Deploying WG-Easy with Docker Compose¶
Introduction to WG-Easy¶
WG-Easy is a simple, web-based management interface for WireGuard VPN, which simplifies the configuration and management of VPN connections. It provides a user-friendly web interface to configure your VPN without the need for complex command-line tools.
Docker Compose Configuration¶
Here's how to deploy WG-Easy using Docker Compose, detailing each component of the configuration to ensure clarity and proper setup.
Docker Compose File (docker-compose.yml
)¶
version: '3.8'
services:
wg-easy:
image: ghcr.io/wg-easy/wg-easy # The Docker image to use.
container_name: wg-easy # Name of the container.
environment: # Environment variables to configure the instance.
- LANG=en # Language settings.
- WG_HOST=<Your IP/Domain> # Public IP or domain name where WG-Easy is accessible.
- PASSWORD_HASH='<🚨YOUR_ADMIN_PASSWORD_HASH>' # Bcrypt hash for Web UI login.
- PORT=51821 # Port for the web interface.
- WG_PORT=51820 # WireGuard port for VPN traffic.
volumes:
- ./wg-easy/:/etc/wireguard # Volume mapping for WireGuard configuration files.
ports:
- "51820:51820/udp" # UDP port used by WireGuard.
- "51821:51821/tcp" # TCP port for accessing the web interface.
cap_add: # Capabilities required for managing networking features.
- NET_ADMIN
- SYS_MODULE
sysctls: # Kernel parameters that need to be set for WireGuard.
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped # Ensures the container restarts automatically unless manually stopped.
Key Configuration Details¶
- Environment Variables:
LANG
: Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hiWG_HOST
: Specifies the public IP or DNS name where the WireGuard server can be accessed.PASSWORD_HASH
: Replace<🚨YOUR_ADMIN_PASSWORD_HASH>
with a bcrypt password hash for accessing the WG-Easy web interface.
See How to generate a bcrypt hash for instructions on creating the hash.PORT
andWG_PORT
: Define the ports for the web interface and WireGuard respectively.- Volumes: Maps a local directory (
wg-easy/
) to the container's configuration directory (/etc/wireguard
). This is where WG-Easy will store its configuration files. - Capabilities (
cap_add
):NET_ADMIN
andSYS_MODULE
are necessary for WG-Easy to manage network interfaces and routes effectively within the container. - Sysctls: Settings like
net.ipv4.ip_forward
enable IP forwarding, which is crucial for routing packets through the VPN.
Preparing for Deployment¶
Before running the Docker Compose file, ensure that the local directory (wg-easy/
) exists on your host machine:
This command creates the directory, avoiding permission issues and ensuring that WireGuard's configuration files are stored persistently.
Deployment¶
Deploy WG-Easy using Docker Compose with the following command:
This command starts the WG-Easy service in detached mode, running in the background.
Accessing WG-Easy¶
Once deployed, access the WG-Easy web interface through http://your-server-ip:51821
. You'll need to enter the bcrypt password specified in the PASSWORD_HASH
environment variable to manage your VPN settings.
Conclusion¶
Deploying WG-Easy with Docker Compose simplifies the setup of a WireGuard VPN server, providing an accessible and secure way to manage VPN connections through a web-based interface. This setup ensures that your VPN is robustly configured and easily manageable, even for those with minimal technical background.