WireGuard Easy

WireGuard Easy

[SSO] VPN Service

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Android - configure application exclusion, e.g. Android Auto: Open the Wireguard app, edit the profile, click “All Applications”, select the application you want to exclude.

🏠 Home: https://www.wireguard.com/
📜 Source: https://github.com/wg-easy/wg-easy
Migration Guide: Migrate from v14 to v15

name: wg-easy
services:
  wg-easy:
    image: ghcr.io/wg-easy/wg-easy:14 # TODO Upgrade to 15.0.0
    container_name: wg-easy
    hostname: wireguard-easy
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      WG_HOST: vpn.${MYDOMAIN} # The public hostname of your VPN server
      # PASSWORD: ${ADMIN_PASSWORD} # When set, requires a password when logging in to the Web UI -> Disabled, Authelia SSO is configured
      # WG_DEFAULT_DNS: 1.1.1.1,8.8.8.8 # DNS server clients will use
      WG_DEFAULT_DNS: ${MAIN_NODE_IP} # DNS server clients will use
      WG_DEFAULT_ADDRESS: 10.8.0.x # Clients IP address range
      # WG_ALLOWED_IPS: "0.0.0.0/0,::/0" # Allowed IPs clients will use
      WG_ALLOWED_IPS: "192.168.0.0/16" # Allowed IPs clients will use
    ports:
      - 51820:51820/udp # VPN
    volumes:
      - ${DOCKER_VOLUMES}/wg-easy:/etc/wireguard
    networks:
      - proxy
    labels:
      traefik.enable: true
      traefik.http.routers.wireguard.rule: Host(`vpn.${MYDOMAIN}`)
      traefik.http.routers.wireguard.middlewares: localaccess-sso@file
      traefik.http.services.wireguard.loadbalancer.server.port: 51821
      homepage.group: Security
      homepage.name: WireGuard Easy
      homepage.icon: wireguard.png
      homepage.href: https://vpn.${MYDOMAIN}/
      homepage.description: "[SSO] VPN Service"

networks:
  proxy:
    external: true