Wireguard

From wiki.bastelbude.grade.de
Revision as of 08:29, 21 October 2023 by Kannix (talk | contribs) (plesk, docker, wireguard)
Jump to: navigation, search

plesk, docker, wireguard

prerequisite

Plesk

  • watch out for plesk-default-firewall-rules! System policy for traffic forwarding = Deny forwarding of all other traffic
    • change to Allow ...
  • add firewall-rule Allow incoming from all on port 51820/udp
  • add Plesk Docker Extension

shell

  • apt install docker-compose
  • edit /etc/sysctl.conf net.ipv4.ip_forward=1
    • reload sysctl -p
  • check kernel module modprobe wireguard

docker compose

  • mkdir /var/www/vhosts/guard.grade.de/wireguard
  • cd /var/www/vhosts/guard.grade.de/wireguard

version: "3"

services: 

 wireguard:
   image: linuxserver/wireguard:latest
   container_name: wireguard
   cap_add:
     - NET_ADMIN
   volumes:
     - ./config:/config
   ports:
     # port for wireguard-ui. this must be set here as the `wireguard-ui` container joins the network of this container and hasn't its own network over which it could publish the ports
     - "5000:5000"
     # port of the wireguard server
     - "51820:51820/udp"

 wireguard-ui:
   image: ngoduykhanh/wireguard-ui:latest
   container_name: wireguard-ui
   depends_on:
     - wireguard
   cap_add:
     - NET_ADMIN
   # use the network of the 'wireguard' service. this enables to show active clients in the status page
   network_mode: service:wireguard
   environment:
     - SENDGRID_API_KEY
     - EMAIL_FROM_ADDRESS
     - EMAIL_FROM_NAME
     - SESSION_SECRET
     - WGUI_USERNAME=admin
     - WGUI_PASSWORD=admin
     - WG_CONF_TEMPLATE
     - WGUI_MANAGE_START=true
     - WGUI_MANAGE_RESTART=true
   logging:
     driver: json-file
     options:
       max-size: 50m
   volumes:
     - ./db:/app/db
     - ./config:/etc/wireguard

  • docker-compose up
Retrieved from "https://bastelbude.grade.de/mediawiki/index.php?title=Wireguard&oldid=3287"