Setup a Wireguard Server on Linux with wg-easy

Modified on Wed, 14 May at 5:20 PM

Setup Ubuntu server into a VM

sudo -i
apt install net-tools nano
curl -sSL https://get.docker.com | sh
usermod -aG docker $(whoami)
nano 50-cloud-init.yaml # to set a static LAN IP

sudo docker run -d \
--name=wg-easy \
-e LANG=en \
-e WG_HOST=<WAN IP / HOSTNAME / DDNS> \
-e PASSWORD_HASH='<ADMIN PASSWORD HASH>' \
-e PORT=51821 \
-e WG_PORT=51820 \
-e WG_DEFAULT_ADDRESS=10.10.0.x \
-e WG_DEFAULT_DNS=8.8.8.8,1.1.1.1 \
-e WG_ALLOWED_IPS=192.168.1.0/24 \
-v ~/.wg-easy:/etc/wireguard \
-p 51820:51820/udp \
-p 51821:51821/tcp \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv4.ip_forward=1" \
--restart unless-stopped \
ghcr.io/wg-easy/wg-easy

To restart (and update) wg-easy:

sudo docker stop wg-easy
sudo docker rm wg-easy
# uncomment this to update
# docker pull ghcr.io/wg-easy/wg-easy

Then run the big command above again.

Source:

https://github.com/wg-easy/wg-easy/tree/production?tab=readme-ov-file