " | sed -e 's/^\s\+//g' | tee -a /etc/sysctl.conf && \
+ mkdir -p /etc/security && \
+ echo -e " \n\
+ * soft nofile 51200 \n\
+ * hard nofile 51200 \n\
+ " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf
+
# Set Environment
ENV DEBUG=Server,WireGuard
diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js
index 6ebc45d..da6863b 100644
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@@ -89,8 +89,8 @@ module.exports = class WireGuard {
const config = await this.__buildConfig();
await this.__saveConfig(config);
- await Util.exec('wg-quick down wg0').catch(() => {});
- await Util.exec('wg-quick up wg0').catch((err) => {
+ await Util.exec('awg-quick down /etc/wireguard/wg0.conf').catch(() => {});
+ await Util.exec('awg-quick up /etc/wireguard/wg0.conf').catch((err) => {
if (err && err.message && err.message.includes('Cannot find device "wg0"')) {
throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!');
}
@@ -162,7 +162,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
async __syncConfig() {
debug('Config syncing...');
- await Util.exec('wg syncconf wg0 <(wg-quick strip wg0)');
+ await Util.exec('wg syncconf wg0 <(wg-quick strip /etc/wireguard/wg0.conf)');
debug('Config synced.');
}