WireGuard — is the latest VPN server that attracts attention with its high performance, security and ease of configuration. However, managing WireGuard can be made even easier by using the graphical user interface (GUI) in a Docker environment. In this guide, we will look at how to install and configure the WireGuard GUI using Docker and Docker-compose.
1. Preparing to install Docker:
Before we get started, let's update the package manager and install the necessary components:
apt-get update apt-get install ca-certificates curl gnupg
The next step — adding the Docker repository key:
install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg
Now let's add the Docker repository itself:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Update and install Docker:
apt-get update apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
To verify that the installation was successful:
Activate Docker autorun on system boot:
systemctl enable docker
2. Installing Docker-compose:
To install Docker-compose, run the following commands:
curl -SL https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose chmod +x /usr/local/bin/docker-compose
3. Installing and configuring the WireGuard GUI:
Go to or create a directory for configuration:
mkdir -p /home/wireguard && cd /home/wireguard
Create the file
Paste the following configuration into the file:
version: '3' services: wg-easy: image: weejewel/wg-easy container_name: WG-GUI restart: unless-stopped ports: - "51000:51820/udp" - "51000:51821/tcp" volumes: - ~/.wg-easy:/etc/wireguard environment: - WG_HOST=YOUR_SERVER_IP - PASSWORD=YOUR_ADMIN_PASSWORD - WG_PORT=51000 - WG_MTU=1420 - WG_PERSISTENT_KEEPALIVE=25 - WG_DEFAULT_ADDRESS=10.0.0.x - WG_DEFAULT_DNS=22.214.171.124, 126.96.36.199 - WG_ALLOWED_IPS=0.0.0.0/0 cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_forward=1
Don't forget to replace
YOUR_ADMIN_PASSWORD with the appropriate values.
environment section of the
docker-compose.yml file, you can add the following variables:
environment: - WG_HOST=vpn.myserver.com # The public domain name of your VPN server. - PASSWORD=foobar123 # The password to log in to the Web UI. - WG_PORT=12345 # The public UDP port of your VPN server. WireGuard will always listen on port 51820 inside the Docker container. - WG_MTU=1420 # MTU that clients will use. The server uses the default MTU from WireGuard. - WG_PERSISTENT_KEEPALIVE=25 # The value in seconds to keep the "connection" open. - WG_DEFAULT_ADDRESS=10.6.0.x # The clients IP address range. - WG_DEFAULT_DNS=188.8.131.52.8, 184.108.40.206 # DNS server that clients will use. - WG_ALLOWED_IPS=192.168.15.0.0/24, 10.0.1.0.0/24 # Allowed IP addresses that clients will use.
WG_ALLOWED_IPS defines which IP addresses and networks are allowed for traffic through WireGuard. This is the definition of what traffic will be routed through the VPN.
When you connect to a VPN, your device sends traffic to the Internet through that VPN server. But not all traffic has to go through the VPN; you can determine what traffic should be routed through the VPN using authorized IP addresses.
WG_ALLOWED_IPS=0.0.0.0.0/0, ::/0: This means that all traffic (IPv4 and IPv6) will be routed through the VPN.
0.0.0.0.0/0covers all IPv4 addresses, and
::/0covers all IPv6 addresses.
WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24: This means that only traffic destined for IP addresses in the ranges 192.168.15.0 - 192.168.15.255 and 10.0.1.0 - 10.0.1.255 will be routed through the VPN. All other traffic will be routed directly, bypassing the VPN.
WG_ALLOWED_IPS allows you to control exactly what traffic will be sent through the VPN tunnel. This can be useful, for example, if you want only certain applications or devices to use the VPN and the rest of the traffic to go directly through the VPN tunnel.
It's also important to note that if you change the
WG_PORT value, you should also change the configured ports in the
ports section of your
docker-compose.yml file. For example, if you set
WG_PORT=12345, the ports should look like this:
ports: - "12345:51820/udp" - "12345:51821/tcp"
Then simply launch the WireGuard GUI:
docker-compose up -d
Now you have a functioning WireGuard with a graphical user interface accessible through your browser!
You can connect via IP:PORT. In this case IP:55444 The password to the panel we have set in the
WireGuard GUI in a Docker environment provides a simple and effective solution for managing your VPN. This guide will help you quickly set up and start using this tool, providing a high degree of security and convenience for your network.
WireGuard GUI in Docker provides a simple and effective solution for managing your VPN.