opened image

How to install Wireguard in Docker

As you know, WireGuard — is a VPN that allows us to create a secure tunnel for both personal networks and surfing. This provides us with safe and reliable Internet access from a smartphone or personal computer.

How to install it on a clean server can be found in this article.

In this guide, we will look at how to install WireGuard in a Docker container using Docker Compose.

 

Let's install Docker. 

But first, we need to update the OS packages. 
 

apt update


Let's install the necessary packages and add a new repository:

apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"


Let's update the packages with the new repository:

apt update


Now let's install Docker itself.

apt-get install docker-ce docker-ce-cli containerd.io


Let's check the version:

docker --version


Let's check the status:

systemctl status docker



If it hasn't started, let's start it:

systemctl start docker


And add it to autostart.

systemctl enable docker


 

 

Let's install Docker-Compose

For this project, version 1.25 will be sufficient. 
 

curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose


Let's set the execution permissions. 

chmod +x /usr/local/bin/docker-compose


Let's check how Docker-Compose was installed:

docker-compose --version



Let's add the Linux user to the docker group:

 

usermod -aG docker $USER


Let's create a *.yaml  file for Docker-Compose.

To keep track of what we have installed in the future, let's create a separate folder for this project in the /opt directory and navigate to it.

mkdir /opt/wireguard-server && cd /opt/wireguard-server


You can also use your home directory /home to place this and other projects. 

We will use the linuxserver repository to create the docker-compose.yaml file at the link https://hub.docker.com/r/linuxserver/wireguard

Let's create a file docker-compose.yaml or docker-compose.yml,

vim docker-compose.yaml


And add the following code to it:

version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/Amsterdam
      - SERVERURL=auto
      - SERVERPORT=51820
      - PEERS=1
      - PEERDNS=1.1.1.1
      - INTERNAL_SUBNET=10.10.10.0
      - ALLOWEDIPS=0.0.0.0/0
      - LOG_CONFS=true
    volumes:
      -  /opt/wireguard-server/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: always


Where:

container_name: the name of your container;
TZ=: the time zone, you can change it to the desired one, but for anonymity, it's better to leave it as Europe/Amsterdam;
SERVERPORT=: a random port on which your VPN will operate. It also needs to be specified in ports.
PEERS=: the number of users. You can increase it to the desired number;
51820:51820/udp - the forwarded ports.

Let's run our script (for this, you need to be in the directory where our file was created. In this case, it's /opt/wireguard-server/):

docker-compose up -d 


Wait for the images to download and deploy.

Let's check:

docker-compose ps


or 

docker ps



This can also be done with a single command in docker:

docker run -d \\ --name=wireguard \\ --cap-add=NET_ADMIN \\ --cap-add=SYS_MODULE \\ -e PUID=0 \\ -e PGID=0 \\ -e TZ=Europe/Amsterdam \\ -e SERVERURL=auto \\ -e SERVERPORT=51820 \\ -e PEERS=1 \\ -e PEERDNS=1.1.1.1 \\ -e INTERNAL_SUBNET=10.10.10.0 \\ -e ALLOWEDIPS=0.0.0.0/0 \\ -e LOG_CONFS=true \\ -p 51820:51820/udp \\ -v /opt/wireguard-server/config:/config \\ -v /lib/modules:/lib/modules \\ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \\ --restart always \\  lscr.io/linuxserver/wireguard:latest


To generate a QR code for a smartphone:

docker exec -it wireguard /app/show-peer 1


Where:

1 - is the first config/user.

Result:


All configuration files and QR codes are located in /opt/wireguard-server/config/peer*

 

How to create additional users.


To do this, simply change the directive PEERS in the docker-compose.yaml  file, adding the desired number of users.

To apply the changes, we recreate our container:

 

docker-compose up -d --force-recreate


Also, for anonymity, let's disable ping on the host server:

echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf

 


And apply the changes:

sysctl -p


Happy surfing.
 

Similar articles:
How to Install and Configure IIS FTP Server on Windows Server 2019How to Add Swap Swap Partition in OS LinuxMacOS: How to perform MTR checkHow to install phpMyAdmin in DockercPanel: creating a mailbox and working with it

Basic Cloud VPS

FROM €3.80/MONTH