Различия

Показаны различия между двумя версиями страницы.

--- wg-easy [27.04.2025 21:45] – augin
+++ wg-easy [17.07.2025 10:10] (текущий) – augin
@@ Строка 1: / Строка 1: @@
-<code bash>apt install curl sudo -y</code>
+[[https://wg-easy.github.io/wg-easy/latest/examples/tutorials/basic-installation/]]
-<code bash>curl -sSL https://get.docker.com | sh</code>
-<code bash>sudo usermod -aG docker $(whoami)</code>
 <code bash>
-docker run ghcr.io/wg-easy/wg-easy wgpw PASSWORD
+apt install curl sudo -y
+curl -sSL https://get.docker.com | sh
+sudo usermod -aG docker $(whoami)
 </code>
 <code bash>
-docker run -d \
+sudo mkdir -p /etc/docker/containers/wg-easy
---name=wg-easy \
+cat << EOF > /etc/docker/containers/wg-easy/docker-compose.yml
--e LANG=ru \
+volumes:
--e WG_HOST=ВНЕШНИЙ_IP \
+  etc_wireguard:
--e PASSWORD_HASH=ХЭШ_ПАРОЛЯ \
--e PORT=51821 \
+services:
--e WG_PORT=51820 \
+  wg-easy:
--e UI_TRAFFIC_STATS=true \
+    environment:
--v ~/.wg-easy:/etc/wireguard \
+    #  Optional:
--p 51820:51820/udp \
+    #  - PORT=51821
--p 51821:51821/tcp \
+    #  - HOST=0.0.0.0
---cap-add=NET_ADMIN \
+      - INSECURE=true
---cap-add=SYS_MODULE \
---sysctl="net.ipv4.conf.all.src_valid_mark=1" \
+    image: ghcr.io/wg-easy/wg-easy:15
---sysctl="net.ipv4.ip_forward=1" \
+    container_name: wg-easy
---restart unless-stopped \
+    networks:
-ghcr.io/wg-easy/wg-easy
+      wg:
+        ipv4_address: 10.42.42.42
+        ipv6_address: fdcc:ad94:bacf:61a3::2a
+    volumes:
+      - etc_wireguard:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    ports:
+      - "51820:51820/udp"
+      - "51821:51821/tcp"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # ⚠️ Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+networks:
+  wg:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.42.42.0/24
+        - subnet: fdcc:ad94:bacf:61a3::/64
+EOF
+cd /etc/docker/containers/wg-easy
+sudo docker compose up -d
 </code>
+====== для доступа к клиентам с хоста ======
+<code bash>
+ip route add 10.8.0.0/24 via 10.42.42.42
+</code>
+====== настройка nginx ======
+<code bash>sudo apt update && sudo apt install nginx certbot python3-certbot-nginx</code>
+<code bash>sudo nano /etc/nginx/sites-available/wg.conf</code>
+<code bash>server {
+  listen 80;
+  server_name your-domain.com;  # Ваш домен
+  location / {
+    proxy_pass http://localhost:51821;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+  # Блокируйте доступ к /admin (если нужно)
+  location /admin {
+    deny all;
+    return 403;
+  }
+}</code>
+<code bash>sudo ln -s /etc/nginx/sites-available/wg.conf /etc/nginx/sites-enabled/
+sudo nginx -t && sudo systemctl reload nginx</code>
+<code bash>sudo certbot --nginx -d your-domain.com</code>