Wireguard
Contents
plesk, docker, wireguard
prerequisite
Plesk
- watch out for plesk-default-firewall-rules!
System policy for traffic forwarding = Deny forwarding of all other traffic- change to
Allow ...
- change to
- add firewall-rule
Allow incoming from all on port 51820/udp - add Plesk Docker Extension
shell
apt install docker-compose- edit /etc/sysctl.conf
net.ipv4.ip_forward=1- reload
sysctl -p
- reload
- check kernel module
modprobe wireguard
docker compose
mkdir /var/www/vhosts/guard.grade.de/wireguardcd /var/www/vhosts/guard.grade.de/wireguard- docker-compose.yaml
version: "3"
services:
wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
volumes:
- ./config:/config
ports:
# port for wireguard-ui. this must be set here as the `wireguard-ui` container joins the network of this container and hasn't its own network over which it could publish the ports
- "5000:5000"
# port of the wireguard server
- "51820:51820/udp"
wireguard-ui:
image: ngoduykhanh/wireguard-ui:latest
container_name: wireguard-ui
depends_on:
- wireguard
cap_add:
- NET_ADMIN
# use the network of the 'wireguard' service. this enables to show active clients in the status page
network_mode: service:wireguard
environment:
- SENDGRID_API_KEY
- EMAIL_FROM_ADDRESS
- EMAIL_FROM_NAME
- SESSION_SECRET
- WGUI_USERNAME=admin
- WGUI_PASSWORD=admin
- WG_CONF_TEMPLATE
- WGUI_MANAGE_START=true
- WGUI_MANAGE_RESTART=true
logging:
driver: json-file
options:
max-size: 50m
volumes:
- ./db:/app/db
- ./config:/etc/wireguard
- testing
docker-compose up - production
docker-compose up -d
