WireGuard client in the Docker container.
- Docker Registry @monstrenyatko/wireguard-client
- GitHub @monstrenyatko/docker-wireguard-client
Container configures firewall to block all traffic while VPN network is disconnected.
-
Prepare
Dockerhost kernel- The
WireGuardkernel module must be available inDockerhost kernel - See official installation instructions, usually, it is as trivial as:
sudo apt install wireguard
- The
-
Configure environment:
-
WIREGUARD_PORT: theWireGuardserver port number to configure firewall rulesexport WIREGUARD_PORT=51820 -
WIREGUARD_CLIENT_CONFIG: path toconfigfile:export WIREGUARD_CLIENT_CONFIG="<path-to-wireguard-config-file>"
-
NET_LOCAL: [OPTIONAL] local network to setup back route rule, this is required to allow connections from your local network to the service working over VPN client network:export NET_LOCAL="192.168.0.0/16"
-
DOCKER_REGISTRY: [OPTIONAL] registry prefix to pull image from a customDockerregistry:export DOCKER_REGISTRY="my_registry_hostname:5000/"
-
-
Pull prebuilt
Dockerimage:docker-compose pull
-
Start prebuilt image:
docker-compose up -d
-
Stop/Restart:
docker-compose stop docker-compose start
-
Configuration:
-
[OPTIONAL] Allow incoming connections to some port from local network:
-
Set
NET_LOCALenvironment variable, see Configure environment section -
Add to
docker-compose.ymltheportssection:wireguard-client: ports: - 8080:8080
-
-
-
Start service working over VPN. The simplest way to do this is to utilize the network stack of the VPN client container:
-
Add
--network=container:wireguard-clientoption todocker runcommand -
Start service container:
docker run --rm -it --network=container:wireguard-client alpine:3 /bin/sh
NOTE: The service container needs to be restarted/recreated when VPN container is restarted/recreated, otherwise network connection will not be recovered.
-
./build.sh <tag name>