opened image

    WireGuard — is the latest VPN server that attracts attention with its high performance, security and ease of configuration. However, managing WireGuard can be made even easier by using the graphical user interface (GUI) in a Docker environment. In this guide, we will look at how to install and configure the WireGuard GUI using Docker and Docker-compose.


    1. Preparing to install Docker:


    Before we get started, let's update the package manager and install the necessary components:

     apt-get update 
    apt-get install ca-certificates curl gnupg


    The next step — adding the Docker repository key:


     install -m 0755 -d /etc/apt/keyrings 
    curl -fsSL -o /etc/apt/keyrings/docker.asc
    chmod a+r /etc/apt/keyrings/docker.gpg


    Now let's add the Docker repository itself:


     echo \
      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
      $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
      sudo tee /etc/apt/sources.list.d/docker.list > /dev/null


    Update and install Docker:

     apt-get update 
    apt-get install docker-ce docker-ce-cli docker-buildx-plugin docker-compose-plugin


    To verify that the installation was successful:

     docker --version



    Activate Docker autorun on system boot:

     systemctl enable docker



    2. Installing Docker-compose:


    To install Docker-compose, run the following commands:

     curl -SL -o /usr/local/bin/docker-compose 
    ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose 
    chmod +x /usr/local/bin/docker-compose


    To check:

     docker-compose --version



    3. Installing and configuring the WireGuard GUI:


    Go to or create a directory for configuration:

     mkdir -p /home/wireguard && cd /home/wireguard


    Create the file docker-compose.yaml:

     vim docker-compose.yaml


    Paste the following configuration into the file:

     version: '3'
        image: weejewel/wg-easy
        container_name: WG-GUI
        restart: unless-stopped
          - "51000:51820/udp"
          - "51000:51821/tcp"
          - ~/.wg-easy:/etc/wireguard
          - WG_PORT=51000
          - WG_MTU=1420
          - WG_DEFAULT_ADDRESS=10.0.0.x
          - WG_DEFAULT_DNS=,
          - WG_ALLOWED_IPS=
          - NET_ADMIN
          - SYS_MODULE
          - net.ipv4.conf.all.src_valid_mark=1
          - net.ipv4.ip_forward=1



    Don't forget to replace YOUR_SERVER_IP and YOUR_ADMIN_PASSWORD with the appropriate values.

    In the environment section of the docker-compose.yml file, you can add the following variables:

    - # The public domain name of your VPN server. 
    - PASSWORD=foobar123 # The password to log in to the Web UI. 
    - WG_PORT=12345 # The public UDP port of your VPN server. WireGuard will always listen on port 51820 inside the Docker container. 
    - WG_MTU=1420 # MTU that clients will use. The server uses the default MTU from WireGuard. 
    - WG_PERSISTENT_KEEPALIVE=25 # The value in seconds to keep the "connection" open. 
    - WG_DEFAULT_ADDRESS=10.6.0.x # The clients IP address range.
    - WG_DEFAULT_DNS=, # DNS server that clients will use. 
    - WG_ALLOWED_IPS=, # Allowed IP addresses that clients will use.


    WG_ALLOWED_IPS defines which IP addresses and networks are allowed for traffic through WireGuard. This is the definition of what traffic will be routed through the VPN.



    When you connect to a VPN, your device sends traffic to the Internet through that VPN server. But not all traffic has to go through the VPN; you can determine what traffic should be routed through the VPN using authorized IP addresses.


    • WG_ALLOWED_IPS=, ::/0: This means that all traffic (IPv4 and IPv6) will be routed through the VPN. covers all IPv4 addresses, and ::/0 covers all IPv6 addresses.
    • WG_ALLOWED_IPS=, This means that only traffic destined for IP addresses in the ranges - and - will be routed through the VPN. All other traffic will be routed directly, bypassing the VPN.

    So WG_ALLOWED_IPS allows you to control exactly what traffic will be sent through the VPN tunnel. This can be useful, for example, if you want only certain applications or devices to use the VPN and the rest of the traffic to go directly through the VPN tunnel.


    It's also important to note that if you change the WG_PORT value, you should also change the configured ports in the ports section of your docker-compose.yml file. For example, if you set WG_PORT=12345, the ports should look like this:


    - "12345:51820/udp" 
    - "12345:51821/tcp"



    Then simply launch the WireGuard GUI:


     docker-compose up -d



    Now you have a functioning WireGuard with a graphical user interface accessible through your browser!

    You can connect via IP:PORT. In this case IP:55444 The password to the panel we have set in the environment block.





    WireGuard GUI in a Docker environment provides a simple and effective solution for managing your VPN. This guide will help you quickly set up and start using this tool, providing a high degree of security and convenience for your network.

    WireGuard GUI in Docker provides a simple and effective solution for managing your VPN.