Wireguard

From wiki.bastelbude.grade.de
Revision as of 08:30, 21 October 2023 by Kannix (talk | contribs) (plesk, docker, wireguard)
Jump to: navigation, search

plesk, docker, wireguard

prerequisite

Plesk

  • watch out for plesk-default-firewall-rules! System policy for traffic forwarding = Deny forwarding of all other traffic
    • change to Allow ...
  • add firewall-rule Allow incoming from all on port 51820/udp
  • add Plesk Docker Extension

shell

  • apt install docker-compose
  • edit /etc/sysctl.conf net.ipv4.ip_forward=1
    • reload sysctl -p
  • check kernel module modprobe wireguard

docker compose

  • mkdir /var/www/vhosts/guard.grade.de/wireguard
  • cd /var/www/vhosts/guard.grade.de/wireguard
  • docker-compose.yaml
version: "3"

services:
  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
    volumes:
      - ./config:/config
    ports:
      # port for wireguard-ui. this must be set here as the `wireguard-ui` container joins the network of this container and hasn't its own network over which it could publish the ports
      - "5000:5000"
      # port of the wireguard server
      - "51820:51820/udp"

  wireguard-ui:
    image: ngoduykhanh/wireguard-ui:latest
    container_name: wireguard-ui
    depends_on:
      - wireguard
    cap_add:
      - NET_ADMIN
    # use the network of the 'wireguard' service. this enables to show active clients in the status page
    network_mode: service:wireguard
    environment:
      - SENDGRID_API_KEY
      - EMAIL_FROM_ADDRESS
      - EMAIL_FROM_NAME
      - SESSION_SECRET
      - WGUI_USERNAME=admin
      - WGUI_PASSWORD=admin
      - WG_CONF_TEMPLATE
      - WGUI_MANAGE_START=true
      - WGUI_MANAGE_RESTART=true
    logging:
      driver: json-file
      options:
        max-size: 50m
    volumes:
      - ./db:/app/db
      - ./config:/etc/wireguard
  • docker-compose up
Retrieved from "https://bastelbude.grade.de/mediawiki/index.php?title=Wireguard&oldid=3288"