VPNWG-Easy
A simple WireGuard VPN management UI for easily creating and managing VPN clients through a web interface.
Review notes
Requires NET_ADMIN and SYS_MODULE capabilities. Configure the correct public IP and UDP port 51820 for client connections.
Deployment guide
Run a single Docker container with special capabilities for WireGuard management. Open UDP port.
- Open UDP port 51820 on the firewall and router.
- Run the container with NET_ADMIN and SYS_MODULE capabilities.
- Set WG_HOST to the server public IP or domain.
- Set admin password via PASSWORD_HASH.
- Create client profiles and download config files or scan QR codes.
Backup:Back up the config directory containing WireGuard keys and client profiles.
Copy and run on your server
Use each block separately: save the compose file, or copy the bash script to create it and start the container.
docker-compose.ymlyaml
services:
wg-easy:
image: ghcr.io/wg-easy/wg-easy:latest
container_name: wg-easy
environment:
WG_HOST: "YOUR_SERVER_IP"
PASSWORD_HASH: "$$2y$$10$$your_bcrypt_hash_here"
WG_DEFAULT_DNS: "1.1.1.1"
volumes:
- ./config:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stoppedsetup.shbash
#!/usr/bin/env bash
set -euo pipefail
sudo mkdir -p /opt/wg-easy
sudo chown "$USER":"$USER" /opt/wg-easy
cd /opt/wg-easy
cat > docker-compose.yml <<'COMPOSE'
services:
wg-easy:
image: ghcr.io/wg-easy/wg-easy:latest
container_name: wg-easy
environment:
WG_HOST: "YOUR_SERVER_IP"
PASSWORD_HASH: "$$2y$$10$$your_bcrypt_hash_here"
WG_DEFAULT_DNS: "1.1.1.1"
volumes:
- ./config:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped
COMPOSE
docker compose up -d
echo "WG-Easy is running on http://SERVER_IP:51821"Stack
Node.jsDocker