A simple WireGuard VPN server GUI
Branch: master
Clone or download
Latest commit f829186 Jan 22, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
email initial version Jan 14, 2019
static initial version Jan 14, 2019
templates initial version Jan 14, 2019
Dockerfile initial version Jan 14, 2019
Dockerfile.build initial version Jan 14, 2019
LICENSE add LICENSE back Jan 22, 2019
README.md initial version Jan 14, 2019
config.go initial version Jan 14, 2019
entrypoint.sh initial version Jan 14, 2019
handlers.go initial version Jan 14, 2019
mailer.go initial version Jan 14, 2019
main.go initial version Jan 14, 2019
screencast.gif initial version Jan 14, 2019
screenshot1.png initial version Jan 14, 2019
screenshot2.png initial version Jan 14, 2019
screenshot3.png initial version Jan 14, 2019
subspace-linux-amd64 initial version Jan 14, 2019
utils.go initial version Jan 14, 2019
web.go initial version Jan 14, 2019


Subspace - A simple WireGuard VPN server GUI



  • WireGuard VPN Protocol
    • The most modern and fastest VPN protocol.
  • Add Devices
    • Connect from Mac OS X, Windows, Linux, Android, or iOS.
  • Remove Devices
    • Removes client key and disconnects client.
  • Auto-generated Configs
    • Each client gets a unique downloadable config file.

Run Subspace on Portal Cloud

Portal Cloud is a hosting service that enables anyone to run open source cloud applications.

Sign up for Portal Cloud and get $15 free credit with code Portal15.

Run Subspace on a VPS

Running Subspace on a VPS is designed to be as simple as possible.

  • Public Docker image
  • Single static Go binary with assets bundled
  • Automatic TLS using Let's Encrypt
  • Redirects http to https

1. Get a server

Recommended Specs

  • Type: VPS or dedicated
  • Distribution: Ubuntu 16.04 (Xenial)
  • Memory: 512MB or greater

2. Add a DNS record

Create a DNS A record in your domain pointing to your server's IP address.

Example: subspace.example.com A

3. Enable Let's Encrypt

Subspace runs a TLS ("SSL") https server on port 443/tcp. It also runs a standard web server on port 80/tcp to redirect clients to the secure server. Port 80/tcp is required for Let's Encrypt verification.


  • Your server must have a publicly resolvable DNS record.
  • Your server must be reachable over the internet on ports 80/tcp and 443/tcp and 51820/udp (WireGuard).


Example usage:

$ subspace --http-host subspace.example.com



  -backlink string
    	backlink (optional)
  -datadir string
    	data dir (default "/data")
    	debug mode
    	display help and exit
  -http-host string
    	HTTP host
    	display version and exit

Run as a Docker container

Install WireGuard on the host

The container expects WireGuard to be installed on the host. The official image is subspacecloud/subspace.

add-apt-repostory -y ppa:wireguard/wireguard
apt-get update
apt-get install -y wireguard

# Remove dnsmasq because it will run inside the container.
apt-get remove -y dnsmasq

# Set DNS server.
echo nameserver >/etc/resolv.conf

# Load modules.
modprobe wireguard
modprobe iptable_nat
modprobe ip6table_nat

# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

Follow the official Docker install instructions: Get Docker CE for Ubuntu

Make sure to change the --env SUBSPACE_HTTP_HOST to your publicly accessible domain name.

# Your data directory should be bind-mounted as `/data` inside the container using the `--volume` flag.
$ mkdir /data

docker create \
    --name subspace \
    --restart always \
    --network host \
    --cap-add NET_ADMIN \
    --volume /usr/bin/wg:/usr/bin/wg \
    --volume /data:/data \
    --env SUBSPACE_HTTP_HOST=subspace.example.com \

$ sudo docker start subspace

$ sudo docker logs subspace

<log output>

Updating the container image

Pull the latest image, remove the container, and re-create the container as explained above.

# Pull the latest image
$ sudo docker pull subspacecloud/subspace

# Stop the container
$ sudo docker stop subspace

# Remove the container (data is stored on the mounted volume)
$ sudo docker rm subspace

# Re-create and start the container
$ sudo docker create ... (see above)

Help / Reporting Bugs

Email support@portal.cloud