You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

3.8 KiB

WireGuard Easy

Build & Publish Docker Image to Docker Hub Lint Docker Docker Sponsor

You have found the easiest way to install & manage WireGuard on any Linux host!

Features

  • All-in-one: WireGuard + Web UI.
  • Easy installation, simple to use.
  • List, create, edit, delete, enable & disable clients.
  • Show a client's QR code.
  • Download a client's configuration file.
  • Statistics for which clients are connected.
  • Gravatar support.

Requirements

  • A host with a kernel that supports WireGuard (all modern kernels).
  • A host with Docker installed.

Installation

1. Simple Docker Installation

If you haven't installed Docker yet, install it by running:

$ curl -sSL https://get.docker.com | sh
$ sudo usermod -aG docker $(whoami)
$ exit

And log in again.

docker run -d \
--name=wg-easy \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e WG_HOST=51.159.67.58 \
-e PASSWORD=passwordforthewebuiHERE \
-e WG_PORT=51820 \
-e WG_DEFAULT_ADDRESS=10.8.0.x \
-e WG_DEFAULT_DNS=1.1.1.1 \
-e WG_ALLOWED_IPS=0.0.0.0/0,::/0 \
-v /path/to/appdata/config:/etc/wireguard \
-p 51820:51820/udp \
-p 51821:51821/tcp \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv4.ip_forward=1" \
--restart unless-stopped \
weejewel/wg-easy

If you prefer a docker-compose install. For example, on a Raspberry Pi:

sudo apt-get install docker-compose

2. Configure WireGuard

Run these commands to prepare and configure WireGuard.

$ mkdir ~/.wg-easy
$ cd ~/.wg-easy
$ wget https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml
$ vim docker-compose.yml

Change WG_HOST=raspberrypi.local to your server's public address, e.g. WG_HOST=vpn.mydomain.com.

Optionally, set a Web UI password by uncommenting PASSWORD=foobar123 and change the password.

By default, any WireGuard client will have access to the Web UI, unless you set a password.

3. Run WireGuard

Finally, run WireGuard. It will automatically start after a reboot.

$ docker-compose up --detach

The Web UI will be available on http://0.0.0.0:51821. You can create new clients there.

Options

These options can be configured in docker-compose.yml under environment.

Env Default Example Description
PASSWORD - foobar123 When set, requires a password when logging in to the Web UI.
WG_HOST - vpn.myserver.com The public hostname of your VPN server.
WG_PORT 51820 12345 The public UDP port of your VPN server. WireGuard will always listen on 51820 inside the Docker container.
WG_PERSISTENT_KEEPALIVE 0 25 Value in seconds to keep the "connection" open.
WG_DEFAULT_ADDRESS 10.8.0.x 10.6.0.x Clients IP address range.
WG_DEFAULT_DNS 1.1.1.1 8.8.8.8, 8.8.4.4 DNS server clients will use.
WG_ALLOWED_IPS 0.0.0.0/0, ::/0 192.168.15.0/24, 10.0.1.0/24 Allowed IPs clients will use.

If you change WG_PORT, make sure to also change the exposed port.

Updating

To update to the latest version, run:

docker-compose down
docker-compose pull
docker-compose up --detach --remove-orphans
docker image prune