2.0 KiB
Wireguard Setup
Docker Networking
By default, only docker-compose containers within the same file are able to talk to each other. This can be bypassed by creating an "external" network. In this sample, the external network is called "proxy-tier" and must be created manually with the command:
sudo docker network create proxy-tierFirewall Rules
In order to make sure everything works, the both the server's firewall and your router's firewall must be configured to allow access to the ports we need. Port 52180 is the only port needed for Wireguard.
- Allow Incoming Port 51820
In my config (GitLab, GitHub), all that needs to be set are the rules inside of firewall.nix:
{ config, pkgs, ... }:
{
# Firewall
networking.firewall.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 51820 ];
networking.firewall.allowedUDPPorts = [ 51820 ];
}Configuration
Set the PEERS environment variable to the amount of peers you want to to be able to connect to the Wireguard server. Set the TZ environment variable to your timezone and the SERVERURL to a domain name or public IP pointing to the server.
Start Container(s)
Once everything is properly configured and you've double-checked it, you can start all the necessary containers by running:
# inside of homelab directory
sudo docker-compose up -dCopy Config to Clients (Peers)
In Wireguard, the clients are called "peers." Once the Wireguard container has been started, it will automatically create as many peer (client) configurations as you specified in the PEERS variable. These configurations with be in data/wireguard-vpn/config/peer[n]. Simply copy these configurations to client devices and import the configurations into the Wireguard client on your device.