Adding wireguard example
Signed-off-by: Leon Stoldt <tech@leon-stoldt.de>
This commit is contained in:
parent
5cfa856a07
commit
acf94458dc
4 changed files with 108 additions and 0 deletions
|
@ -56,6 +56,7 @@ with Spring framework and a Postgres database.
|
|||
- [`Minecraft server`](https://github.com/docker/awesome-compose/tree/master/minecraft)
|
||||
- [`Plex`](https://github.com/docker/awesome-compose/tree/master/plex)
|
||||
- [`Portainer`](https://github.com/docker/awesome-compose/tree/master/portainer)
|
||||
- [`Wireguard`](https://github.com/docker/awesome-compose/tree/master/wireguard)
|
||||
## Basic setups for different platforms (not production ready - useful for personal use)
|
||||
- [`Gitea / PostgreSQL`](https://github.com/docker/awesome-compose/tree/master/gitea-postgres)
|
||||
- [`Nextcloud / PostgreSQL`](https://github.com/docker/awesome-compose/tree/master/nextcloud-postgres)
|
||||
|
|
2
wireguard/.env
Normal file
2
wireguard/.env
Normal file
|
@ -0,0 +1,2 @@
|
|||
TIMEZONE=Etc/UTC
|
||||
VPN_SERVER_URL=your-domain.dyndns.com # free examples http://www.duckdns.org/ and https://www.noip.com/
|
78
wireguard/README.md
Normal file
78
wireguard/README.md
Normal file
|
@ -0,0 +1,78 @@
|
|||
## Wireguard
|
||||
This example provides a base setup for using [Wireguard](https://www.wireguard.com/).
|
||||
More details on how to customize the installation and the compose file can be found in [linuxserver documentation](https://hub.docker.com/r/linuxserver/wireguard).
|
||||
|
||||
Project structure:
|
||||
```
|
||||
.
|
||||
├── .env
|
||||
├── docker-compose.yaml
|
||||
└── README.md
|
||||
```
|
||||
|
||||
[_docker-compose.yaml_](docker-compose.yaml)
|
||||
``` yaml
|
||||
services:
|
||||
wireguard:
|
||||
image: ghcr.io/linuxserver/wireguard
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
### .env
|
||||
Before deploying this setup, you need to configure the following values in the [.env](.env) file.
|
||||
- TIMEZONE
|
||||
- VPN_SERVER_URL (recommended setting up a server url with e.g. http://www.duckdns.org/ if you don't own a domain)
|
||||
|
||||
## Deploy with docker-compose
|
||||
When deploying this setup, the log will show relevant information. You need to forward the external port 51820 to access your VPN from outside.
|
||||
|
||||
``` shell
|
||||
$ docker-compose up
|
||||
Starting wireguard ...
|
||||
wireguard | **** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
|
||||
wireguard | **** Server mode is selected ****
|
||||
wireguard | **** External server address is set to your-domain.dyndns.com # free examples http://www.duckdns.org/ and https://www.noip.com/ ****
|
||||
wireguard | **** External server port is set to 51820. Make sure that port is properly forwarded to port 51820 inside this container ****
|
||||
[...]
|
||||
wireguard | PEER 1 QR code:
|
||||
wireguard | [GENERATED QR CODE TO SCAN FOR YOUR CONNECTION DETAILS]
|
||||
|
||||
```
|
||||
|
||||
## Expected result
|
||||
|
||||
Check containers are running:
|
||||
```
|
||||
$ docker ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
4992922d23dc ghcr.io/linuxserver/wireguard "/init" 7 seconds ago Up 5 seconds 0.0.0.0:51820->51820/udp, :::51820->51820/udp wireguard
|
||||
```
|
||||
|
||||
## Mobile Wireguard App
|
||||
|
||||
### Android
|
||||
<a href="https://play.google.com/store/apps/details?id=com.wireguard.android"><img src="https://play.google.com/intl/en_us/badges/images/generic/en_badge_web_generic.png" height="75"></a>
|
||||
|
||||
Install your Wireguard client on an Apple device by downloading the wireguard app and scanning the QR Code.
|
||||
|
||||
### iOS
|
||||
<a href="https://apps.apple.com/de/app/wireguard/id1441195209"><img src="https://www.apple.com/de/itunes/link/images/link_badge_appstore_large_2x.png" height="55"></a>
|
||||
|
||||
Install your Wireguard client on an Apple device by downloading the wireguard app and scanning the QR Code.
|
||||
|
||||
Stop the containers with
|
||||
``` shell
|
||||
$ docker-compose down
|
||||
# To delete all data run:
|
||||
$ docker-compose down -v
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### - (Raspberry Pi) Kernel Headers
|
||||
On Raspberry Pi run `sudo apt update && sudo apt upgrade && sudo apt install raspberrypi-kernel-headers` and reboot before starting Wireguard.
|
||||
Other Ubuntu / Debian based systems may need to install the kernel-headers too. Run `sudo apt update && sudo apt upgrade && sudo apt install linux-headers-$(uname -r)`
|
||||
|
||||
### - Server Mode Options
|
||||
To create new clients or display existing ones, take a look at the "[Server Mode](https://hub.docker.com/r/linuxserver/wireguard)" section
|
27
wireguard/docker-compose.yaml
Normal file
27
wireguard/docker-compose.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
version: '3.7'
|
||||
services:
|
||||
wireguard:
|
||||
image: ghcr.io/linuxserver/wireguard
|
||||
container_name: wireguard
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=${ZIMEZONE}
|
||||
- SERVERURL=${VPN_SERVER_URL} #optional
|
||||
- SERVERPORT=51820 #optional
|
||||
- PEERS=1 #optional
|
||||
- PEERDNS=auto #optional
|
||||
- INTERNAL_SUBNET=10.13.13.0 #optional
|
||||
- ALLOWEDIPS=0.0.0.0/0 #optional
|
||||
volumes:
|
||||
- /usr/share/appdata/wireguard/config:/config
|
||||
- /usr/src:/usr/src # location of kernel headers
|
||||
- /lib/modules:/lib/modules
|
||||
ports:
|
||||
- 51820:51820/udp
|
||||
sysctls:
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
restart: unless-stopped
|
Loading…
Reference in a new issue