Тема поддержки на моем форуме: https://openode.ru/topic/140-dwg-cli/
- Чистый пустой сервер.
- Поддерживаемые операционные системы: Ubuntu 20.04, 22.04; Debian 11, Centos 8,9
Скрипт устанавливает все автоматически. Все комментарии по скрипту внутри в комментариях
4VPS.su Рекомендую - однозначно! Скорость до 2ГБ\с. В моих тестах самый быстрый был сервер в Швейцарии!
- Очень хорошая скорость (до 2гб/с)
- Посуточные тарифы
- Доступные тарифы мощных сборок.
- Лояльность к VPN использованию серверов.
VDSina.ru Рекомендую VPS хостинг - по рефералке скидка 10%!!!:
AEZA.net - бонус +15% к пополнению
Достаточно хорошая стабильность и связь в 1гб/с (причем с гарантиями не менее 100мбит\с)
Все критерии закрыты и 1Гб/с
Базовый вариант на котором хотел бы отметить своё внимание. Претензий нет, кроме как скорость 100мбит/сек. (но хочется отметить, что скорость эта достаточно стабильная!)
Запусти команду на чистом сервере
apt update && apt install curl sudo git -y && curl -Of https://raw.githubusercontent.com/DigneZzZ/dwg-cli/main/setup.sh && chmod +x setup.sh && ./setup.sh
Чтобы получить параметры по созданным конфигам:
cd dwg-cli && ./peer.sh
- Сначала установится Git, чтобы можно было скопировать мой репозиторий
- Docker - последняя версия
- Docker-compose - последняя версия
- Wireguard - интерактивный режим введения количества пользователей (имена\количество)
- AdGuard Home - интерактивный режим создания пользователя и пароля (можно оставить стандартным)
- Unbound - все в стоке
- apache2-utils - необходим для генерации хэш-паролей
- ssh.sh - скрипт для смены порта SSH подключения
- ufw.sh - скрипт для установки UFW Firewall.
- peer.sh - выводит список пиров и выводит настройки
👤 ** Alexey **
- Git: DigneZzZ
- Site: OpeNode.RU
Пароль по умолчанию, при ручной установке без скрипта: a12345678
- RU-Adlist https://easylist-downloads.adblockplus.org/advblock.txt
- BitBlock https://easylist-downloads.adblockplus.org/bitblock.txt
- Cntblock https://easylist-downloads.adblockplus.org/cntblock.txt
- EasyList https://easylist-downloads.adblockplus.org/easylist.txt
- Доп список от Шакала https://schakal.ru/hosts/alive_hosts_ru_com.txt
- файл с разблокированными r.mail.ru и graph.facebook.com https://schakal.ru/hosts/hosts_mail_fb.txt
- All DNS Servers https://adguard-dns.io/kb/general/dns-providers/#cloudflare-dns
- DNS Perfomance list: https://www.dnsperf.com/#!dns-resolvers
Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate <external>:<internal>
respectively. For example, -p 8080:80
would expose port 80
from inside the container to be accessible from the host's IP on port 8080
outside the container.
Parameter | Function |
---|---|
-p 51820/udp |
wireguard port |
-e PUID=1000 |
for UserID - see below for explanation |
-e PGID=1000 |
for GroupID - see below for explanation |
-e TZ=Europe/London |
Specify a timezone to use EG Europe/London |
-e SERVERURL=wireguard.domain.com |
External IP or domain name for docker host. Used in server mode. If set to auto , the container will try to determine and set the external IP automatically |
-e SERVERPORT=51820 |
External port for docker host. Used in server mode. |
-e PEERS=1 |
Number of peers to create confs for. Required for server mode. Can be a list of names too: myPC,myPhone,myTablet... |
-e PEERDNS=auto |
DNS server set in peer/client configs (can be set as 8.8.8.8 ). Used in server mode. Defaults to auto , which uses wireguard docker host's DNS via included CoreDNS forward. |
-e INTERNAL_SUBNET=10.13.13.0 |
Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode. |
-e ALLOWEDIPS=0.0.0.0/0 |
The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1. |
-v /config |
Contains all relevant configuration files. |
-v /lib/modules |
Maps host's modules folder. |
--sysctl= |
Required for client mode. |
You can set any environment variable from a file by using a special prepend FILE__
.
As an example:
-e FILE__PASSWORD=/run/secrets/mysecretpassword
Will set the environment variable PASSWORD
based on the contents of the /run/secrets/mysecretpassword
file.
There is the ability to override the default umask settings for services started within the containers using the optional -e UMASK=022
setting.
Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up here before asking for support.
When using volumes (-v
flags) permissions issues can arise between the host OS and the container, this is avoided by allowing you to specify the user PUID
and group PGID
.
Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
In this instance PUID=1000
and PGID=1000
, to find yours use id user
as below:
$ id username
uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
If the environment variable PEERS
is set to a number or a list of strings separated by comma, the container will run in server mode and the necessary server and peer/client confs will be generated. The peer/client config qr codes will be output in the docker log. They will also be saved in text and png format under /config/peerX
in case PEERS
is a variable and an integer or /config/peer_X
in case a list of names was provided instead of an integer.
Variables SERVERURL
, SERVERPORT
, INTERNAL_SUBNET
and PEERDNS
are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs.
To add more peers/clients later on, you increment the PEERS
environment variable or add more elements to the list and recreate the container.
To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: docker exec -it wireguard /app/show-peer 1 4 5
or docker exec -it wireguard /app/show-peer myPC myPhone myTablet
(Keep in mind that the QR codes are also stored as PNGs in the config folder).
The templates used for server and peer confs are saved under /config/templates
. Advanced users can modify these templates and force conf generation by deleting /config/wg0.conf
and restarting the container.
(This portion of documentation has been adapted from docker-wireguard)
If you choose to not use Cloudflare any reason you are able to modify the upstream DNS provider in unbound.conf
.
Search for forward-zone
and modify the IP addresses for your chosen DNS provider.
NOTE: The anything after
#
is a comment on the line. What this means is it is just there to tell you which DNS provider you put there. It is for you to be able to reference later. I recommend updating this if you change your DNS provider from the default values.
forward-zone:
name: "."
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-tls-upstream: yes
If the environment variable PEERS
is set to a number, the container will run in server mode and the necessary server and peer/client confs will be generated. The peer/client config qr codes will be output in the docker log. They will also be saved in text and png format under /config/peerX.
Variables SERVERURL
, SERVERPORT
, INTERNAL_SUBNET
and PEERDNS
are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs.
To add more peers/clients later on, you increment the PEERS
environment variable and recreate the container.
To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: docker-compose exec wireguard /app/show-peer 1 4 5
will show peers #1 #4 and #5 (Keep in mind that the QR codes are also stored as PNGs in the config folder).
The templates used for server and peer confs are saved under /config/templates. Advanced users can modify these templates and force conf generation by deleting /config/wg0.conf and restarting the container.