SundayHK
原生WireGuard 没有Web UI界面,添加帐号不方便
https://github.com/wg-easy/wg-easy
docker run -d \
--name=wg-easy \
-e WG_HOST=YOUR_SERVER_IP \
-e PASSWORD=YOUR_ADMIN_PASSWOR \
-e WG_DEFAULT_ADDRESS=10.0.7.x \
-e WG_DEFAULT_DNS=223.5.5.5 \
-e WG_PERSISTENT_KEEPALIVE=30 \
-e WG_ALLOWED_IPS=0.0.0.0/0 \
-v ~/.wg-easy:/etc/wireguard \
-p 51820:51820/udp \
-p 51821:51821/tcp \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv4.ip_forward=1" \
--restart=always \
ghcr.sundayhk.com/wg-easy/wg-easy测试WG_DEFAULT_ADDRESS 不生效, docker-compose 则正常
注意:
WG_DEFAULT_ADDRESS=10.8.0.x
中的x是任意,不要设置成数字
# source: https://github.com/wg-easy/wg-easy/blob/master/docker-compose.yml
version: "3.8"
services:
wg-easy:
environment:
# ⚠️ Required:
# Change this to your host's public address
- WG_HOST=x.x.x.x
# Optional:
- PASSWORD=foobar123
- WG_PORT=51820
- WG_DEFAULT_ADDRESS=10.77.0.x # 注意这里x是正确,非数字
- WG_DEFAULT_DNS=223.5.5.5
# - WG_MTU=1420
# - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
image: ghcr.sundayhk.com/wg-easy/wg-easy
container_name: wg-easy
volumes:
- .:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1必须修改:
WG_HOST=xxx需要修改为服务器的外网IP,云服务器可curl ip.sb 查询
PASSWORD=xxx设置管理wg-easy的密码
可选修改:
WG_DEFAULT_ADDRESS=和WG_ALLOWED_IPS=可以修改为wireguard所组局域网的ip段,如192.168.1.0/24
访问Dashboard http://xxx:51821 (xxx是你部署服务的内网IP或者所配置WG_HOST的地址)
导出配置文件、安装客户端导入配置文件
https://download.wireguard.com/windows-client/wireguard-installer.exe
升级
docker stop wg-easy
docker rm wg-easy
docker pull ghcr.io/wg-easy/wg-easy
