Build Your Own WireGuard VPN Server with Docker in 5 Minutes – Step‑by‑Step Guide

Creating a secure, personal VPN has never been easier thanks to WireGuard and the excellent WG-Easy web UI. In this guide, I'll walk you through setting up your own WireGuard VPN server using Docker, complete with a user-friendly web interface for managing connections.

WireGuard is a modern VPN protocol that outperforms traditional options like OpenVPN and IPsec in both speed and security. Paired with the WG-Easy web interface, you'll have a powerful, self-hosted VPN solution up and running in minutes.

What You'll Need

• A server or VPS running Linux (Ubuntu/Debian recommended)
• Docker and Docker Compose installed
• Basic command-line knowledge
• A domain name (optional but recommended)
• Ports 51820 (UDP) and 51821 (TCP) open on your firewall

1. List of VPS Hosting Providers Offering Open Port 25
   • Vps Provider With Port 25 Open
   • dartnode
   • rarecloud
   • Contabo.
   • Ultahost
   • Servebyte.
   • OVH.
   • Alexhost
   • Knownhost
   • Racknerd
   • Turnkey internet.
   • Vpsbg
   • Hostwinds

Why Set Up Your Own VPN?

Before diving into the technical steps, let's consider why running your own VPN server makes sense:

• Complete privacy control: Unlike commercial VPN services, you're the only one with access to your data
• No monthly subscription fees: Pay only for your server hosting
• Custom security configuration: Tailor the setup to your specific needs
• Access to your home network: Connect to devices on your home network while away
• Bypass geo-restrictions: Access content as if browsing from your server's location

Installation Steps

Let's get started with the actual installation process:

1. Prepare Your Server

First, ensure Docker and Docker Compose are installed on your server:

# Update package lists
sudo apt update

# Install required packages
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common

# Add Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# Add Docker repository
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Update package lists again
sudo apt update

# Install Docker and Docker Compose
sudo apt install -y docker-ce docker-compose

# Start Docker service
sudo systemctl start docker
sudo systemctl enable docker

# Add your user to the docker group (to run docker without sudo)
sudo usermod -aG docker $USER

Log out and back in for the group changes to take effect.

2. Create Your Docker Compose File

Create a new directory for your WireGuard configuration:

mkdir -p ~/wg-easy
cd ~/wg-easy

Paste the following configuration:

  docker run -d \
  --name=wg-easy \
  -e LANG=de \
  -e WG_HOST=<YOUR_SERVER_IP> \
  -e PASSWORD_HASH=<YOUR_ADMIN_PASSWORD_HASH> \
  -e PORT=51821 \
  -e WG_PORT=51820 \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy

Make sure to replace your-server-ip-or-domain with your server's public IP address or domain name, and your-secure-password with a strong password for the web interface.

To generate a bcrypt password hash using docker, run the following command :

docker run ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD
PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD

3. Launch WG-Easy

That's it! Your WireGuard server is now running. The web interface is accessible at http://your-server-ip-or-domain:51821.

4. Configure the Web Interface

1. Open your browser and navigate to http://your-server-ip-or-domain:51821
2. Enter the password you specified in your docker-compose.yml file
3. You should now see the WG-Easy web interface

Managing Clients

The WG-Easy interface makes it simple to add and manage client connections:

Adding a New Client

1. Click the “Add Client” button in the top right corner
2. Enter a name for the client (e.g., “iPhone” or “Laptop”)
3. Click “Create”
4. WG-Easy will generate a QR code and configuration details

Connecting Devices

Mobile Devices

1. Install the WireGuard app from your device's app store
2. Scan the QR code displayed in the WG-Easy interface
3. Activate the VPN connection

Desktop Computers

1. Install the WireGuard client for your operating system from wireguard.com/install
2. Click “Download Config” in the WG-Easy interface
3. Import the downloaded configuration file into your WireGuard client