mosskoi/MKs-Docker-Compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
MKs-Docker-Compose/tools/wireguard/README.md
mk 52af4904da adding untested changes and new dockers
2026-03-11 22:18:38 -03:00

3.8 KiB
Raw Permalink Blame History

WireGuard VPN + Traefik Reverse Proxy Setup

Architecture

Internet → VPS → WireGuard tunnel → Home Server → Traefik → Containers

Files Structure

wireguard/
├── vps/
│   ├── wg0.conf          # WireGuard config for VPS
│   ├── setup.sh          # Setup script for VPS
│   └── ports.sh          # Iptables update script for new ports
├── home/
│   ├── docker-compose.yml
│   ├── wireguard-config/
│   │   └── wg0.conf      # WireGuard config for home
│   ├── traefik/
│   │   ├── traefik.yml   # Traefik static config
│   │   └── dynamic.yml   # Traefik dynamic config
└── README.md

Step 1: Setup VPS (Debian)

  1. Copy the vps/ folder to your VPS

  2. Run the setup script:

    chmod +x setup.sh
sudo ./setup.sh

  3. The script will output your VPS keys. Save them:

    • VPS Private Key → put in vps/wg0.conf
    • VPS Public Key → put in home/wireguard-config/wg0.conf

  4. Copy the updated wg0.conf to /etc/wireguard/wg0.conf

  5. Wait for Step 2 to get the home public key before starting WireGuard

Step 2: Setup Home Server (Arch)

  1. Copy the home/ folder to your home server

  2. Generate WireGuard keys:

    wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey  # → put in home/wireguard-config/wg0.conf
cat publickey   # → put in vps/wg0.conf on VPS

  3. Edit home/wireguard-config/wg0.conf:

    • Replace HOME_PRIVATE_KEY with your private key
    • Replace VPS_PUBLIC_KEY with the VPS public key from Step 1

  4. Start the containers:

    docker compose up -d

Step 3: Finish VPS Setup

  1. On VPS, edit /etc/wireguard/wg0.conf:

    • Replace HOME_PUBLIC_KEY with your home server's public key

  2. Start WireGuard:

    sudo systemctl start wg-quick@wg0

  3. Test the tunnel:

    ping 10.0.0.2

Step 4: Point Your Domain to VPS

Create DNS A records pointing to your VPS IP:

exampledomain.com      → VPS_IP
*.exampledomain.com    → VPS_IP   (wildcard for subdomains)

Step 5: Configure connections to your Containers

Add Traefik configurations to dynamic.yml, the file comes with a simple example:

routers:
    example-app: #Define service name
        # Rules define the domain and/or subdomain you want to use
        rule: "Host(`exampledomain.com`) || Host(`subdomain.exampledomain.com`)"
        entryPoints:
            - web # use HTTP
            - websecure # use HTTPS
        example-app: blog

services:
    example-app: #Service name
        loadBalancer:
            servers:
                - url: "http://example-docker:80" #Docker IP/name and port to have DNS redirect to

See dynamic.yml for a complete example and use it for configuration.

Useful Commands

VPS

# Check WireGuard status
sudo wg show

# View iptables rules
sudo iptables -t nat -L -n -v

# Restart WireGuard
sudo systemctl restart wg-quick@wg0

Home Server

# View logs
docker compose logs -f

# Restart services
docker compose restart

# Check WireGuard status inside container
docker exec wireguard wg show

Troubleshooting

Tunnel not connecting

  • Check both public keys are correct
  • Ensure VPS firewall allows UDP 51820
  • Check PersistentKeepalive is set (for NAT traversal)

Traefik not getting certificates

  • Ensure port 80 is forwarded through VPS
  • Check DNS is pointing to VPS IP
  • View Traefik logs: docker compose logs traefik

Traffic not reaching home server

  • Test tunnel: ping 10.0.0.2 from VPS
  • Check iptables: sudo iptables -t nat -L PREROUTING -n -v
  • Ensure ip_forward is enabled: cat /proc/sys/net/ipv4/ip_forward
Reference in New Issue View Git Blame Copy Permalink