Web GUI for Wireguard VPN.
Wireguard is the best VPN solution right now. But its not noob friendly or easy.
WG-easy tries to solve this.
Written in javascript.
/home/
└── ~/
└── docker/
└── wg-easy/
├── 🗁 wireguard_data/
├── 🗋 .env
└── 🗋 docker-compose.yml
wireguard_data/- a directory with wireguard config files.env- a file containing environment variables for docker composedocker-compose.yml- a docker compose file, telling docker how to run the container
docker-compose.yml
services:
wg-easy:
image: ghcr.io/wg-easy/wg-easy:14
container_name: wg-easy
hostname: wg-easy
restart: unless-stopped
env_file: .env
volumes:
- ./wireguard_data:/etc/wireguard
ports:
- "51820:51820/udp" # vpn traffic
- "51821:51821" # web interface
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
networks:
default:
name: $DOCKER_MY_NETWORK
external: true.env
# GENERAL
DOCKER_MY_NETWORK=caddy_net
TZ=Europe/Bratislava
#WG-EASY
WG_HOST=vpn.example.com # can also be just public IP
# PASSWORD=supersecretpassword
PASSWORD_HASH=$$2a$$12$$52a84HoSf99aLL7lmt9NsO0hlhZmGuJnyBK.bToiSdbQhTvMjV3ce
WG_PORT=51820
WG_DEFAULT_ADDRESS=10.221.221.x
WG_ALLOWED_IPS=192.168.1.0/24
WG_DEFAULT_DNS=In version 14 PASSWORD as env variable is no longer allowed
and PASSWORD_HASH must be used.
It is a bcrypt hash
of the password and in compose it must be without quotation marks
and any $ symbol needs to be doubled - replaced with $$.
DNS is set to null as I had issues with it set, but it should be tried, set it to ip address where at port 53 dns server answers. Test then with nslookup.
Caddy v2 is used, details
here.
Caddyfile
vpn.{$MY_DOMAIN} {
reverse_proxy wg-easy:51821
}
Login with the password from the .env file.
Add user, download config, use it.
Manual image update:
docker compose pulldocker compose up -ddocker image prune