Lucas Rattz 380ff5c2f1 Improve documentation on password hash (#1901 ) * Improve documentation on password hash * Change branch name * Add single quote docker run info * Tag versions, docker run version * separate docker run and compose --------- Co-authored-by: Bernd Storath <32197462+kaaax0815@users.noreply.github.com>		2 months ago
.github	update dockerfile, update workflows	2 months ago
assets	refactor: optimize build config, factorize code, enhance SVG icons	1 year ago
docs	prepare: version bump and changelog	1 year ago
src	Improve documentation on password hash (#1901)	2 months ago
.dockerignore	Added nodemon as a dev dependency and removed unnecessary instructions from the Dockerfile	1 year ago
.gitignore	[combine] gitignore	1 year ago
Dockerfile	fix iptables alias	2 months ago
How_to_generate_an_bcrypt_hash.md	Improve documentation on password hash (#1901)	2 months ago
LICENSE	Rename LICENSE.md to LICENSE	2 years ago
README.md	update dockerfile, update workflows	2 months ago
contributing.md	contributing.md: remove stackoverflow link	2 years ago
docker-compose.dev.yml	early fail if old password variable (#1350)	11 months ago
docker-compose.yml	update dockerfile, update workflows	2 months ago
package-lock.json	npm: package updates	2 years ago
package.json	fix: lint error with workspaces	1 year ago
wg-easy.service	Revert "feat: cidr notation"	1 year ago

README.md

WireGuard Easy

You have found the easiest way to install & manage WireGuard on any Linux host!

Features

All-in-one: WireGuard + Web UI.
Easy installation, simple to use.
List, create, edit, delete, enable & disable clients.
Show a client's QR code.
Download a client's configuration file.
Statistics for which clients are connected.
Tx/Rx charts for each connected client.
Gravatar support.
Automatic Light / Dark Mode
Multilanguage Support
UI_TRAFFIC_STATS (default off)

Requirements

A host with a kernel that supports WireGuard (all modern kernels).
A host with Docker installed.

Versions

This branch is only for the v14 release of WireGuard Easy. For newer versions, please refer to the master branch.

Installation

1. Install Docker

If you haven't installed Docker yet, install it by running:

curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $(whoami)
exit

And log in again.

2. Run WireGuard Easy

To automatically install & run wg-easy, simply run:

  docker run -d \
  --name=wg-easy \
  -e LANG=de \
  -e WG_HOST=<🚨YOUR_SERVER_IP> \
  -e PASSWORD_HASH=<🚨YOUR_ADMIN_PASSWORD_HASH> \
  -e PORT=51821 \
  -e WG_PORT=51820 \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy:14

💡 Replace YOUR_SERVER_IP with your WAN IP, or a Dynamic DNS hostname.

💡 Replace YOUR_ADMIN_PASSWORD_HASH with a bcrypt password hash to log in on the Web UI. See How_to_generate_an_bcrypt_hash.md for know how generate the hash.

The Web UI will now be available on http://0.0.0.0:51821.

💡 Your configuration files will be saved in ~/.wg-easy

WireGuard Easy can be launched with Docker Compose as well - just download docker-compose.yml, make necessary adjustments and execute docker compose up --detach.

Are you enjoying this project? Buy Emile a beer! 🍻

Options

These options can be configured by setting environment variables using -e KEY="VALUE" in the docker run command.

Env	Default	Example	Description
`PORT`	`51821`	`6789`	TCP port for Web UI.
`WEBUI_HOST`	`0.0.0.0`	`localhost`	IP address web UI binds to.
`PASSWORD_HASH`	-	`$2y$05$Ci...`	When set, requires a password when logging in to the Web UI. See How to generate an bcrypt hash.md for know how generate the hash.
`WG_HOST`	-	`vpn.myserver.com`	The public hostname of your VPN server.
`WG_DEVICE`	`eth0`	`ens6f0`	Ethernet device the wireguard traffic should be forwarded through.
`WG_PORT`	`51820`	`12345`	The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container.
`WG_CONFIG_PORT`	`51820`	`12345`	The UDP port used on Home Assistant Plugin
`WG_MTU`	`null`	`1420`	The MTU the clients will use. Server uses default WG MTU.
`WG_PERSISTENT_KEEPALIVE`	`0`	`25`	Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive.
`WG_DEFAULT_ADDRESS`	`10.8.0.x`	`10.6.0.x`	Clients IP address range.
`WG_DEFAULT_DNS`	`1.1.1.1`	`8.8.8.8, 8.8.4.4`	DNS server clients will use. If set to blank value, clients will not use any DNS.
`WG_ALLOWED_IPS`	`0.0.0.0/0, ::/0`	`192.168.15.0/24, 10.0.1.0/24`	Allowed IPs clients will use.
`WG_PRE_UP`	`...`	-	See config.js for the default value.
`WG_POST_UP`	`...`	`iptables ...`	See config.js for the default value.
`WG_PRE_DOWN`	`...`	-	See config.js for the default value.
`WG_POST_DOWN`	`...`	`iptables ...`	See config.js for the default value.
`LANG`	`en`	`de`	Web UI language (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi).
`UI_TRAFFIC_STATS`	`false`	`true`	Enable detailed RX / TX client stats in Web UI
`UI_CHART_TYPE`	`0`	`1`	UI_CHART_TYPE=0 # Charts disabled, UI_CHART_TYPE=1 # Line chart, UI_CHART_TYPE=2 # Area chart, UI_CHART_TYPE=3 # Bar chart

If you change WG_PORT, make sure to also change the exposed port.

Updating

To update to the latest version, simply run:

docker stop wg-easy
docker rm wg-easy
docker pull ghcr.io/wg-easy/wg-easy:14

And then run the docker run -d \ ... command above again.

With Docker Compose WireGuard Easy can be updated with a single command: docker compose up --detach --pull always (if an image tag is specified in the Compose file and it is not latest, make sure that it is changed to the desired one; by default it is omitted and defaults to latest).
The WireGuard Easy container will be automatically recreated if a newer image was pulled.