Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Setup a Wireguard Server on Linux with wg-easy

            Modified on Thu, 12 Mar at 4:19 PM

            Setup Debian netinst into a VM

            For secure boot, select Microsoft UEFI, and give at least 1GB RAM. 

            Select graphical install

            Go through setup

            When selecting packages, uncheck the Debian Desktop Environment and GNOME/KDE. Only select SSH Server and Standard system utilities.


            Login as the user (not root)


            su -
(then put in the root password)

apt update && apt upgrade -y
apt install curl resolvconf net-tools nano -y


            To give the VM a static IP:

            nano /etc/network/interfaces


            Then change the iface eth0 inet dhcp line with:

            iface eth0 inet static
address 192.168.1.50
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 1.1.1.1 8.8.8.8

            Ctrl+O to save, then Ctrl+X to exit. Then to restart the network so the IP takes effect:

            systemctl restart networking


            Reconnect to the shell, then install docker and wg-easy

            su -
(then put in the root password)
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
mkdir -p /etc/docker/containers/wg-easy
curl -o /etc/docker/containers/wg-easy/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
cd /etc/docker/containers/wg-easy
docker compose up -d


            Now you can go to http://IPADDRESS:51821 to configure it.


            You can allow HTTP insecure connections by editing the docker-compose.yml.


            nano /etc/docker/containers/wg-easy/docker-compose.yml

            Then uncomment the environment line and the INSECURE=true line. Then restart docker by running:

            docker compose stop
docker compose up -d


            ** OLD BELOW **


            Create the password hash for the admin interface, and then use the hash in the next Docker command:

            docker run --rm -it ghcr.io/wg-easy/wg-easy wgpw 'YourDesiredPassword'


            sudo docker run -d \
  --name=wg-easy \
  -e WG_HOST=**PUBLIC_HOSTNAME_OR_IP** \
  -e PASSWORD_HASH='**PASSWORD_HASH**' \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy:15


            To restart (and update) wg-easy:

            sudo docker stop wg-easy
sudo docker rm wg-easy
# uncomment this to update
# docker pull ghcr.io/wg-easy/wg-easy

            Then run the big command above again.


            If you need to restore private and public keys, do a backup, edit the file and restore.


            Source:

            https://github.com/wg-easy/wg-easy/tree/production?tab=readme-ov-file


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0