wg-easy
https://wg-easy.github.io/wg-easy/latest/examples/tutorials/basic-installation/
apt install curl sudo -y curl -sSL https://get.docker.com | sh sudo usermod -aG docker $(whoami)
sudo mkdir -p /etc/docker/containers/wg-easy cat << EOF > /etc/docker/containers/wg-easy/docker-compose.yml volumes: etc_wireguard: services: wg-easy: environment: # Optional: # - PORT=51821 # - HOST=0.0.0.0 - INSECURE=true image: ghcr.io/wg-easy/wg-easy:15 container_name: wg-easy networks: wg: ipv4_address: 10.42.42.42 ipv6_address: fdcc:ad94:bacf:61a3::2a volumes: - etc_wireguard:/etc/wireguard - /lib/modules:/lib/modules:ro ports: - "51820:51820/udp" - "51821:51821/tcp" restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE # - NET_RAW # ⚠️ Uncomment if using Podman sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=0 - net.ipv6.conf.all.forwarding=1 - net.ipv6.conf.default.forwarding=1 networks: wg: driver: bridge enable_ipv6: true ipam: driver: default config: - subnet: 10.42.42.0/24 - subnet: fdcc:ad94:bacf:61a3::/64 EOF cd /etc/docker/containers/wg-easy sudo docker compose up -d
для доступа к клиентам с хоста
ip route add 10.8.0.0/24 via 10.42.42.42
настройка nginx
sudo apt update && sudo apt install nginx certbot python3-certbot-nginx
sudo nano /etc/nginx/sites-available/wg.conf
server { listen 80; server_name your-domain.com; # Ваш домен location / { proxy_pass http://localhost:51821; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # Блокируйте доступ к /admin (если нужно) location /admin { deny all; return 403; } }
sudo ln -s /etc/nginx/sites-available/wg.conf /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx
sudo certbot --nginx -d your-domain.com
wg-easy.txt · Последнее изменение: — augin