diff --git a/api/wireguard_manager.py b/api/wireguard_manager.py index c31e2c2..0807428 100644 --- a/api/wireguard_manager.py +++ b/api/wireguard_manager.py @@ -155,7 +155,9 @@ class WireGuardManager(BaseServiceManager): f'iptables -t nat -A PREROUTING -i %i -d {server_ip} -p udp --dport 53 -j DNAT --to-destination {dns_ip}:53; ' f'iptables -t nat -A PREROUTING -i %i -d {server_ip} -p tcp --dport 53 -j DNAT --to-destination {dns_ip}:53; ' f'iptables -t nat -A PREROUTING -i %i -d {server_ip} -p tcp --dport 80 -j DNAT --to-destination {caddy_ip}:80; ' + f'iptables -t nat -A PREROUTING -i %i -d {server_ip} -p tcp --dport 443 -j DNAT --to-destination {caddy_ip}:443; ' f'iptables -I FORWARD -i %i -o eth0 -p tcp --dport 80 -j ACCEPT; ' + f'iptables -I FORWARD -i %i -o eth0 -p tcp --dport 443 -j ACCEPT; ' f'iptables -I FORWARD -i %i -o eth0 -p udp --dport 53 -j ACCEPT; ' f'iptables -I FORWARD -i %i -o eth0 -p tcp --dport 53 -j ACCEPT; ' f'iptables -I FORWARD -i eth0 -o %i -s 172.20.0.0/16 -j ACCEPT; ' @@ -165,7 +167,9 @@ class WireGuardManager(BaseServiceManager): f'iptables -t nat -D PREROUTING -i %i -d {server_ip} -p udp --dport 53 -j DNAT --to-destination {dns_ip}:53 2>/dev/null || true; ' f'iptables -t nat -D PREROUTING -i %i -d {server_ip} -p tcp --dport 53 -j DNAT --to-destination {dns_ip}:53 2>/dev/null || true; ' f'iptables -t nat -D PREROUTING -i %i -d {server_ip} -p tcp --dport 80 -j DNAT --to-destination {caddy_ip}:80 2>/dev/null || true; ' + f'iptables -t nat -D PREROUTING -i %i -d {server_ip} -p tcp --dport 443 -j DNAT --to-destination {caddy_ip}:443 2>/dev/null || true; ' f'iptables -D FORWARD -i %i -o eth0 -p tcp --dport 80 -j ACCEPT 2>/dev/null || true; ' + f'iptables -D FORWARD -i %i -o eth0 -p tcp --dport 443 -j ACCEPT 2>/dev/null || true; ' f'iptables -D FORWARD -i %i -o eth0 -p udp --dport 53 -j ACCEPT 2>/dev/null || true; ' f'iptables -D FORWARD -i %i -o eth0 -p tcp --dport 53 -j ACCEPT 2>/dev/null || true; ' f'iptables -D FORWARD -i eth0 -o %i -s 172.20.0.0/16 -j ACCEPT 2>/dev/null || true; ' @@ -194,11 +198,11 @@ class WireGuardManager(BaseServiceManager): t = token.strip() if not t.startswith('iptables'): return False - # PREROUTING DNAT on ports 53 or 80 (scoped or unscoped — we replace both) - if 'PREROUTING' in t and 'DNAT' in t and ('--dport 53' in t or '--dport 80' in t): + # PREROUTING DNAT on ports 53, 80, or 443 (scoped or unscoped — we replace both) + if 'PREROUTING' in t and 'DNAT' in t and ('--dport 53' in t or '--dport 80' in t or '--dport 443' in t): return True - # FORWARD accept to eth0 for ports 53 or 80 (service traffic forwarding) - if 'FORWARD' in t and '-o eth0' in t and ('--dport 53' in t or '--dport 80' in t): + # FORWARD accept to eth0 for ports 53, 80, or 443 (service traffic forwarding) + if 'FORWARD' in t and '-o eth0' in t and ('--dport 53' in t or '--dport 80' in t or '--dport 443' in t): return True # Docker-to-WG FORWARD: eth0 → wg0 for 172.20.0.0/16 if 'FORWARD' in t and '-i eth0' in t and '172.20.0.0/16' in t: @@ -1084,6 +1088,7 @@ class WireGuardManager(BaseServiceManager): 'running': running, 'status': 'online' if running else 'offline', 'interface': 'wg0', + 'listen_port': self._get_configured_port(), 'ip_info': {'address': SERVER_ADDRESS} if running else {}, 'peers_count': len(self.get_peers()), 'timestamp': datetime.utcnow().isoformat(),