gyarbij/wireui
This is a security and hardening divergent fork of wg-easy
291
This is a security and hardening divergent fork of wg-easy The easiest way to run WireGuard. This takes care of the configurations steps for novices while still allowing customizability for more experienced users, and comes packed with a UI, so you're not fiddling with .conf files and scp.
If there is no present installation of Docker, you should install it using: Docker Desktop for Desktop
or
Docker Engine for Servers/Headless
Alternatively, you can install it by running the convenience script below. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs:
$ curl -sSL https://get.docker.com | sh
$ sudo usermod -aG docker $(whoami)
$ exit
And log in again.
To automatically install & run wireui, simply run:
$ docker run -d \
--name=wireui \
-e WG_HOST=🚨YOUR_SERVER_IP \
-e PASSWORD=🚨YOUR_ADMIN_PASSWORD \
-v ~/.wireui:/etc/wireguard \
-p 51820:51820/udp \
-p 51821:51821/tcp \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv4.ip_forward=1" \
--restart unless-stopped \
gyarbij/wireui
💡 Replace
YOUR_SERVER_IP
with your WAN IP, or a Dynamic DNS hostname.💡 Replace
YOUR_ADMIN_PASSWORD
with a password to log in on the Web UI.
The Web UI will now be available on http://0.0.0.0:51821
.
💡 Your configuration files will be saved in
~/.wireui
These options can be configured by setting environment variables using -e KEY="VALUE"
in the docker run
command.
Env | Default | Example | Description |
---|---|---|---|
PASSWORD | - | ChangeMe@69 | When set, requires a password when logging in to the Web UI. |
WG_HOST | - | vpn.example.com | The public hostname of your VPN server. |
WG_PORT | 51820 | 12345 | The public UDP port of your VPN server. WireGuard will always listen on 51820 inside the Docker container. |
WG_MTU | null | 1420 | The MTU the clients will use. Server uses default WG MTU. |
WG_PERSISTENT_KEEPALIVE | 0 | 25 | Value in seconds to keep the "connection" open. |
WG_DEFAULT_ADDRESS | 10.8.0.x | 10.6.0.x | Client's IP address range. |
WG_DEFAULT_DNS | 1.1.1.1 | 8.8.8.8, 8.8.4.4 | DNS server clients will use. |
WG_ALLOWED_IPS | 0.0.0.0/0, ::/0 | 192.420.69.0/24, 10.0.1.0/24 | Allowed IPs clients will use. |
WG_POST_UP | ... | iptables ... | See config.js for the default value. |
WG_POST_DOWN | ... | iptables ... | See config.js for the default value. |
If you change
WG_PORT
, make sure to also change the exposed port.
To update to the latest version, simply run:
docker stop wireui
docker rm wireui
docker pull gyarbij/wireui
And then run the docker run -d \ ...
command above again.
docker pull gyarbij/wireui