- Add files via upload

- patched for kmod usage - https://github.com/w0rng/amnezia-wg-easy/compare/master...timopheysky:amnezia-wg-easy:master - build witch docker compose - support Alpine Linux
2025-04-24 00:30:36 +03:00 · 2025-04-24 00:30:36 +03:00 · c133e22a12
commit c133e22a12
parent 1391267437
5 changed files with 53 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,4 +4,5 @@
 /src/node_modules
 .DS_Store
 *.swp
-.idea
+.idea
+package-lock.json
--- a/41
+++ b/41
@ -1,6 +1,6 @@
 # As a workaround we have to build on nodejs 18
 # nodejs 20 hangs on build with armv6/armv7
-FROM docker.io/library/node:18-alpine AS build_node_modules
+FROM docker.io/library/node:20-alpine AS build_node_modules

 # Update npm to latest
 RUN npm install -g npm@latest
@ -13,7 +13,7 @@ RUN npm ci --omit=dev &&\

 # Copy build result to a new image.
 # This saves a lot of disk space.
-FROM amneziavpn/amnezia-wg:latest
+FROM amneziavpn/amneziawg-go:latest
 HEALTHCHECK CMD /usr/bin/timeout 5s /bin/sh -c "/usr/bin/wg show | /bin/grep -q interface || exit 1" --interval=1m --timeout=5s --retries=3
 COPY --from=build_node_modules /app /app

@ -38,8 +38,41 @@ RUN apk add --no-cache \
    nodejs \
    npm

-# Use iptables-legacy
-RUN update-alternatives --install /sbin/iptables iptables /sbin/iptables-legacy 10 --slave /sbin/iptables-restore iptables-restore /sbin/iptables-legacy-restore --slave /sbin/iptables-save iptables-save /sbin/iptables-legacy-save
+#Use iptables-legacy
+# RUN update-alternatives --install /sbin/iptables iptables /sbin/iptables-legacy 10 --slave /sbin/iptables-restore iptables-restore /sbin/iptables-legacy-restore --slave /sbin/iptables-save iptables-save /sbin/iptables-legacy-save
+
+# Tune network  
+RUN echo -e " \n\
+  fs.file-max = 51200 \n\
+  \n\
+  net.core.rmem_max = 67108864 \n\
+  net.core.wmem_max = 67108864 \n\
+  net.core.netdev_max_backlog = 250000 \n\
+  net.core.somaxconn = 4096 \n\
+  \n\
+  net.ipv4.tcp_syncookies = 1 \n\
+  net.ipv4.tcp_tw_reuse = 1 \n\
+  net.ipv4.tcp_tw_recycle = 0 \n\
+  net.ipv4.tcp_fin_timeout = 30 \n\
+  net.ipv4.tcp_keepalive_time = 1200 \n\
+  net.ipv4.ip_local_port_range = 10000 65000 \n\
+  net.ipv4.tcp_max_syn_backlog = 8192 \n\
+  net.ipv4.tcp_max_tw_buckets = 5000 \n\
+  net.ipv4.tcp_fastopen = 3 \n\
+  net.ipv4.tcp_mem = 25600 51200 102400 \n\
+  net.ipv4.tcp_rmem = 4096 87380 67108864 \n\
+  net.ipv4.tcp_wmem = 4096 65536 67108864 \n\
+  net.ipv4.tcp_mtu_probing = 1 \n\
+  net.ipv4.tcp_congestion_control = hybla \n\
+  # for low-latency network, use cubic instead \n\
+  # net.ipv4.tcp_congestion_control = cubic \n\
+  " | sed -e 's/^\s\+//g' | tee -a /etc/sysctl.conf && \
+  mkdir -p /etc/security && \
+  echo -e " \n\
+  * soft nofile 51200 \n\
+  * hard nofile 51200 \n\
+  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf  
+

 # Set Environment
 ENV DEBUG=Server,WireGuard
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,7 +5,9 @@ services:
  amnezia-wg-easy:
    env_file:
      - .env
-    image: ghcr.io/w0rng/amnezia-wg-easy
+    image: amnezia-wg-easy
+    build:
+      context: .
    container_name: amnezia-wg-easy
    volumes:
      - etc_wireguard:/etc/wireguard
--- a/net.md
+++ b/net.md
@ -0,0 +1,8 @@
+# Для доступа из под Alpine Linux
+
+https://gitlab.alpinelinux.org/alpine/aports/-/issues/15199
+
+```
+[ -e /dev/net ] || mkdir /dev/net
+[ -e /dev/net/tun ] || (mknod /dev/net/tun c 10 200 && chmod 600 /dev/net/tun)
+```
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@ -89,8 +89,8 @@ module.exports = class WireGuard {
      const config = await this.__buildConfig();

      await this.__saveConfig(config);
-      await Util.exec('wg-quick down wg0').catch(() => {});
-      await Util.exec('wg-quick up wg0').catch((err) => {
+      await Util.exec('awg-quick down /etc/wireguard/wg0.conf').catch(() => {});
+      await Util.exec('awg-quick up /etc/wireguard/wg0.conf').catch((err) => {
        if (err && err.message && err.message.includes('Cannot find device "wg0"')) {
          throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!');
        }
@ -162,7 +162,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''

  async __syncConfig() {
    debug('Config syncing...');
-    await Util.exec('wg syncconf wg0 <(wg-quick strip wg0)');
+    await Util.exec('wg syncconf wg0 <(wg-quick strip /etc/wireguard/wg0.conf)');
    debug('Config synced.');
  }