WG-Easy - WireGuard

Wireguard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It provides secure network connections.

WG-Easy provides a user-friendly interface for managing WireGuard configurations.

Installation

Create the required directory structure:

mkdir wireguard
cd wireguard
mkdir data
touch docker-compose.yml

.../wireguard/docker-compose.yml

networks:
  proxy-network:
    external: true

services:
  wg-easy:
    environment:
      - WG_HOST=wireguard.domain.de
      - PASSWORD_HASH=$$2a$$12$$DfJ2phN2VE4Z1gyFNsGCluifeQUQzz.m4tF4hcHABqYq7yKXQ5cPW #changeme
      # - WG_PORT=51820
      # - WG_DEFAULT_ADDRESS=10.8.0.x
      # - WG_DEFAULT_DNS=1.1.1.1
      # - WG_MTU=1420
      # - WG_ALLOWED_IPS=192.168.0.0/16, 10.0.0.0/8
    image: weejewel/wg-easy
    container_name: wg-easy
    volumes:
      - ./data:/etc/wireguard
    ports:
      - "51820:51820/udp"
    #  - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - proxy-network

Note

When used behind a router, requests must be forwarded to the server on port 51820/udp.

Caution

IPv4 is required.

Caution

WG_HOST should be changed. The password should be changed.

Password Hash Generator

Note

Port 51821 is for the graphical user interface. This must be entered in the proxy host with the hostname wg-easy.