Skip to content

WgEasy

Description⚓︎

The easiest way to run WireGuard VPN + Web-based Admin UI

Warning

You need to expose Ingress Port on your Router for UDP traffic

Docker⚓︎

Basic info⚓︎

Basic info with official links

docker compose.yml⚓︎

YAML
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
version: "3.8"
services:
  wgpri:
    image: weejewel/wg-easy:latest
    container_name: wgpri
    networks:
      - proxy # rename this to your custom docker network
    environment:
      - WG_HOST=${WG_PRI_DOMAIN}
      - PASSWORD=${WG_PRI_PASS}
      - WG_PORT=${WG_PRI_PORT}
      - WG_DEFAULT_DNS=${LOCAL_DNS}
        #      - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 # doesn't work with this option enabled
    volumes:
      - ${CFG_DIR}/wgpri:/etc/wireguard
    labels:
      traefik.enable: true   # Enable Traefik reverse proxy for the Traefik dashboard.
      traefik.http.services.wgpri.loadbalancer.server.port: 51821
    ports:
      - "51820:51820/udp" #wg traffic port; match with WG_PORT
      - "51821:51821/tcp" #webgui port
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

networks:
  proxy:    # rename this to your custom docker network.
    external: true
YAML
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
---
version: "3"
services:
  wgsec:
    image: weejewel/wg-easy:latest
    container_name: wgsec
    networks:
      - proxy # rename this to your custom docker network
    environment:
      - WG_HOST=${WG_SEC_DOMAIN}
      - PASSWORD=${WG_SEC_PASS}
      - WG_PORT=${WG_SEC_PORT}
      - WG_DEFAULT_DNS=${LOCAL_DNS}
        #      - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 # doesn't work with this option enabled
    volumes:
      - ${CFG_DIR}/wgsec:/etc/wireguard
    ports:
      - "51822:51820/udp" #wg traffic port; match with WG_PORT
      - "51821:51821/tcp" #webgui port
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

networks:
  proxy:    # rename this to your custom docker network.
    external: true
YAML
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
version: "3"
services:
  wgcloud:
    image: weejewel/wg-easy:latest
    container_name: wgcloud
    networks:
      - proxy # rename this to your custom docker network
    environment:
      - WG_HOST=${WG_CL_ZUR}
      - PASSWORD=${WG_CL_PASS}
      - WG_PORT=${WG_PRI_PORT}
      - WG_DEFAULT_DNS=1.1.1.1
        #      - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 # doesn't work with this option enabled
    volumes:
      - ${CFG_DIR}/wgcloud:/etc/wireguard
    ports:
      - "51820:51820/udp" #wg traffic port; match with WG_PORT
      - "51821:51821/tcp" #webgui port
    # labels:
    #   traefik.enable: true   # Enable Traefik reverse proxy for the Traefik dashboard.
    #   traefik.http.services.wgpri.loadbalancer.server.port: 51821
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

networks:
  proxy:    # rename this to your custom docker network.
    external: true

deploy.sh⚓︎

Bash
1
2
mkdir -p "${CFG_DIR}"/wgpri
docker compose up -d
Bash
1
2
mkdir -p "${CFG_DIR}"/wgsec
docker compose up -d
Bash
1
2
mkdir -p "${CFG_DIR}"/wgcloud
docker compose up - d