rubi.me
Sign Up Log In
Home  »  Uncategorized   »   Wireguard working config

Wireguard working config

on Sun Dec 1 | Updated on Sun Dec 1

Wireguard working config

#https://github.com/ngoduykhanh/wireguard-ui/issues/473#issuecomment-2237487078
#https://linuxiac.com/how-to-set-up-wireguard-vpn-with-docker/
version: "3"

services:
  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SERVERURL=10.10.10.1. #change
      - SERVERPORT=51820
      - PEERS=1 
      - PEERDNS=1.1.1.1
      - LOG_CONFS=true
    sysctls:
      - net.ipv4.ip_forward=1 # forward requests
      - net.ipv4.conf.all.src_valid_mark=1 # Permits rp_filter to function when the fwmark is used for routing traffic in both directions      
    volumes:
      - /root/wgvpn:/config
    ports:
      - 5000:5000/tcp
      - 51820:51820/udp
    restart: unless-stopped
    healthcheck:
      test: stat /etc/passwd || exit 1
      interval: 20s
      timeout: 60s
      start_period: 60s
  wireguard-ui:
    image: ngoduykhanh/wireguard-ui:latest
    container_name: wireguard-ui
    depends_on:
      wireguard:
        condition: service_healthy
    cap_add:
      - NET_ADMIN
    network_mode: service:wireguard
    environment:
      - WGUI_USERNAME=admin
      - WGUI_PASSWORD=password
      - WGUI_DNS=1.1.1.1
      - WGUI_MANAGE_START=true
      - WGUI_MANAGE_RESTART=true
    restart: unless-stopped
    logging:
      driver: json-file
      options:
        max-size: 50m
    volumes:
      - /root/wgvpn:/app/db
      - /root/wgvpn:/etc/wireguard

To start, switch to the “Wireguard Server” tab. Then in the “Post Up Script” field, put:

iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

And respectively in “Post Down Script“:

iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

version: "3"

services:

  # WireGuard VPN service
  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
    volumes:
      - ./config:/config
    ports:
      # Port for WireGuard-UI
      - "5000:5000"
      # Port of the WireGuard VPN server
      - "51820:51820/udp"
    restart: unless-stopped

  # WireGuard-UI service
  wireguard-ui:
    image: ngoduykhanh/wireguard-ui:latest
    container_name: wireguard-ui
    depends_on:
      - wireguard
    cap_add:
      - NET_ADMIN
    # Use the network of the 'wireguard' service
    # This enables to show active clients in the status page
    network_mode: service:wireguard
    environment:
      - SENDGRID_API_KEY
      - EMAIL_FROM_ADDRESS
      - EMAIL_FROM_NAME
      - SESSION_SECRET
      - WGUI_USERNAME=admin
      - WGUI_PASSWORD=xxxxxx
      - WG_CONF_TEMPLATE
      - WGUI_MANAGE_START=true
      - WGUI_MANAGE_RESTART=true
    restart: unless-stopped
    logging:
      driver: json-file
      options:
        max-size: 50m
    volumes:
      - ./db:/app/db
      - ./config:/etc/wireguard