forked from mirrors/amnezia-wg-easy
The easiest way to run WireGuard VPN + Web-based Admin UI.
| .github | ||
| assets | ||
| docs | ||
| src | ||
| .dockerignore | ||
| .env | ||
| .gitignore | ||
| docker-compose.yml | ||
| Dockerfile | ||
| How_to_generate_an_bcrypt_hash.md | ||
| LICENSE | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
AmnewziaWG Easy
You have found the easiest way to install & manage WireGuard on any Linux host!
Features
- All-in-one: AmneziaWG + Web UI.
- Easy installation, simple to use.
- List, create, edit, delete, enable & disable clients.
- Show a client's QR code.
- Download a client's configuration file.
- Statistics for which clients are connected.
- Tx/Rx charts for each connected client.
- Gravatar support or random avatars.
- Automatic Light / Dark Mode
- Multilanguage Support
- UI_TRAFFIC_STATS (default off)
Requirements
- A host with Docker installed.
Installation
1. Install Docker
If you haven't installed Docker yet, install it by running:
curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $(whoami)
exit
And log in again.
2. Run AmneziaWG Easy
To automatically install & run wg-easy, simply run:
docker run -d \
--name=amnezia-wg-easy \
-e LANG=en \
-e WG_HOST=<🚨YOUR_SERVER_IP> \
-e PASSWORD_HASH=<🚨YOUR_ADMIN_PASSWORD_HASH> \
-e PORT=51821 \
-e WG_PORT=51820 \
-v ~/.amnezia-wg-easy:/etc/wireguard \
-p 51820:51820/udp \
-p 51821:51821/tcp \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv4.ip_forward=1" \
--device=/dev/net/tun:/dev/net/tun \
--restart unless-stopped \
ghcr.io/w0rng/amnezia-wg-easy
💡 Replace
YOUR_SERVER_IPwith your WAN IP, or a Dynamic DNS hostname.💡 Replace
YOUR_ADMIN_PASSWORD_HASHwith a bcrypt password hash to log in on the Web UI. See How_to_generate_an_bcrypt_hash.md for know how generate the hash.
The Web UI will now be available on http://0.0.0.0:51821.
💡 Your configuration files will be saved in
~/.amnezia-wg-easy
Options
These options can be configured by setting environment variables using -e KEY="VALUE" in the docker run command.
| Env | Default | Example | Description |
|---|---|---|---|
PORT |
51821 |
6789 |
TCP port for Web UI. |
WEBUI_HOST |
0.0.0.0 |
localhost |
IP address web UI binds to. |
PASSWORD_HASH |
- | $2y$05$Ci... |
When set, requires a password when logging in to the Web UI. See How to generate an bcrypt hash.md for know how generate the hash. |
PASSWORD (deprecated) |
- | foobar123 |
When set, requires a password when logging in to the Web UI. (Not used if PASSWORD_HASH is set) |
WG_HOST |
- | vpn.myserver.com |
The public hostname of your VPN server. |
WG_DEVICE |
eth0 |
ens6f0 |
Ethernet device the wireguard traffic should be forwarded through. |
WG_PORT |
51820 |
12345 |
The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container. |
WG_CONFIG_PORT |
51820 |
12345 |
The UDP port used on Home Assistant Plugin |
WG_MTU |
null |
1420 |
The MTU the clients will use. Server uses default WG MTU. |
WG_PERSISTENT_KEEPALIVE |
0 |
25 |
Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. |
WG_DEFAULT_ADDRESS |
10.8.0.x |
10.6.0.x |
Clients IP address range. |
WG_DEFAULT_DNS |
1.1.1.1 |
8.8.8.8, 8.8.4.4 |
DNS server clients will use. If set to blank value, clients will not use any DNS. |
WG_ALLOWED_IPS |
0.0.0.0/0, ::/0 |
192.168.15.0/24, 10.0.1.0/24 |
Allowed IPs clients will use. |
WG_PRE_UP |
... |
- | See config.js for the default value. |
WG_POST_UP |
... |
iptables ... |
See config.js for the default value. |
WG_PRE_DOWN |
... |
- | See config.js for the default value. |
WG_POST_DOWN |
... |
iptables ... |
See config.js for the default value. |
LANG |
en |
de |
Web UI language (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi). |
UI_TRAFFIC_STATS |
false |
true |
Enable detailed RX / TX client stats in Web UI |
UI_CHART_TYPE |
0 |
1 |
UI_CHART_TYPE=0 # Charts disabled, UI_CHART_TYPE=1 # Line chart, UI_CHART_TYPE=2 # Area chart, UI_CHART_TYPE=3 # Bar chart |
JC |
random |
5 |
Junk packet count — number of packets with random data that are sent before the start of the session. |
JMIN |
50 |
25 |
Junk packet minimum size — minimum packet size for Junk packet. That is, all randomly generated packets will have a size no smaller than Jmin. |
JMAX |
1000 |
250 |
Junk packet maximum size — maximum size for Junk packets. |
S1 |
random |
75 |
Init packet junk size — the size of random data that will be added to the init packet, the size of which is initially fixed. |
S2 |
random |
75 |
Response packet junk size — the size of random data that will be added to the response packet, the size of which is initially fixed. |
H1 |
random |
1234567891 |
Init packet magic header — the header of the first byte of the handshake. Must be < uint_max. |
H2 |
random |
1234567892 |
Response packet magic header — header of the first byte of the handshake response. Must be < uint_max. |
H3 |
random |
1234567893 |
Underload packet magic header — UnderLoad packet header. Must be < uint_max. |
H4 |
random |
1234567894 |
Transport packet magic header — header of the packet of the data packet. Must be < uint_max. |
If you change
WG_PORT, make sure to also change the exposed port.
Updating
To update to the latest version, simply run:
docker stop wg-easy
docker rm wg-easy
docker pull ghcr.io/w0rng/amnezia-wg-easy
And then run the docker run -d \ ... command above again.
Thanks
Based on wg-easy by Emile Nijssen.
Use integrations with AmneziaWg from
amnezia-wg-easy
by Viktor Yudov.