Note
This article was written for a class assignment demonstrating the installation of Wireguard on Docker using docker-compose
. It is intended for educational purposes and may not reflect best practices for production environments. I promise I write about more interesting things usually.
Setting up the VM
I first created a DigitalOcean droplet running Ubuntu 20.04 to host this project, and installed Docker on it. First, I installed the packages needed to verify a certificate with sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
, then installed the Docker certificate using curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
.
After this, I then obtained the docker source for an x86-64 CPU, since that is what my droplet is running on, using the command sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu$(lsb_release -cs)stable" && apt-cache policy docker-ce
, then installed docker with the command sudo apt install docker-ce -y
.
After verifying that docker was in fact installed by running docker --help
and getting a valid help menu, I installed docker-compose from GitHub using sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
, and enabled the command with sudo chmod +x /usr/local/bin/docker-compose
. After
Installing Wireguard
I first created the ~/wireguard/
and ~/wireguard/config/
directories, to be used by the docker image, and then created a docker-compose.yml
file with the following contents:
version: "3.8"
services:
wireguard:
container_name: wireguard
image: linuxserver/wireguard
environment:
- PUID=1000
- PGID=1000
- TZ=America/Chicago
- SERVERURL=XXX.XXX.XXX.XXX
- SERVERPORT=51820
- PEERS=pc1,pc2,phone1
- PEERDNS=auto
- INTERNAL_SUBNET=10.0.0.0
ports:
- 51820:51820/udp
volumes:
- type: bind
source: ./config/
target: /config/
- type: bind
source: /lib/modules
target: /lib/modules
restart: always
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
I then ran docker-compose up -d
to start the Wireguard docker image.
Testing
I installed the Wireguard mobile app on my phone and scanned the generated QR code from running docker-compose logs -f wireguard
to enable the VPN. Before, my IP was as shown
And afterwards, with the VPN active, my IP changed to the following:
I then copied the config file from ~/wireguard/config/peer_pc1/peer_pc1.conf
to the Wireguard desktop app to set up the VPN on my laptop, and connected to it as shown below: