Please share your setup

[vx3r]

Would be nice if you can share your setup with a revers proxy in form of a docker-compose.yml ready to go for popular revers proxy web apps like.

• nginx (i will add mine)
• traefik
• caddy
• apache maybe

Thank you

[wsw70]

Traefik 2

version: '3.6'
services:
  wg-gen-web:
    image: vx3r/wg-gen-web:latest
    container_name: wg-gen-web
    restart: unless-stopped
    environment:
      - WG_CONF_DIR=/data
      - WG_INTERFACE_NAME=wg0.conf
      - SMTP_HOST=your.smtp.host
      - SMTP_PORT=465
      - SMTP_USERNAME=your_smtp_username
      - SMTP_PASSWORD=your_smtp_password
      - SMTP_FROM=Wg Gen Web <address@to.send.from>
    volumes:
      - /etc/docker/container-data/wg-gen-web:/data
    labels:
      - traefik.http.routers.wg-gen-web.entryPoints=http
      - traefik.enable=true

[sphen13]

simple setup with Caddy (i am using my own built container that uses digitalocean token for dns validation - based upon abiosoft/caddy)

version: '3.6'
services:
  caddy:
    image: "sphen/caddy-digitalocean"
    container_name: caddy
    environment:
      - DO_AUTH_TOKEN=abc123
      - ACME_AGREE=TRUE
    volumes:
      - /home/user/caddy/Caddyfile:/etc/Caddyfile
      - /home/user/caddy:/root/.caddy
    ports:
      - 443:443
    depends_on:
      - wg-gen-web
    restart: always

  wg-gen-web:
    image: vx3r/wg-gen-web
    container_name: wg-gen-web
    restart: always
    environment:
      - WG_CONF_DIR=/data
      - WG_INTERFACE_NAME=wg0.conf
    volumes:
      - /etc/wireguard:/data

Caddyfile:

vpn.xxx.com {
  basicauth / user password
  proxy / http://wg-gen-web:8080 {
    transparent
  }
  tls {
    dns digitalocean
  }
}

[wsw70]

simple setup with Caddy

@sphen13 you may be interested in https://github.com/lucaslorentz/caddy-docker-proxy - a Caddy proxy to docker containers with automatic reload of the configuration and detection of container exposed ports.

I used it happily for a few months but eventually moved to Traefik

[squat]

Hi (x-posted from the Discord channel), here is a setup for easily running Wg Gen Web on Kubernetes with Kilo:

https://github.com/squat/kilo-wg-gen-web

The manifests can be found at https://raw.githubusercontent.com/squat/kilo-wg-gen-web/master/manifests/kilo-wg-gen-web.yaml

[wsw70]

I used it happily for a few months but eventually moved to Traefik

... and then moved back to caddy v2 (using the new API in v2)

[rahmadsandy]

Wg Dashboard with caddy

version: '3.6'

networks:
  monitor-net:
    driver: bridge

services:
  wgweb:
    container_name: wgweb
    build: 
      context: .
    volumes:
      - /etc/wireguard:/data

    expose:
      - 8888/tcp
    networks:
      - monitor-net

  caddy:
    image: stefanprodan/caddy
    container_name: caddy
    ports:
      - "8282:8888"
    volumes:
      - ./caddy:/etc/caddy
    environment:
      - ADMIN_USER=${ADMIN_USER}
      - ADMIN_PASSWORD=${ADMIN_PASSWORD}
    networks:
      - monitor-net
    labels:
      org.label-schema.group: "monitoring"

Dockerfile

FROM ubuntu
RUN apt update && \
    apt install curl vim net-tools iputils-ping -y
RUN mkdir /data
WORKDIR /app
COPY . /app
WORKDIR /app
EXPOSE 8888
CMD [ "./wg-gen-web" ]

Wireguard API

version: '3.6'
services:
  wg-json-api:
    image: james/wg-api:latest
    container_name: wg-json-api
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    network_mode: "host"
    command: wg-api --device wg0 --listen 172.27.0.1:8080

Caddyfile

:8888 {
    basicauth / {$ADMIN_USER} {$ADMIN_PASSWORD}
    proxy / wgweb:8888 {
            transparent
        }

    errors stderr
    tls off
}

Env

# IP address to listen to
SERVER=0.0.0.0
# port to bind
PORT=8888
# Gin framework release mode
GIN_MODE=release
# where to write all generated config files
WG_CONF_DIR=/data
# WireGuard main config file name, generally <interface name>.conf
WG_INTERFACE_NAME=wg0.conf

# SMTP settings to send email to clients
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=**************************
SMTP_PASSWORD=**************************
SMTP_FROM=**************************

#fake 
OAUTH2_PROVIDER_NAME=fake

ADMIN_USER=**************************
ADMIN_PASSWORD=**************************
WG_STATS_API=http://172.27.0.1:8080