Difference between revisions of "Wireguard"
(→Plesk) |
(→plesk, docker, wireguard) |
||
| Line 13: | Line 13: | ||
* check kernel module <code>modprobe wireguard</code> | * check kernel module <code>modprobe wireguard</code> | ||
<code></code> | <code></code> | ||
| + | |||
| + | ==== docker compose ==== | ||
| + | * <code>mkdir /var/www/vhosts/guard.grade.de/wireguard</code> | ||
| + | * <code>cd /var/www/vhosts/guard.grade.de/wireguard</code> | ||
| + | * <code> | ||
| + | version: "3" | ||
| + | |||
| + | services: | ||
| + | wireguard: | ||
| + | image: linuxserver/wireguard:latest | ||
| + | container_name: wireguard | ||
| + | cap_add: | ||
| + | - NET_ADMIN | ||
| + | volumes: | ||
| + | - ./config:/config | ||
| + | ports: | ||
| + | # port for wireguard-ui. this must be set here as the `wireguard-ui` container joins the network of this container and hasn't its own network over which it could publish the ports | ||
| + | - "5000:5000" | ||
| + | # port of the wireguard server | ||
| + | - "51820:51820/udp" | ||
| + | |||
| + | wireguard-ui: | ||
| + | image: ngoduykhanh/wireguard-ui:latest | ||
| + | container_name: wireguard-ui | ||
| + | depends_on: | ||
| + | - wireguard | ||
| + | cap_add: | ||
| + | - NET_ADMIN | ||
| + | # use the network of the 'wireguard' service. this enables to show active clients in the status page | ||
| + | network_mode: service:wireguard | ||
| + | environment: | ||
| + | - SENDGRID_API_KEY | ||
| + | - EMAIL_FROM_ADDRESS | ||
| + | - EMAIL_FROM_NAME | ||
| + | - SESSION_SECRET | ||
| + | - WGUI_USERNAME=admin | ||
| + | - WGUI_PASSWORD=admin | ||
| + | - WG_CONF_TEMPLATE | ||
| + | - WGUI_MANAGE_START=true | ||
| + | - WGUI_MANAGE_RESTART=true | ||
| + | logging: | ||
| + | driver: json-file | ||
| + | options: | ||
| + | max-size: 50m | ||
| + | volumes: | ||
| + | - ./db:/app/db | ||
| + | - ./config:/etc/wireguard | ||
| + | </code> | ||
| + | * <code>docker-compose up</code> | ||
Revision as of 08:29, 21 October 2023
plesk, docker, wireguard
prerequisite
Plesk
- watch out for plesk-default-firewall-rules!
System policy for traffic forwarding = Deny forwarding of all other traffic- change to
Allow ...
- change to
- add firewall-rule
Allow incoming from all on port 51820/udp - add Plesk Docker Extension
shell
apt install docker-compose- edit /etc/sysctl.conf
net.ipv4.ip_forward=1- reload
sysctl -p
- reload
- check kernel module
modprobe wireguard
docker compose
mkdir /var/www/vhosts/guard.grade.de/wireguardcd /var/www/vhosts/guard.grade.de/wireguard
version: "3"
services:
wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
volumes:
- ./config:/config
ports:
# port for wireguard-ui. this must be set here as the `wireguard-ui` container joins the network of this container and hasn't its own network over which it could publish the ports
- "5000:5000"
# port of the wireguard server
- "51820:51820/udp"
wireguard-ui:
image: ngoduykhanh/wireguard-ui:latest
container_name: wireguard-ui
depends_on:
- wireguard
cap_add:
- NET_ADMIN
# use the network of the 'wireguard' service. this enables to show active clients in the status page
network_mode: service:wireguard
environment:
- SENDGRID_API_KEY
- EMAIL_FROM_ADDRESS
- EMAIL_FROM_NAME
- SESSION_SECRET
- WGUI_USERNAME=admin
- WGUI_PASSWORD=admin
- WG_CONF_TEMPLATE
- WGUI_MANAGE_START=true
- WGUI_MANAGE_RESTART=true
logging:
driver: json-file
options:
max-size: 50m
volumes:
- ./db:/app/db
- ./config:/etc/wireguard
docker-compose up
