gyarbij/wireui

docker

Hub

By gyarbij

•Updated over 2 years ago

This is a security and hardening divergent fork of wg-easy

Image

291

Overview Tags

WireUI

This is a security and hardening divergent fork of wg-easy⁠ The easiest way to run WireGuard⁠. This takes care of the configurations steps for novices while still allowing customizability for more experienced users, and comes packed with a UI, so you're not fiddling with .conf files and scp.

Features

All-in-one: WireGuard + Web UI.
Easy installation, simple to use.
List, create, edit, delete, enable & disable clients.
Show a client's QR code.
Download a client's configuration file.
Statistics for which clients are connected.
Tx/Rx charts for each connected client.
Gravatar support.

Requirements

A host with a kernel that supports WireGuard (all modern kernels).
A docker installation on the host.
The ability to open a port in your router/FW.

Installation

1. Install Docker

If there is no present installation of Docker, you should install it using: Docker Desktop⁠ for Desktop

Docker Engine⁠ for Servers/Headless

Alternatively, you can install it by running the convenience script below. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs:

$ curl -sSL https://get.docker.com | sh
$ sudo usermod -aG docker $(whoami)
$ exit

And log in again.

2. Run WireUI

To automatically install & run wireui, simply run:

$ docker run -d \
  --name=wireui \
  -e WG_HOST=🚨YOUR_SERVER_IP \
  -e PASSWORD=🚨YOUR_ADMIN_PASSWORD \
  -v ~/.wireui:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  gyarbij/wireui

💡 Replace YOUR_SERVER_IP with your WAN IP, or a Dynamic DNS hostname.
💡 Replace YOUR_ADMIN_PASSWORD with a password to log in on the Web UI.

The Web UI will now be available on http://0.0.0.0:51821.

💡 Your configuration files will be saved in ~/.wireui

Options

These options can be configured by setting environment variables using -e KEY="VALUE" in the docker run command.

Env	Default	Example	Description
`PASSWORD`	-	`ChangeMe@69`	When set, requires a password when logging in to the Web UI.
`WG_HOST`	-	`vpn.example.com`	The public hostname of your VPN server.
`WG_PORT`	`51820`	`12345`	The public UDP port of your VPN server. WireGuard will always listen on `51820` inside the Docker container.
`WG_MTU`	`null`	`1420`	The MTU the clients will use. Server uses default WG MTU.
`WG_PERSISTENT_KEEPALIVE`	`0`	`25`	Value in seconds to keep the "connection" open.
`WG_DEFAULT_ADDRESS`	`10.8.0.x`	`10.6.0.x`	Client's IP address range.
`WG_DEFAULT_DNS`	`1.1.1.1`	`8.8.8.8, 8.8.4.4`	DNS server clients will use.
`WG_ALLOWED_IPS`	`0.0.0.0/0, ::/0`	`192.420.69.0/24, 10.0.1.0/24`	Allowed IPs clients will use.
`WG_POST_UP`	`...`	`iptables ...`	See config.js⁠ for the default value.
`WG_POST_DOWN`	`...`	`iptables ...`	See config.js⁠ for the default value.

If you change WG_PORT, make sure to also change the exposed port.

Updating

To update to the latest version, simply run:

docker stop wireui
docker rm wireui
docker pull gyarbij/wireui

And then run the docker run -d \ ... command above again.

Docker Pull Command

docker pull gyarbij/wireui