wireguard-ui
wireguard-ui copied to clipboard
ngoduykhanh
The docker-compose example for linuxserver/wireguard is not suitable for latest linuxserver/wireguard image
The confs folder has been changed from /config/ to /config/wg_confs/
Here is the latest linuxserver/wireguard image changelog .
03.10.23: - Potentially Breaking Change: Support for multiple interfaces added. Wireguard confs moved to /config/wg_confs/. Any file with a .conf extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to wg0.conf.
I am wondering the wireguard container is necessary? what is wireguard container did ? if i change some configs via wireguard-ui, wireguard won't feel it until it restart.
@ByteDream
I found just using wireguard-ui alonely is working pretty if the wireguard kernel module is available on system.
I am wondering the wireguard container is necessary? what is wireguard container did ?
Here is my dockerfile.
version: "3.8"
services:
wireguard-ui:
container_name: wireguard-ui
image: ngoduykhanh/wireguard-ui:0.5.2
restart: unless-stopped
environment:
WGUI_SERVER_LISTEN_PORT: 51820
WGUI_FIREWALL_MARK: 0xca6c
WGUI_SERVER_INTERFACE_ADDRESSES: 10.20.30.0/24
WGUI_DEFAULT_CLIENT_ALLOWED_IPS: 10.20.30.0/24
WGUI_MANAGE_START: true
WGUI_MANAGE_RESTART: true
ports:
# Port for WireGuard-UI
- 5000:5000
# Port of the WireGuard VPN server
- 51820:51820/udp
cap_add:
- NET_ADMIN
volumes:
- ./conf/server:/etc/wireguard # conf
- ./conf/db:/app/db # ui db
I use thwe image: linuxserver/wireguard:v1.0.20210914-ls6 and recreate all... Now the webui it's work... but the clients is not work I think that is not find the wg0.conf cause in my webui under global settings in the Wireguard Config File Path fiels it's "/etc/wireguard/wg0.conf" ...but in my docker path that file is empty.
Anyone can explain step by step please how to make it work again please ? Thanks in advance Denis
Do we have template for config?
No client conf found. Provide your own client conf as "/config/wg0.conf" and restart the container
This works for me
version: '3'
services:
wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard
restart: unless-stopped
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=(####)
- SERVERUR=(####)
- PEERDNS=(####)
- INTERNAL_SUBNET=10.252.1.0/24
- PERSISTENTKEEPALIVE_PEERS=25
- PEERS=1
volumes:
- /etc/localtime:/etc/localtime:ro
- ./config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
- 5000:5000
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
wireguard-ui:
image: ngoduykhanh/wireguard-ui:latest
container_name: wireguard-ui
restart: unless-stopped
depends_on:
- wireguard
cap_add:
- NET_ADMIN
network_mode: service:wireguard
environment:
- PUID=1000
- PGID=1000
- WGUI_USERNAME=(####)
- WGUI_PASSWORD_HASH=(####)
- TZ=(####)
- WGUI_MANAGE_START=true
- WGUI_MANAGE_RESTART=true
- WGUI_LOG_LEVEL=INFO
- WGUI_PERSISTENT_KEEPALIVE=25
- WGUI_DNS=(####)
- WGUI_SERVER_POST_UP_SCRIPT=iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
- WGUI_SERVER_POST_DOWN_SCRIPT=iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE
logging:
driver: json-file
options:
max-size: 50m
volumes:
- ./db:/app/db
- ./config/wg_confs:/etc/wireguard
Thanks a lot for posting... but I used yours setting and the webserver is not work :-(
"MSL-DA" I have tried your docker-compose.yaml configuration and the webguard-ui is still broke.
CoreDNS-1.10.1
wireguard | linux/amd64, go1.20.11,
wireguard | **** Found WG conf /config/wg_confs/wg0.conf, adding to list ****
wireguard | **** Activating tunnel /config/wg_confs/wg0.conf ****
wireguard | Warning: /config/wg_confs/wg0.conf' is world accessible wireguard | wg-quick: wg0' already exists
wireguard | **** Tunnel /config/wg_confs/wg0.conf failed, will stop all others! ****
wireguard | **** All tunnels are now down. Please fix the tunnel config /config/wg_confs/wg0.conf and restart the container ****
wireguard | [ls.io-init] done.
/You can use this config. There is one more service that deletes this file : /config/wg_confs/wg0.conf before wireguard starts . For some reason, the file is generated empty , therefore wireguard sees it as broken config.
version: "3"
services: remove-file: image: alpine:latest container_name: remove-config-BUG command: /bin/sh -c "rm -f config/wg0.conf" volumes: - ${PWD}/wireguard:/config restart: always environment: - MAX_RETRY=1
wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE #optional
volumes:
- ${PWD}/wireguard:/config
environment:
- PUID=1000
- PGID=1000
- SERVERURL= http://10.1.1.1:5000
- SERVERPORT=51820 #optional
- PEERDNS= 8.8.8.8,1.1.1.1
- INTERNAL_SUBNET=10.8.8.0 #optional
- ALLOWEDIPS=10.1.0.0/16 #optional
- PERSISTENTKEEPALIVE_PEERS=30 #optional
- LOG_CONFS=true #optional
- PEERS=1 #NEED THIS TO ENABLE SERVER MODE
ports:
# port for wireguard-ui. this must be set here as the wireguard-ui container joins the network of this container and hasn't its own network over which it could publish the ports
- "5000:5000"
# port of the wireguard server
- "51820:51820/udp"
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
depends_on:
- remove-file
restart: always
wireguard-ui: image: ngoduykhanh/wireguard-ui:latest container_name: wireguard-ui depends_on: - wireguard cap_add: - NET_ADMIN # use the network of the 'wireguard' service. this enables to show active clients in the status page network_mode: service:wireguard environment: - BIND_ADDRESS=0.0.0.0:5000 - SESSION_SECRET=SESSION_SECRET_RANDOM - WGUI_DNS=10.1.5.1,1.1.1.1 - WGUI_USERNAME=admin - WGUI_PASSWORD=admin - WGUI_MANAGE_START=true - WGUI_MANAGE_RESTART=true - WGUI_PERSISTENT_KEEPALIVE=15 - EMAIL_FROM_ADDRESS=xxx - EMAIL_FROM_NAME=WireGuard Password Reset - SMTP_HOSTNAME=xxx - SMTP_PORT=465 - SMTP_AUTH_TYPE=PLAIN - SMTP_USERNAME=xxxx - SMTP_PASSWORD=xxx - SMTP_ENCRYPTION=STARTTLS - WGUI_DEFAULT_CLIENT_ALLOWED_IPS=10.1.0.0/16 #NEED THIS TO ACCESS LOCAL IP - WGUI_SERVER_POST_UP_SCRIPT=iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE - WGUI_SERVER_POST_DOWN_SCRIPT=iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE command: - '/bin/sh' - '-c' - '/bin/sleep 5"' logging: driver: json-file options: max-size: 51m restart: always volumes: - ${PWD}/wireguard/ui/db:/app/db - ${PWD}/wireguard:/etc/wireguard``
@skuskuM Thanks, this worked for me!
Herer is the correctly yml formatted version:
version: "3"
services:
remove-file:
image: alpine:latest
container_name: remove-config-BUG
command: /bin/sh -c "rm -f config/wg0.conf"
volumes:
- ${PWD}/wireguard:/config
restart: always
environment:
- MAX_RETRY=1
wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE #optional
volumes:
- ${PWD}/wireguard:/config
environment:
- PUID=1000
- PGID=1000
- SERVERURL=http://10.1.1.1:5000
- SERVERPORT=51820 #optional
- PEERDNS=8.8.8.8,1.1.1.1
- INTERNAL_SUBNET=10.8.8.0 #optional
- ALLOWEDIPS=10.1.0.0/16 #optional
- PERSISTENTKEEPALIVE_PEERS=30 #optional
- LOG_CONFS=true #optional
- PEERS=1 #NEED THIS TO ENABLE SERVER MODE
ports:
# port for wireguard-ui. this must be set here as the wireguard-ui container joins the network of this container and hasn't its own network over which it could publish the ports
- "5000:5000"
# port of the wireguard server
- "51820:51820/udp"
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
depends_on:
- remove-file
restart: always
wireguard-ui:
image: ngoduykhanh/wireguard-ui:latest
container_name: wireguard-ui
depends_on:
- wireguard
cap_add:
- NET_ADMIN
# use the network of the 'wireguard' service. this enables to show active clients in the status page
network_mode: service:wireguard
environment:
- BIND_ADDRESS=0.0.0.0:5000
- SESSION_SECRET=SESSION_SECRET_RANDOM
- WGUI_DNS=10.1.5.1,1.1.1.1
- WGUI_USERNAME=admin
- WGUI_PASSWORD=admin
- WGUI_MANAGE_START=true
- WGUI_MANAGE_RESTART=true
- WGUI_PERSISTENT_KEEPALIVE=15
- EMAIL_FROM_ADDRESS=xxx
- EMAIL_FROM_NAME=WireGuard Password Reset
- SMTP_HOSTNAME=xxx
- SMTP_PORT=465
- SMTP_AUTH_TYPE=PLAIN
- SMTP_USERNAME=xxxx
- SMTP_PASSWORD=xxx
- SMTP_ENCRYPTION=STARTTLS
- WGUI_DEFAULT_CLIENT_ALLOWED_IPS=10.1.0.0/16
#NEED THIS TO ACCESS LOCAL IP
- WGUI_SERVER_POST_UP_SCRIPT=iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
- WGUI_SERVER_POST_DOWN_SCRIPT=iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE
command:
- '/bin/sh'
- '-c'
- '/bin/sleep 5"'
logging:
driver: json-file
options:
max-size: 51m
restart: always
volumes:
- ${PWD}/wireguard/ui/db:/app/db
- ${PWD}/wireguard:/etc/wireguard
