docker-compose environment for the entire system
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.1 KiB

Wireguard proxy setup

This is for a server that is inside of a firewall or behind a NAT gateway that doesn't have a static IP address. A cheap $6/month DigitalOcean droplet can be created that will route all internet traffic to the server, allowing it to change IP.

  • On both proxy and the server:
sudo apt install wireguard-tools net-tools
wg genkey \
| sudo tee /etc/wireguard/wg0.key \
| wg pubkey \
| sudo tee /etc/wireguard/
sudo chmod -R go-rwx /etc/wireguard
  • Copy wireguard/wg0-proxy.conf to /etc/wireguard/wg0.conf on the proxy

  • On the proxy edit /etc/wireguard/wg0.conf:

    • Change ${SERVER_PUBKEY} to the public key that was output on the server
  • Copy wireguard/wg0-server.conf to /etc/wireguard/wg0.conf on the server.

  • On the server edit /etc/wireguard/wg0.conf:

    • Change ${PROXY_IP} to the public IP address of the proxy (two places)
    • Change ${PROXY_PUBKEY} to the public key output on the proxy (two places)
    • Change ${SERVER_GW} to the gateway address used to reach the internet from the server
  • On both machines run sudo wg-quick up /etc/wireguard/wg0.conf