Contact About
Home > Software > How to Deploy WireGuard with Docker Compose: A Secure VPN Setup Guide

How to Deploy WireGuard with Docker Compose: A Secure VPN Setup Guide

Anastasios Antoniadis

Software

Discover how to deploy WireGuard, the fast and modern VPN protocol, using Docker Compose with this straightforward guide. Secure your network connections effortlessly, ensuring privacy and speed.

Docker (1)
Share on Pinterest Share on LinkedIn

WireGuard® is a modern VPN (Virtual Private Network) software that is faster, simpler, and more secure than many other VPN protocols. It aims to be more performant than OpenVPN and IPsec, making it a preferred choice for many looking to secure their network communications. Running WireGuard inside a Docker container can simplify deployment and management, especially when using Docker Compose to orchestrate the setup. This guide provides a comprehensive walkthrough on deploying WireGuard using Docker Compose, creating a robust VPN solution.

Prerequisites

Before starting, ensure you have:

  • Docker installed on your system.
  • Docker Compose installed on your system.
  • Basic knowledge of Docker, Docker Compose, and networking concepts.

Step 1: Create a Docker Compose File

Create a new directory to house your WireGuard setup. This directory will contain your Docker Compose file (docker-compose.yml) and any additional configuration files or directories you might need.

mkdir wireguard-docker && cd wireguard-docker

Create the docker-compose.yml file:

touch docker-compose.yml

Open the file in a text editor and add the following configuration:

version: '3.8'

services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - SERVERURL=wireguard.example.com # Change to your domain / public IP
      - SERVERPORT=51820 # Change if necessary
      - PEERS=1 # Number of peers to create configs for
      - PEERDNS=auto
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    ports:
      - "51820:51820/udp"
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

Configuration Explained:

  • image: Specifies the WireGuard image to use. This example uses linuxserver/wireguard, a popular Docker image for WireGuard.
  • container_name: Sets a custom name for the container.
  • cap_add: Adds necessary capabilities for WireGuard to function correctly.
  • environment: Defines environment variables for the container. Adjust PUID, PGID, TZ (timezone), SERVERURL (your server’s public IP or domain), SERVERPORT (the port WireGuard listens on), PEERS (the number of peer/client configurations to generate), and PEERDNS as necessary.
  • volumes: Mounts the config directory for WireGuard configuration files and persistent storage. It also mounts /lib/modules to ensure the WireGuard module can interact with the host kernel.
  • ports: Exposes the WireGuard UDP port to the host. The default is 51820, but you can change it as needed.
  • sysctls: Sets necessary system controls for WireGuard operation.
  • restart: Configures the container to restart automatically unless explicitly stopped.

Step 2: Initialize WireGuard Configuration

Before starting your WireGuard container, ensure the config directory exists within your project folder. WireGuard will generate configuration files in this directory when the container first starts.

mkdir config

Step 3: Launch WireGuard

Navigate to the directory containing your docker-compose.yml file and start WireGuard by running:

docker compose up -d

This command downloads the necessary Docker image and starts the WireGuard container in detached mode.

Step 4: Retrieve WireGuard Client Configuration

After the container starts, WireGuard generates client configuration files in the ./config/peerX directories (where X is the peer number). Retrieve the client configuration file (peerX.conf) and use it to configure your WireGuard client on your device.

Step 5: Connect to Your VPN

Establish the VPN connection with the client configuration file imported into your WireGuard client. You should now be securely connected to your network through WireGuard.

Conclusion

Deploying WireGuard with Docker Compose offers a straightforward method for setting up a secure, high-performance VPN. Following the steps outlined in this guide, you can quickly have a WireGuard VPN running, ready to secure your network communications. Docker Compose simplifies the management of the WireGuard service, making it an excellent choice for both personal and professional use.

Anastasios Antoniadis
Follow me
Latest posts by Anastasios Antoniadis (see all)

Related posts:

  1. How to Fix “docker container run” requires at least 1 argument
  2. Docker ‘ps’ and ‘ps -a’: Managing and Inspecting Containers
  3. How to Fix the “docker postgres keeps restarting” Error
  4. How to Fix “docker container keeps restarting”
  5. How to Use Filebeat & Logstash with Docker Compose
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

BORDERPOLAr

Sepapaja 6, Tallinn, 15551, Harju, Estonia

© 2024 CYVOX OÜ

PRIVACY POLICY terms of service
0
Would love your thoughts, please comment.x
()
x