fix: remove sysctls from host network container and apply them to host OS
This commit is contained in:
xtcnet
parent
9eeb3f7c7d
commit
2cbaab23c5
2 changed files with 20 additions and 8 deletions
|
|
@ -45,8 +45,6 @@ docker run -d \
|
||||||
--name npm-wg \
|
--name npm-wg \
|
||||||
--cap-add=NET_ADMIN \
|
--cap-add=NET_ADMIN \
|
||||||
--cap-add=SYS_MODULE \
|
--cap-add=SYS_MODULE \
|
||||||
--sysctl net.ipv4.ip_forward=1 \
|
|
||||||
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
|
||||||
--network host \
|
--network host \
|
||||||
-v npm-wg-data:/data \
|
-v npm-wg-data:/data \
|
||||||
-v npm-wg-letsencrypt:/etc/letsencrypt \
|
-v npm-wg-letsencrypt:/etc/letsencrypt \
|
||||||
|
|
@ -67,9 +65,6 @@ services:
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
- SYS_MODULE
|
- SYS_MODULE
|
||||||
sysctls:
|
|
||||||
- net.ipv4.ip_forward=1
|
|
||||||
- net.ipv4.conf.all.src_valid_mark=1
|
|
||||||
network_mode: "host"
|
network_mode: "host"
|
||||||
volumes:
|
volumes:
|
||||||
- data:/data
|
- data:/data
|
||||||
|
|
|
||||||
23
install.sh
23
install.sh
|
|
@ -128,6 +128,22 @@ install_deps() {
|
||||||
log_ok "All system dependencies are ready."
|
log_ok "All system dependencies are ready."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# -----------------------------------------------------------
|
||||||
|
# x. Apply sysctls to Host (For WireGuard in Host Network Mode)
|
||||||
|
# -----------------------------------------------------------
|
||||||
|
apply_sysctls_to_host() {
|
||||||
|
log_step "Applying required sysctl network parameters to host..."
|
||||||
|
sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1
|
||||||
|
sysctl -w net.ipv4.conf.all.src_valid_mark=1 >/dev/null 2>&1
|
||||||
|
|
||||||
|
# Persist sysctls if they don't already exist
|
||||||
|
if [ -f /etc/sysctl.conf ]; then
|
||||||
|
grep -q 'net.ipv4.ip_forward=1' /etc/sysctl.conf || echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
|
||||||
|
grep -q 'net.ipv4.conf.all.src_valid_mark=1' /etc/sysctl.conf || echo 'net.ipv4.conf.all.src_valid_mark=1' >> /etc/sysctl.conf
|
||||||
|
fi
|
||||||
|
log_ok "Host network parameters configured."
|
||||||
|
}
|
||||||
|
|
||||||
# -----------------------------------------------------------
|
# -----------------------------------------------------------
|
||||||
# x. Generate docker-compose.yml
|
# x. Generate docker-compose.yml
|
||||||
# -----------------------------------------------------------
|
# -----------------------------------------------------------
|
||||||
|
|
@ -148,9 +164,6 @@ services:
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
- SYS_MODULE
|
- SYS_MODULE
|
||||||
sysctls:
|
|
||||||
- net.ipv4.ip_forward=1
|
|
||||||
- net.ipv4.conf.all.src_valid_mark=1
|
|
||||||
network_mode: "host"
|
network_mode: "host"
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/data
|
- ./data:/data
|
||||||
|
|
@ -208,6 +221,9 @@ do_install() {
|
||||||
mkdir -p "$INSTALL_DIR"
|
mkdir -p "$INSTALL_DIR"
|
||||||
log_ok "Directory created."
|
log_ok "Directory created."
|
||||||
|
|
||||||
|
# --- Apply Sysctls ---
|
||||||
|
apply_sysctls_to_host
|
||||||
|
|
||||||
# --- Write docker-compose.yml ---
|
# --- Write docker-compose.yml ---
|
||||||
generate_docker_compose "$wg_host"
|
generate_docker_compose "$wg_host"
|
||||||
|
|
||||||
|
|
@ -376,6 +392,7 @@ do_update() {
|
||||||
log_warn "Could not extract WG_HOST. Using ${current_wg_host}."
|
log_warn "Could not extract WG_HOST. Using ${current_wg_host}."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
apply_sysctls_to_host
|
||||||
generate_docker_compose "$current_wg_host"
|
generate_docker_compose "$current_wg_host"
|
||||||
|
|
||||||
log_step "Pulling latest image..."
|
log_step "Pulling latest image..."
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue