You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
project_blurb: "[WireGuard®]({{ project_url }}) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry."
- { env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"}
49
-
- { env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."}
50
-
- { env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode. Can also be a list of names: `myPC,myPhone,myTablet` (alphanumeric only)"}
51
-
- { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."}
52
-
- { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."}
53
-
- { env_var: "ALLOWEDIPS", env_value: "0.0.0.0/0", desc: "The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1."}
54
-
- { env_var: "PERSISTENTKEEPALIVE_PEERS", env_value: "", desc: "Set to `all` or a list of comma separated peers (ie. `1,4,laptop`) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode."}
55
-
- { env_var: "LOG_CONFS", env_value: "true", desc: "Generated QR codes will be displayed in the docker log. Set to `false` to skip log output."}
56
-
44
+
- {env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"}
45
+
- {env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."}
46
+
- {env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode. Can also be a list of names: `myPC,myPhone,myTablet` (alphanumeric only)"}
47
+
- {env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."}
48
+
- {env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."}
49
+
- {env_var: "ALLOWEDIPS", env_value: "0.0.0.0/0", desc: "The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1."}
50
+
- {env_var: "PERSISTENTKEEPALIVE_PEERS", env_value: "", desc: "Set to `all` or a list of comma separated peers (ie. `1,4,laptop`) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode."}
51
+
- {env_var: "LOG_CONFS", env_value: "true", desc: "Generated QR codes will be displayed in the docker log. Set to `false` to skip log output."}
57
52
readonly_supported: true
58
53
readonly_message: |
59
54
* Not supported in client mode.
60
55
* Not supported for the `legacy` tag.
61
-
62
56
# application setup block
63
57
app_setup_block_enabled: true
64
58
app_setup_block: |
@@ -126,44 +120,88 @@ app_setup_block: |
126
120
Keep in mind that this var will only be considered when the confs are regenerated. Adding this var for an existing peer won't force a regeneration. You can delete wg0.conf and restart the container to force regeneration if necessary.
127
121
128
122
Don't forget to set the necessary POSTUP and POSTDOWN rules in your client's peer conf for lan access.
129
-
130
-
123
+
# init diagram
124
+
init_diagram: |
125
+
"wireguard:latest": {
126
+
docker-mods
127
+
base {
128
+
fix-attr +\nlegacy cont-init
129
+
}
130
+
docker-mods -> base
131
+
legacy-services
132
+
custom services
133
+
init-services -> legacy-services
134
+
init-services -> custom services
135
+
custom services -> legacy-services
136
+
legacy-services -> ci-service-check
137
+
init-migrations -> init-adduser
138
+
init-os-end -> init-config
139
+
init-config -> init-config-end
140
+
init-wireguard-confs -> init-config-end
141
+
init-os-end -> init-crontab-config
142
+
init-mods-end -> init-custom-files
143
+
base -> init-envfile
144
+
base -> init-migrations
145
+
base -> init-mods
146
+
init-config-end -> init-mods
147
+
init-mods -> init-mods-end
148
+
init-mods-package-install -> init-mods-end
149
+
init-mods -> init-mods-package-install
150
+
base -> init-os-end
151
+
init-adduser -> init-os-end
152
+
init-envfile -> init-os-end
153
+
init-migrations -> init-os-end
154
+
init-custom-files -> init-services
155
+
init-mods-end -> init-services
156
+
init-wireguard-module -> init-wireguard-confs
157
+
init-config -> init-wireguard-module
158
+
init-services -> svc-coredns
159
+
svc-coredns -> legacy-services
160
+
init-services -> svc-cron
161
+
svc-cron -> legacy-services
162
+
svc-coredns -> svc-wireguard
163
+
svc-wireguard -> legacy-services
164
+
}
165
+
Base Images: {
166
+
"baseimage-alpine:3.20"
167
+
}
168
+
"wireguard:latest" <- Base Images
131
169
# changelog
132
170
changelogs:
133
-
- {date: "13.08.24:", desc: "Add `errors` plugin to default Corefile."}
134
-
- {date: "23.07.24:", desc: "Install kmod from alpine repository."}
135
-
- {date: "24.05.24:", desc: "Rebase to Alpine 3.20, install wireguard-tools from Alpine repo."}
136
-
- {date: "10.03.24:", desc: "Use iptables-legacy on Alpine 3.19."}
137
-
- {date: "05.03.24:", desc: "Rebase master to Alpine 3.19."}
138
-
- {date: "03.10.23:", desc: "**Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`."}
139
-
- {date: "28.06.23:", desc: "Rebase master to Alpine 3.18 again."}
140
-
- {date: "26.06.23:", desc: "Revert master to Alpine 3.17, due to issue with openresolv."}
141
-
- {date: "24.06.23:", desc: "Rebase master to Alpine 3.18, deprecate armhf as per [https://www.linuxserver.io/armhf](https://www.linuxserver.io/armhf)."}
- {date: "29.01.23:", desc: "Rebase to alpine 3.17."}
144
-
- {date: "10.01.23:", desc: "Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used."}
- {date: "12.10.22:", desc: "Add Alpine branch. Optimize wg and coredns services."}
147
-
- {date: "04.10.22:", desc: "Rebase to Jammy. Upgrade to s6v3."}
148
-
- {date: "16.05.22:", desc: "Improve NAT handling in server mode when multiple ethernet devices are present."}
149
-
- {date: "23.04.22:", desc: "Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes."}
150
-
- {date: "10.04.22:", desc: "Rebase to Ubuntu Focal. Add `LOG_CONFS` env var. Remove deprecated `add-peer` command."}
- {date: "11.02.21:", desc: "Fix bug related to changing internal subnet and named peer confs not updating."}
153
-
- {date: "06.10.20:", desc: "Disable CoreDNS in client mode, or if port 53 is already in use in server mode."}
154
-
- {date: "04.10.20:", desc: "Allow to specify a list of names as PEERS and add ALLOWEDIPS environment variable. Also, add peer name/id to each one of the peer sections in wg0.conf. Important: Existing users need to delete `/config/templates/peer.conf` and restart"}
155
-
- {date: "27.09.20:", desc: "Cleaning service binding example to have accurate PreDown script."}
156
-
- {date: "06.08.20:", desc: "Replace resolvconf with openresolv due to dns issues when a client based on this image is connected to a server also based on this image. Add IPv6 info to readme. Display kernel version in logs."}
157
-
- {date: "29.07.20:", desc: "Update Coredns config to detect dns loops (existing users need to delete `/config/coredns/Corefile` and restart)."}
158
-
- {date: "27.07.20:", desc: "Update Coredns config to prevent issues with non-user-defined bridge networks (existing users need to delete `/config/coredns/Corefile` and restart)."}
159
-
- {date: "05.07.20:", desc: "Add Debian updates and security repos for headers."}
160
-
- {date: "25.06.20:", desc: "Simplify module tests, prevent iptables issues from resulting in false negatives."}
161
-
- {date: "19.06.20:", desc: "Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs."}
162
-
- {date: "29.05.20:", desc: "Add support for 64bit raspbian."}
163
-
- {date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)."}
164
-
- {date: "20.04.20:", desc: "Fix typo in client mode conf existence check."}
165
-
- {date: "13.04.20:", desc: "Fix bug that forced conf recreation on every start."}
166
-
- {date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)."}
167
-
- {date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs."}
168
-
- {date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers."}
169
-
- {date: "31.03.20:", desc: "Initial Release."}
171
+
- {date: "13.08.24:", desc: "Add `errors` plugin to default Corefile."}
172
+
- {date: "23.07.24:", desc: "Install kmod from alpine repository."}
173
+
- {date: "24.05.24:", desc: "Rebase to Alpine 3.20, install wireguard-tools from Alpine repo."}
174
+
- {date: "10.03.24:", desc: "Use iptables-legacy on Alpine 3.19."}
175
+
- {date: "05.03.24:", desc: "Rebase master to Alpine 3.19."}
176
+
- {date: "03.10.23:", desc: "**Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`."}
177
+
- {date: "28.06.23:", desc: "Rebase master to Alpine 3.18 again."}
178
+
- {date: "26.06.23:", desc: "Revert master to Alpine 3.17, due to issue with openresolv."}
179
+
- {date: "24.06.23:", desc: "Rebase master to Alpine 3.18, deprecate armhf as per [https://www.linuxserver.io/armhf](https://www.linuxserver.io/armhf)."}
- {date: "29.01.23:", desc: "Rebase to alpine 3.17."}
182
+
- {date: "10.01.23:", desc: "Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used."}
- {date: "12.10.22:", desc: "Add Alpine branch. Optimize wg and coredns services."}
185
+
- {date: "04.10.22:", desc: "Rebase to Jammy. Upgrade to s6v3."}
186
+
- {date: "16.05.22:", desc: "Improve NAT handling in server mode when multiple ethernet devices are present."}
187
+
- {date: "23.04.22:", desc: "Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes."}
188
+
- {date: "10.04.22:", desc: "Rebase to Ubuntu Focal. Add `LOG_CONFS` env var. Remove deprecated `add-peer` command."}
- {date: "11.02.21:", desc: "Fix bug related to changing internal subnet and named peer confs not updating."}
191
+
- {date: "06.10.20:", desc: "Disable CoreDNS in client mode, or if port 53 is already in use in server mode."}
192
+
- {date: "04.10.20:", desc: "Allow to specify a list of names as PEERS and add ALLOWEDIPS environment variable. Also, add peer name/id to each one of the peer sections in wg0.conf. Important: Existing users need to delete `/config/templates/peer.conf` and restart"}
193
+
- {date: "27.09.20:", desc: "Cleaning service binding example to have accurate PreDown script."}
194
+
- {date: "06.08.20:", desc: "Replace resolvconf with openresolv due to dns issues when a client based on this image is connected to a server also based on this image. Add IPv6 info to readme. Display kernel version in logs."}
195
+
- {date: "29.07.20:", desc: "Update Coredns config to detect dns loops (existing users need to delete `/config/coredns/Corefile` and restart)."}
196
+
- {date: "27.07.20:", desc: "Update Coredns config to prevent issues with non-user-defined bridge networks (existing users need to delete `/config/coredns/Corefile` and restart)."}
197
+
- {date: "05.07.20:", desc: "Add Debian updates and security repos for headers."}
198
+
- {date: "25.06.20:", desc: "Simplify module tests, prevent iptables issues from resulting in false negatives."}
199
+
- {date: "19.06.20:", desc: "Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs."}
200
+
- {date: "29.05.20:", desc: "Add support for 64bit raspbian."}
201
+
- {date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)."}
202
+
- {date: "20.04.20:", desc: "Fix typo in client mode conf existence check."}
203
+
- {date: "13.04.20:", desc: "Fix bug that forced conf recreation on every start."}
204
+
- {date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)."}
205
+
- {date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs."}
206
+
- {date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers."}
0 commit comments