Project Highlights
This WireGuard project documents a Docker Compose based VPN server deployment for secure remote connectivity. It covers container configuration, peer generation, client setup, QR-based onboarding, persistent keepalive, connection management with a helper script, and troubleshooting commands for validating the tunnel.
- Deployed WireGuard using Docker Compose and the linuxserver/wireguard image.
- Configured server URL, UDP port 51820, internal subnet, peer count, and allowed IPs.
- Generated peer configuration files under
/opt/4rji/wireguard/config/. - Configured Linux clients using
wg0.conf,wg-quick, andwg. - Supported QR-based client onboarding and persistent keepalive settings.
- Documented helper-script management and troubleshooting with
docker execandwg show.
"Unleash the power of secure connectivity with just one command!"
This guide helps you set up a Wireguard VPN server using Docker-Compose, simplifying the process of deploying and managing secure network connections. With easy-to-follow steps and a streamlined configuration, you'll have your VPN up and running in no time.
-
1
Install wireguard
sudo apt install docker-compose -
2
Configure docker compose
sudo mkdir /opt/4rji/wireguard sudo chown User:User /opt/4rji/wireguard nano docker-compose.yaml version: '3.8' services: wireguard: image: lscr.io/linuxserver/wireguard:latest container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE #optional environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - SERVERURL=192.168.200.98 - SERVERPORT=51820 #optional - PEERS=5 #Number of clients here - PEERDNS=auto #optional - INTERNAL_SUBNET=10.13.13.0/24 #optional (added /24 to define subnet) - ALLOWEDIPS=0.0.0.0/0 #optional - PERSISTENTKEEPALIVE_PEERS= #optional - LOG_CONFS=true #optional volumes: - /opt/4rji/wireguard/config:/config - /lib/modules:/lib/modules #optional ports: - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped docker-compose up -d -
3
Update the number of peers
Change in your docker-compose.yaml the line: - PEERS=5 to: - PEERS=10 Then execute: docker-compose up -d --force-recreate With this, the container will automatically generate the keys and peer folders with their peer.conf files in /opt/4rji/wireguard/config/peer ...... -
4
docker compose commands
#verify is running docker exec -it wireguard wg #just in case we need to restart after change configuration on docker compose docker-compose up -d --force-recreate #configuration file /opt/4rji/wireguard/config/peer1/peer1.conf -
5
on the client side
sudo apt install wireguard resolvconf -
6
set the configuration
#copy the peer1.conf to /etc/wireguard/wg0.conf sudo nano /etc/wireguard/wg0.conf sudo wg-quick up wg0 sudo wg -
7
Also we can scan the QR
And to keep the connection add: PersistentKeepalive = 25 -
8
We can also use the wgc script along with the connection name to manage the WireGuard connection more easily, with a configurable menu that saves us time.
❯ wgc bb8 _________________________________________________________ Select an option: c) Connect d) Disconnect r) Reconnect s) Show connection status m) Modify configuration file q) Quit _________________________________________________________ Press the corresponding key to choose an option [c/d/r/s/m/q]: -
9
Troubleshooting Commands
# Check if WireGuard is listening on port 51821 docker exec -it wireguard ss -lun | grep 51821 # Show WireGuard interface status and configuration docker exec -it wireguard wg show # View the main WireGuard configuration file cat /opt/4rji/wireguard/config/wg0.conf
Ready, enjoy.