Install WireGuard VPN on Docker Compose
Install WireGuard on Docker
WireGuard is a lightweight and efficient VPN solution known for its simplicity and performance. By running WireGuard in a Docker container, you can simplify deployment and management. This guide walks you through the steps to set up WireGuard using Docker and Docker Compose, including both server and client configurations.
Step 1: Install Docker
If Docker is not already installed on your server, follow these steps:
sudo yum install docker -yStart the Docker service:
sudo service docker startStep 2: Install Docker Compose
Download the Docker Compose binary:
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composeMake Docker Compose executable:
sudo chmod +x /usr/local/bin/docker-composeVerify the installation:
docker-compose --versionCheck that Docker is running:
docker psStep 3: Set Up WireGuard Directory
Create a directory for your WireGuard setup:
mkdir wireguard/
cd wireguard/Inside the wireguard/ directory, create a configuration directory:
mkdir -p config/wireguardStep 4: Create the Docker Compose File
Using your preferred text editor, create the docker-compose.yml file:
vi docker-compose.ymlAdd the following content:
version: '3.8'
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- SERVERURL=10.143.108.125 # Replace with your server's public IP
- SERVERPORT=51820 # Port to listen on
- PEERS=1 # Number of client configurations to generate
- PEERDNS=10.64.1.1 # DNS server for peers
- INTERNAL_SUBNET=10.64.1.0/24 # Internal subnet for WireGuard
volumes:
- ./config/wireguard:/config
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
restart: unless-stoppedStep 5: Start the WireGuard Container
Run the following command to start the WireGuard container:
docker-compose up -dVerify the running container:
docker psCheck the container logs for additional details:
docker logs wireguardStep 6: Access Configuration Files
The WireGuard configuration files for the server and peers are stored in the config/wireguard directory. Navigate to this directory:
cd config/wireguard/Each peer will have its own configuration folder, such as peer1. To view the configuration for a specific peer, navigate to its directory:
cd peer1View the peer’s configuration file:
cat peer1.confExample peer1.conf file:
[Interface]
Address = 10.64.1.2
PrivateKey = qOPHZ7vxl6PzeAM00aEkVy4vtB4HlrAN2kt8W3xE7Wc=
ListenPort = 51820
DNS = 10.64.1.1
[Peer]
PublicKey = AtN92g4xwuwXeuCypCUUQ2TxuQYVg823Bml9Q2Rs6H8=
PresharedKey = Q1FvSoWtAiIIEe9MrNF9quKozZ5abMtWkb6ZUsaS99o=
Endpoint = 18.143.198.152:51820
AllowedIPs = 0.0.0.0/0Step 7: Set Up the Client
Install WireGuard Client
Download and install the WireGuard client for your platform from the official WireGuard website.
Import the Configuration
Open the WireGuard client.
Click Import Tunnel.
Select the configuration file (e.g.,
peer1.conf).Activate the tunnel to connect to the WireGuard VPN.
Step 8: Test the Connection
Once the client is connected, verify that traffic is routed through the VPN by checking your public IP address:
curl ifconfig.meIf the IP matches your server’s public IP, the VPN is working correctly.
Notes
Ensure that port
51820/udpis open in your server’s firewall or security group.Modify the
PEERSenvironment variable in thedocker-compose.ymlfile to generate multiple client configurations.Restart the WireGuard container if you make changes to the configuration.
By following these steps, you can deploy a WireGuard VPN server on Docker with ease. Enjoy the security and performance of WireGuard for your networking needs!
Last updated