Skip to main content

1. How to Deploy

Wireguard is new VPN technology that provides super fast and encrypted access to another network. The setup I will be showing is ideal to implement on a VPS, for changing your Public IP address when browsing the internet from home, or it can be the ideal setup for tunneling creating a secure and encrypted network tunnel into your trusted home network

Prerequisites:
  • Have the latest docker installed (Obviously)
  • Make sure your distribution OS supports wireguard
Info:

This container has a fantastic WebUI as displayed below:

wg-easy-docker.png

How to install:
  1. To install, first open your portainer instance, and log in.
  2. Navigate to stacks, and click on Add Stack
  3. Then, copy and paste the following into the stack:
version: '3.3'
services:
    wg-easy:
        container_name: wg-easy
        environment:
            - 'WG_HOST=wireguard.example.com' # enter domain name that points to Wireguard Instance
             	#Ensure that this domain points directly to this wireguard instance, 
                # and that it isn't proxied through something like cloudflare
            - 'PASSWORD=123456789' # change this to a secure password
            - 'WG_PORT=64443' # Enter the external docker port. In this case it is 64443
            - 'WG_PERSISTENT_KEEPALIVE=25'
        volumes:
            - 'wg-easy:/etc/wireguard' #changes this to a mounted volume from host if you want to persist configuration
        ports:
            - '64443:51820/udp' # this port exposes the wireguard tunnel port, same as env variable above
            - '51821:51821/tcp' # this port exposes the wg-easy UI
        restart: unless-stopped
        image: weejewel/wg-easy
        cap_add:
          - NET_ADMIN
        devices:
          - "/dev/net/tun:/dev/net/tun"
        
volumes:            #Use this if you don't care about persisting your install
  wg-easy:
    driver: local

4. Then click on Deploy Stack, and wait for a few minutes while it deploys

5. Navigate to http://<ipaddress>:51821 , enter your super_secure_password that you set as an environment variable, and Add new Devices!

And with that you have succesfully configured a wireguard container for VPN access!

Links: