Posted inUbuntu Vps Server

Build Your Own WireGuard VPN Server with Docker in 5 Minutes – Step‑by‑Step Guide

No CommentsPosted inUbuntu, Vps Server
WireGuard

Creating a secure, personal VPN has never been easier thanks to WireGuard and the excellent WG-Easy web UI. In this guide, I'll walk you through setting up your own WireGuard VPN server using Docker, complete with a user-friendly web interface for managing connections.

WireGuard is a modern VPN protocol that outperforms traditional options like OpenVPN and IPsec in both speed and security. Paired with the WG-Easy web interface, you'll have a powerful, self-hosted VPN solution up and running in minutes.

What You'll Need

  • A server or VPS running Linux (Ubuntu/Debian recommended)
  • Docker and Docker Compose installed
  • Basic command-line knowledge
  • A domain name (optional but recommended)
  • Ports 51820 (UDP) and 51821 (TCP) open on your firewall
  1. List of VPS Hosting Providers Offering Open Port 25

Why Set Up Your Own VPN?

Before diving into the technical steps, let's consider why running your own VPN server makes sense:

  • Complete privacy control: Unlike commercial VPN services, you're the only one with access to your data
  • No monthly subscription fees: Pay only for your server hosting
  • Custom security configuration: Tailor the setup to your specific needs
  • Access to your home network: Connect to devices on your home network while away
  • Bypass geo-restrictions: Access content as if browsing from your server's location

Installation Steps

Let's get started with the actual installation process:

1. Prepare Your Server

First, ensure Docker and Docker Compose are installed on your server:

# Update package lists
sudo apt update

# Install required packages
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common

# Add Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# Add Docker repository
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Update package lists again
sudo apt update

# Install Docker and Docker Compose
sudo apt install -y docker-ce docker-compose

# Start Docker service
sudo systemctl start docker
sudo systemctl enable docker

# Add your user to the docker group (to run docker without sudo)
sudo usermod -aG docker $USER

Log out and back in for the group changes to take effect.

2. Create Your Docker Compose File

Create a new directory for your WireGuard configuration:

mkdir -p ~/wg-easy
cd ~/wg-easy

Paste the following configuration:

  docker run -d \
  --name=wg-easy \
  -e LANG=de \
  -e WG_HOST=<YOUR_SERVER_IP> \
  -e PASSWORD_HASH=<YOUR_ADMIN_PASSWORD_HASH> \
  -e PORT=51821 \
  -e WG_PORT=51820 \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy

Make sure to replace your-server-ip-or-domain with your server's public IP address or domain name, and your-secure-password with a strong password for the web interface.

To generate a bcrypt password hash using docker, run the following command :

docker run ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD
PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD

3. Launch WG-Easy

That's it! Your WireGuard server is now running. The web interface is accessible at http://your-server-ip-or-domain:51821.

4. Configure the Web Interface

  1. Open your browser and navigate to http://your-server-ip-or-domain:51821
  2. Enter the password you specified in your docker-compose.yml file
  3. You should now see the WG-Easy web interface

Managing Clients

The WG-Easy interface makes it simple to add and manage client connections:

Adding a New Client

  1. Click the “Add Client” button in the top right corner
  2. Enter a name for the client (e.g., “iPhone” or “Laptop”)
  3. Click “Create”
  4. WG-Easy will generate a QR code and configuration details

Connecting Devices

Mobile Devices

  1. Install the WireGuard app from your device's app store
  2. Scan the QR code displayed in the WG-Easy interface
  3. Activate the VPN connection

Desktop Computers

  1. Install the WireGuard client for your operating system from wireguard.com/install
  2. Click “Download Config” in the WG-Easy interface
  3. Import the downloaded configuration file into your WireGuard client

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply Cancel reply