Publish: 2022-03-15 | Modify: 2024-05-24
WireGuard is an open-source VPN program and protocol developed by Jason A. Donenfeld, which has been integrated into the Linux kernel. WireGuard aims to achieve better performance than IPsec and OpenVPN. It is suitable for home or enterprise use, but not for circumventing censorship. Today, let's talk about how to easily install Wireguard using Docker.
Manually installing WireGuard can be cumbersome, so here we choose to use Docker to install Wireguard. Make sure you have Docker installed and then execute the following command:
docker run -d \
--name=wireguard \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Asia/Shanghai \
-e SERVERURL=xxx.com `#optional` \
-e SERVERPORT=51820 `#optional` \
-e PEERS=1 `#optional` \
-e PEERDNS=auto `#optional` \
-e INTERNAL_SUBNET=10.13.13.0 `#optional` \
-e ALLOWEDIPS=0.0.0.0/0 `#optional` \
-p 51820:51820/udp \
-v /apps/wireguard/config:/config \
-v /apps/wireguard/modules:/lib/modules \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--restart unless-stopped \
linuxserver/wireguard
A brief explanation of the above parameters:
PUID/PGID
refers to user ID and group ID, which can be obtained in the Linux terminal using the id
command and then replaced with your own ID.SERVERURL
refers to the public access address, which can be filled in with a public IP or domain name. If filled in incorrectly, it can be manually modified later./apps/wireguard/config
and /apps/wireguard/modules
should be changed to the mount directories on your local machine.PEERS=1
indicates the number of users to be created, default is 1, the number can be modified as needed.If you prefer to use Docker Compose for deployment, you can use the following docker-compose.yaml
file:
version: '3'
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Shanghai
- SERVERURL=xxx.com
- SERVERPORT=51820 #optional
- PEERS=3 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
ports:
- "51820:51820/udp"
volumes:
- ./config:/config
- ./modules:/lib/modules
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
Android Client:
Simply search for "Wireguard" on the Google Play Store, or visit the following addresses (may require a VPN):
After installation, find the peer1.png
image file in your Docker mount directory /apps/wireguard/config/peer1/
and scan it with the Android client to import the configuration.
Other Clients
The Wireguard client is supported on all platforms. For Windows/macOS and other client installations, please refer to the official documentation: https://www.wireguard.com/install/
After installing other clients, you can export the configuration from the Android client (a compressed file) and then import the configuration by opening the compressed file in the other client.
Each Wireguard server (container) can only be used by one client at a time. If you need multiple clients to connect simultaneously, you will need to create multiple Docker containers.
If there are connection errors, pay attention to the client and server logs.
Wireguard uses the UDP protocol, which provides excellent performance but can easily be limited by ISPs. Additionally, the Wireguard protocol is easily identifiable, so it is not suitable for circumventing censorship, but it can be used as a home VPN.
Wireguard Image URL: https://hub.docker.com/r/linuxserver/wireguard Wireguard Official Website: https://www.wireguard.com/
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.