apps/wg-easy
1
0
Fork 0
mirror of https://github.com/wg-easy/wg-easy.git synced 2025-09-26 19:51:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Page: Using WireGuard Easy with nginx SSL
Pages
Home Restrict Access to Networks with iptables Using WireGuard Easy with Ansible Using WireGuard Easy with Caddy SSL Using WireGuard Easy with Kubernetes Using WireGuard Easy with Pi Hole Using WireGuard Easy with Podman Using WireGuard Easy with Traefik SSL Using WireGuard Easy with nginx SSL Using WireGuard Easy with rootless Podman (incl. Kubernetes yaml file generation) [Deprecated and will be useless with version 15.0.0] Using WireGuard Easy without Docker
Clone
7
Using WireGuard Easy with nginx SSL
Emile Nijssen edited this page 2023-12-19 12:54:30 +01:00
Unescape Escape
Table of Contents
This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This is an example on how to use WireGuard Easy with nginx, to access it on a HTTPS domain (e.g. https://wg-easy.myhomelab.com).

docker-compose.yml:

version: "3.8"

services:
  wg-easy:
    environment:
      # ⚠️ Change the server's hostname (clients will connect to):
      - WG_HOST=wg-easy.myhomelab.com

      # ⚠️ Change the Web UI Password:
      - PASSWORD=foobar123
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    hostname: wg-easy
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

  nginx:
    image: weejewel/nginx-with-certbot
    container_name: nginx
    hostname: nginx
    volumes:
      - ~/.nginx/servers/:/etc/nginx/servers/
      - ./.nginx/letsencrypt/:/etc/letsencrypt/
    ports:
      - "80:80/tcp"
      - "443:443/tcp"
    restart: unless-stopped

~/.nginx/servers/wg-easy.conf:

server {
    server_name ⚠wg-easy.myhomelab.com;

    location / {
        proxy_pass http://wg-easy:51821/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}

Save these files, edit the variables marked with ⚠️ and run docker-compose up -d in the same directory.

Then run once:

$ docker exec -it nginx /bin/sh
$ cp /etc/nginx/servers/wg-easy.conf /etc/nginx/conf.d/.
$ certbot --nginx --non-interactive --agree-tos -m webmaster@google.com -d ⚠wg-easy.myhomelab.com
$ nginx -s reload
$ exit

Of course, make sure to point wg-easy.myhomelab.com to your server's IP address with a DNS A record or DynamicDNS or any other method. Ensure ports 80, 443, 51820 are available (e.g. by forwarding them in your router).

That's it!