vi docker-compose.yml修改以下有標註 #optional 的參數
version: "3.8"
services:
wg-easy:
environment:
# Required:
# Change this to your host's public address
- WG_HOST=wgvpn.ichiayi.com
# Optional:
- PASSWORD=myPassword
- WG_PORT=51820
- WG_DEFAULT_ADDRESS=10.13.12.x
- WG_DEFAULT_DNS=192.168.11.6
# - WG_MTU=1420
# - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
image: weejewel/wg-easy
container_name: wg-easy
volumes:
- ./etc_wireguard:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
docker compose up -dvi docker-compose.yml修改以下 ports 設定
:
- WG_PORT=51820
:
ports:
- "123:51820/udp"
:
: iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.3 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. :
modprobe ip_tables echo 'ip_tables' >> /etc/modules
並重新開機即可解決
vi docker-compose.yml修改以下有標註 #optional 的參數
version: "2.1"
services:
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE #optional
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Taipei
- SERVERURL=auto #optional
- SERVERPORT=51820 #optional
- PEERS=1 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
- PERSISTENTKEEPALIVE_PEERS= #optional
- LOG_CONFS=true #optional
volumes:
- ./data/config:/config
- /lib/modules:/lib/modules #optional
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: always
docker compose up -dvi docker-compose.yml修改以下 ports 設定
:
ports:
- 123:51820/udp
:
vi data/config/templates/peer.conf將 Endpoint 的 port 改成 123
:
[Peer]
:
Endpoint = ${SERVERURL}:123
:
vi docker-compose.yml修改如下設定
:
environment:
:
- PEERS=jonathan,lin,lin2,stanley,jerry
:
wgvpn:~# docker compose up -d --force-recreate [+] Running 1/1 ✔ Container wireguard Started 5.3s wgvpn:~# ls ./data/config/ coredns peer_jerry peer_jonathan peer_jonathan2 peer_lin peer_lin2 peer_lintsai peer_stanley server templates wg_confs
wgvpn:~# cat ./data/config/peer_lin2/peer_lin2.conf
wgvpn:~# docker exec -it wireguard /app/show-peer lin2
vi docker-compose.yml修改如下設定
:
environment:
:
- PEERS=jonathan,lin,stanley,jerry
:
rm -rf ./data/config/peer_lin2這樣之後若有重建 lin2 這相同 Client id , 就會產生新的憑證
wgvpn:~# docker exec -it wireguard wg interface: wg0 public key: h6hkpJqDrUhS5Zw4tLGnzd/Mt58PyzDfEO9G5s3d/gE= private key: (hidden) listening port: 51820 peer: 2e2goKlqaJ05iCLA5MR3WyD/OgPJUIbw/6oggcn4Q3U= preshared key: (hidden) endpoint: 39.9.230.151:45592 allowed ips: 10.13.13.7/32 latest handshake: 4 minutes, 41 seconds ago transfer: 1.68 MiB received, 8.01 MiB sent peer: H1n/9a0yXzM66YtYvjP+k3SAcncArjurXAE2MjDU4jo= preshared key: (hidden) allowed ips: 10.13.13.3/32 peer: Y+/LcaNKnqEJplR4qOiSI9pUtpWAm0C6jgwhRoOlrQE= preshared key: (hidden) allowed ips: 10.13.13.2/32 peer: SNh3eIl8s76oIicaTDnW0C8McuRqL+jS8kxAo0NgYRs= preshared key: (hidden) allowed ips: 10.13.13.5/32 peer: rOiBsv7yGMm5UtC+zLLj0a2fyWYTssaYMygSgKFmTzQ= preshared key: (hidden) allowed ips: 10.13.13.4/32 peer: GLr/5jTUv9ZYmIRRIIFp5gZpZGP1UdSPASagUCuv2lg= preshared key: (hidden) allowed ips: 10.13.13.6/32