wireguard-ui without docker

Leave a reply

wget wireguard-ui:
https://github.com/ngoduykhanh/wireguard-ui/releases

tar -xvzf wireguard-ui-*.tar.gz
mkdir /opt/wireguard-ui
mv wireguard-ui /opt/wireguard-ui/

vim /opt/wireguard-ui/.env
SESSION_SECRET=
WGUI_USERNAME=
WGUI_PASSWORD=

vim /opt/wireguard-ui/postup.sh
#!/usr/bin/bash
# /opt/wireguard-ui/postup.sh
ufw route allow in on wg0 out on eth0
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

vim /opt/wireguard-ui/postdown.sh
#!/usr/bin/bash
# /opt/wireguard-ui/postdown.sh
ufw route delete allow in on wg0 out on eth0
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

chmod +x /opt/wireguard-ui/post*.sh

vim /etc/systemd/system/wireguard-ui-daemon.service
[Unit]
Description=WireGuard UI Daemon
Wants=network-online.target
After=network-online.target

[Service]
User=root
Group=root
Type=simple

systemctl daemon-reload
systemctl start wireguard-ui-daemon.service

vim /etc/systemd/system/wgui.service
[Unit]
Description=Restart WireGuard
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart [email protected]

[Install]
RequiredBy=wgui.path

vim /etc/systemd/system/wgui.path
[Unit]
Description=Watch /etc/wireguard/wg0.conf for changes

[Path]
PathModified=/etc/wireguard/wg0.conf

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable wgui.{path,service}
systemctl start wgui.{path,service}

Nginx proxy:

add_header Cache-Control no-cache;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:5000/;

Pug

Leave a reply

Pug is a high-performance template engine heavily influenced by HTML and implemented with JavaScript for Node.js and browsers. But there are ports for other languages like Java, Python, Ruby, etc.

arkade

Leave a reply

arkade is how developers install the latest versions of their favourite tools and Kubernetes apps.

curl -sLS https://get.arkade.dev | sudo sh
arkade get kubectl

arkade get kubectl \
helm \
istioctl

actions-runner Install GitHub Actions Runner
buildkitd Install Buildkitd
cni Install CNI plugins
containerd Install containerd
firecracker Install Firecracker
gitlab-runner Install Gitlab Runner
go Install Go
node Install Node.js
prometheus Install Prometheus
tc-redirect-tap Install tc-redirect-tap
registry Install Open Source Registry implementation for storing and distributing container images using the OCI Distribution Specification

mercure

Leave a reply

wget https://github.com/dunglas/mercure/releases/download/v0.10.2/mercure_0.10.2_Linux_x86_64.tar.gz && mkdir mercure && tar -zxvf mercure_0.10.2_Linux_x86_64.tar.gz -C mercure

vim /etc/supervisor/conf.d/mercure.conf
[program:mercure]
command=/usr/sbin/mercure
process_name=%(program_name)s_%(process_num)s
numprocs=1
environment=JWT_KEY=”secret_jwt_key”,ADDR=’:3333′, DEMO=1, ALLOW_ANONYMOUS=1, CORS_ALLOWED_ORIGINS=, PUBLISH_ALLOWED_ORIGINS=”, USE_FORWARDED_HEADERS=1, DEBUG=1
directory=/tmp
autostart=true
autorestart=true
startsecs=5
startretries=10
user=www-data
redirect_stderr=false
stdout_capture_maxbytes=1MB
stderr_capture_maxbytes=1MB
stdout_logfile=/path/to/mercure/out.log
stderr_logfile=/path/to/mercure/error.log

supervisorctl reread
supervisorctl update
supervisorctl start mercure

Generate token online here: www.JWT.io
You need use your secret_jwt_key to get token

{
“mercure”: {
“publish”: [
“*”
]
}
}

Test token bash script:

#!/usr/bin/env bash

curl –request POST \
–url http://127.0.0.1:3333/.well-known/mercure \
–header ‘authorization: Bearer Paste_your_generated_token_here’ \
–header ‘content-type: application/x-www-form-urlencoded’ \
–data topic=test \
–data ‘data={
“headline”: “Hello there this is Mercure.Rocks”
}’

systemd listen on port and run command

Leave a reply


systemd listen on port and run command on connect

vin /usr/lib/systemd/system/restart-db.service
[Unit]
Description=Restart MySQL Listener
After=network.target

[Service]
User=restart
Type=simple
ExecStart=/bin/bash -xc 'echo -e "HTTP/1.1 204 No Content\\r\\nConnection: close\\r\\n\\r" | nc -p 7777 -l -w 1; sudo systemctl restart mysql'
Restart=always
StartLimitInterval=1min
StartLimitBurst=60

[Install]
WantedBy=multi-user.target

systemctl start restart-db.service

● restart-db.service – Restart MySQL Listener
Loaded: loaded (/lib/systemd/system/restart-db.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2023-11-27 21:29:28 UTC; 11s ago
Main PID: 41246 (bash)
Tasks: 2 (limit: 76710)
Memory: 572.0K
CPU: 1ms
CGroup: /system.slice/restart-db.service
├─41246 /bin/bash -xc “echo -e \”HTTP/1.1 204 No Content\\r\\nConnection: close\\r\\n\\r\” | nc -p 7777 -l -w 1; sudo systemctl restart mysql”
└─41248 nc -p 7777 -l -w

vim /etc/sudoers.d/restart-db
restart ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart mysql

Also possible use socat with some simple auth:
socat -u TCP-LISTEN:7777,keepalive,reuseaddr,rcvbuf=7777 STDOUT | grep -w -q “mypassword” && sudo systemctl restart mysql