mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1427 Commits
5 Branches
28 Tags
18 MiB
 
 
 
 
 
Tree: d7b0e07738
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd7b0e07738'
${ noResults }
wg-easy/docs/content/advanced/config/optional-config.md

4.7 KiB
Raw Blame History

title
Optional Configuration

You can set these environment variables to configure the container. They are not required, but can be useful in some cases.

Env Default Example Description
PORT 51821 6789 TCP port for Web UI.
HOST 0.0.0.0 localhost IP address web UI binds to.
INSECURE false true If access over http is allowed
DISABLE_IPV6 false true If IPv6 support should be disabled
DISABLE_VERSION_CHECK false true If wg-easy should check for new updates

/// note | IPv6 Caveats

Disabling IPv6 will disable the creation of the default IPv6 firewall rules and won't add a IPv6 address to the interface and clients.

You will however still see a IPv6 address in the Web UI, but it won't be used.

This option can be removed in the future, as more devices support IPv6.

///

Configuration Overrides

These environment variables allow you to override settings that would normally be configured through the Admin Panel. When set, these values take precedence over database settings at runtime.

Interface Settings

Env Example Description
WG_PORT 51820 WireGuard interface port
WG_DEVICE eth0 Network device/interface
WG_MTU 1420 Maximum Transmission Unit
WG_IPV4_CIDR 10.8.0.0/24 IPv4 CIDR range
WG_IPV6_CIDR fdcc::/112 IPv6 CIDR range

Client Connection Settings

Env Example Description
WG_HOST vpn.example.com Host clients will connect to
WG_CLIENT_PORT 51820 Port clients will connect to
WG_DEFAULT_DNS 1.1.1.1,8.8.8.8 Default DNS servers for clients
WG_DEFAULT_ALLOWED_IPS 0.0.0.0/0,::/0 Default allowed IPs for clients
WG_DEFAULT_MTU 1420 Default MTU for clients
WG_DEFAULT_PERSISTENT_KEEPALIVE 25 Default persistent keepalive

General Settings

Env Example Description
WG_SESSION_TIMEOUT 3600 Session timeout (seconds)
WG_METRICS_PASSWORD mypassword123 Metrics endpoint password
WG_METRICS_PROMETHEUS true or false Enable Prometheus metrics
WG_METRICS_JSON true or false Enable JSON metrics

Hooks

Env Example Description
WG_PRE_UP echo "Starting WG" PreUp hook command
WG_POST_UP iptables -A FORWARD ... PostUp hook command
WG_PRE_DOWN echo "Stopping WG" PreDown hook command
WG_POST_DOWN iptables -D FORWARD ... PostDown hook command

/// warning | Override Behavior

When these override environment variables are set:

  • The specified values will be used at runtime instead of database settings
  • You can still update these fields through the Web UI and they will be saved to the database
  • However, the overridden values from environment variables will always take precedence at runtime
  • The Web UI will display the database values with warning indicators showing which fields are overridden
  • On first start, if no database values exist, some overridden values will be saved to the database

Some overrides will not be applied to existing clients until they are manually edited.

  • WG_DEFAULT_* settings will only apply to new clients
  • WG_IPV4_CIDR and WG_IPV6_CIDR changes will require clients to be manually edited to take effect

///

/// note | Note on Port Variables

  • WG_PORT - The port WireGuard listens on (interface port)
  • WG_CLIENT_PORT - The port clients connect to (endpoint port, uses WG_PORT if not set)
  • PORT - The port the Web UI listens on (HTTP server port)

In most cases you will only need to set WG_PORT to change the WireGuard port. Keep in mind that you have to adjust both sides of the port publish option in your docker setup.

///