blog
  • Blogs
    • Medium Articles
      • Linux
        • 40 Powerful Linux Networking Commands You Must Know.
        • These (Linux) VI Editor Shortcuts You Must Know
        • Bash/Linux Interview Questions for DevOps Engineers
        • Page 1
      • Git
        • 40 Powerful Git Commands Every Developer Should Know
        • 10 Git Best Practices That Every Developer Must Know
      • DevOps/SRE Interview Questions and Answers
        • Top DevOps/SRE Interview Questions and Answers on AWS VPC
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Terraform Best Practices
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Kubernetes Best Practices
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Dockerfiles
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Grafana
      • Installation
        • Docker Installation on Ubuntu 20/22
        • Install WireGuard VPN on Docker Compose
        • Install Redis on Docker Compose
        • Gravitee Docker Compose
      • Kubernetes Series 2025
        • Understanding Kubernetes: Part 1 -Control Plane
        • Understanding Kubernetes: Part 2 -Worker Node
        • Understanding Kubernetes: Part 3 -Pod
        • Understanding Kubernetes: Part 4-ReplicaSets
        • Understanding Kubernetes: Part 5 -Deployment
        • Understanding Kubernetes: Part 6 -DaemonSets
        • Understanding Kubernetes: Part 7 -StatefulSet
        • Understanding Kubernetes: Part 8 -ConfigMap
        • Understanding Kubernetes: Part 9 -Kubernetes Secret
        • Understanding Kubernetes: Part 10 -StorageClass
        • Understanding Kubernetes: Part 11 -Persistent Volume (PV)
        • Understanding Kubernetes: Part 12 -Persistent Volume Claim (PVC)
        • Understanding Kubernetes: Part 13 -Services
        • Understanding Kubernetes: Part 14 -ClusterIP Service
        • Understanding Kubernetes: Part 15 -NodePort Service
        • Understanding Kubernetes: Part 16 -Load Balancer Service
        • Understanding Kubernetes: Part 17 -Ingress
        • Understanding Kubernetes: Part 18 -Ingress Controller
        • Understanding Kubernetes: Part 19 -Headless Service
        • Understanding Kubernetes: Part 20-Network Policy
        • Understanding Kubernetes: Part 21 -CNI
        • Understanding Kubernetes: Part 22 Kubernetes Resource Requests & Limits
        • Understanding Kubernetes: Part 23 Node Selector
        • Understanding Kubernetes: Part 24 Taints and Tolerations
        • Understanding Kubernetes: Part 25 Affinity and Anti-Affinity
        • Understanding Kubernetes: Part 26 Preemption and Priority
        • Understanding Kubernetes: Part 27 Role and RoleBinding
        • Understanding Kubernetes: Part 28 ClusterRole and ClusterRoleBinding
        • Understanding Kubernetes: Part 29 Service Account
        • Understanding Kubernetes: Part 30 Horizontal Pod Autoscaler (HPA)
        • Understanding Kubernetes: Part 31 Vertical Pod Autoscaler (VPA)
        • Understanding Kubernetes: Part 33 Startup Probe
        • Understanding Kubernetes: Part 34 Liveness Probe
        • Understanding Kubernetes: Part 35 Readiness Probe
        • Understanding Kubernetes: Part 36 Container Network Interface (CNI)
        • Understanding Kubernetes: Part 37 Container Runtime Interface (CRI)
        • Understanding Kubernetes: Part 38 Container Storage Interface (CSI)
      • Cloudflare
        • Cloudflare Tunnel for Secure HTTP Routing
      • Nginx
        • Nginx use cases that every engineer must know
Powered by GitBook
On this page
  • Install WireGuard on Docker
  • Step 1: Install Docker
  • Step 2: Install Docker Compose
  • Step 3: Set Up WireGuard Directory
  • Step 4: Create the Docker Compose File
  • Step 5: Start the WireGuard Container
  • Step 6: Access Configuration Files
  • Step 7: Set Up the Client
  • Step 8: Test the Connection
  • Notes
  1. Blogs
  2. Medium Articles
  3. Installation

Install WireGuard VPN on Docker Compose

Install WireGuard on Docker

WireGuard is a lightweight and efficient VPN solution known for its simplicity and performance. By running WireGuard in a Docker container, you can simplify deployment and management. This guide walks you through the steps to set up WireGuard using Docker and Docker Compose, including both server and client configurations.

Step 1: Install Docker

If Docker is not already installed on your server, follow these steps:

sudo yum install docker -y

Start the Docker service:

sudo service docker start

Step 2: Install Docker Compose

Download the Docker Compose binary:

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Make Docker Compose executable:

sudo chmod +x /usr/local/bin/docker-compose

Verify the installation:

docker-compose --version

Check that Docker is running:

docker ps

Step 3: Set Up WireGuard Directory

Create a directory for your WireGuard setup:

mkdir wireguard/
cd wireguard/

Inside the wireguard/ directory, create a configuration directory:

mkdir -p config/wireguard

Step 4: Create the Docker Compose File

Using your preferred text editor, create the docker-compose.yml file:

vi docker-compose.yml

Add the following content:

version: '3.8'
services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SERVERURL=10.143.108.125  # Replace with your server's public IP
      - SERVERPORT=51820          # Port to listen on
      - PEERS=1                   # Number of client configurations to generate
      - PEERDNS=10.64.1.1         # DNS server for peers
      - INTERNAL_SUBNET=10.64.1.0/24 # Internal subnet for WireGuard
    volumes:
      - ./config/wireguard:/config
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.forwarding=1
    restart: unless-stopped

Step 5: Start the WireGuard Container

Run the following command to start the WireGuard container:

docker-compose up -d

Verify the running container:

docker ps

Check the container logs for additional details:

docker logs wireguard

Step 6: Access Configuration Files

The WireGuard configuration files for the server and peers are stored in the config/wireguard directory. Navigate to this directory:

cd config/wireguard/

Each peer will have its own configuration folder, such as peer1. To view the configuration for a specific peer, navigate to its directory:

cd peer1

View the peer’s configuration file:

cat peer1.conf

Example peer1.conf file:

[Interface]
Address = 10.64.1.2
PrivateKey = qOPHZ7vxl6PzeAM00aEkVy4vtB4HlrAN2kt8W3xE7Wc=
ListenPort = 51820
DNS = 10.64.1.1

[Peer]
PublicKey = AtN92g4xwuwXeuCypCUUQ2TxuQYVg823Bml9Q2Rs6H8=
PresharedKey = Q1FvSoWtAiIIEe9MrNF9quKozZ5abMtWkb6ZUsaS99o=
Endpoint = 18.143.198.152:51820
AllowedIPs = 0.0.0.0/0

Step 7: Set Up the Client

Install WireGuard Client

Import the Configuration

  1. Open the WireGuard client.

  2. Click Import Tunnel.

  3. Select the configuration file (e.g., peer1.conf).

  4. Activate the tunnel to connect to the WireGuard VPN.

Step 8: Test the Connection

Once the client is connected, verify that traffic is routed through the VPN by checking your public IP address:

curl ifconfig.me

If the IP matches your server’s public IP, the VPN is working correctly.

Notes

  • Ensure that port 51820/udp is open in your server’s firewall or security group.

  • Modify the PEERS environment variable in the docker-compose.yml file to generate multiple client configurations.

  • Restart the WireGuard container if you make changes to the configuration.

By following these steps, you can deploy a WireGuard VPN server on Docker with ease. Enjoy the security and performance of WireGuard for your networking needs!

PreviousDocker Installation on Ubuntu 20/22NextInstall Redis on Docker Compose

Last updated 4 months ago

Download and install the WireGuard client for your platform from the .

official WireGuard website