WG-Easy is a powerful tool that provides an intuitive web-based GUI for managing a WireGuard server. It makes it easier for both beginners and experienced users to deploy and maintain a WireGuard VPN. This guide will walk you through the installation of WireGuard with WG-Easy, including setting up the server, creating and managing clients, and configuring advanced features.

Let’s dive into the process!

What is WG-Easy?

WG-Easy is an all-in-one solution for setting up and managing WireGuard VPN servers with a simple web interface. Some of its core features include:

• WireGuard + Web UI: Install and manage WireGuard and its configurations through a simple web interface.
• Client Management: Add, remove, and manage VPN clients easily.
• Statistics: Monitor the traffic (Tx/Rx) for each connected client.
• Prometheus Metrics: Integration with Prometheus for advanced monitoring and reporting.
• Multilingual Support: The interface supports multiple languages, including English, German, French, Spanish, and more.
• Dark Mode: Automatically switch to dark mode depending on your preferences.

If you want to quickly set up WireGuard and manage it without needing to dive into configuration files or CLI commands, WG-Easy is the perfect solution.

Prerequisites

Before you begin, ensure you meet the following requirements:

1. A server with Docker installed: Docker is required to run WG-Easy in a containerized environment.
2. A Linux host: Any modern Linux distribution should work as long as it has a kernel that supports WireGuard.
3. A public IP address or Dynamic DNS (DDNS) hostname: The WireGuard server needs to be accessible from the internet.
4. Basic understanding of WireGuard: If you’re not familiar with WireGuard, it’s a good idea to learn the basics of how it works.

If you don’t have Docker installed, start by installing it on your server:

curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $(whoami)
exit

After running the commands above, log back in to ensure your user is added to the Docker group.

Installing WG-Easy with Docker

Step 1: Prepare Your Environment

Now that Docker is installed, you can proceed with installing WG-Easy. This will be done using Docker, which simplifies deployment and management of the application.

1. Run the Docker Container
   Run the following command to pull and start the WG-Easy container:

docker run --detach \
  --name wg-easy \
  --env LANG=en \
  --env WG_HOST=<YOUR_SERVER_IP> \
  --env PASSWORD_HASH='<YOUR_ADMIN_PASSWORD_HASH>' \
  --env PORT=51821 \
  --env WG_PORT=51820 \
  --volume ~/.wg-easy:/etc/wireguard \
  --publish 51820:51820/udp \
  --publish 51821:51821/tcp \
  --cap-add NET_ADMIN \
  --cap-add SYS_MODULE \
  --sysctl 'net.ipv4.conf.all.src_valid_mark=1' \
  --sysctl 'net.ipv4.ip_forward=1' \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy

Step 2: Configure the Environment Variables

In the above command, replace the placeholders with your specific details:

• <YOUR_SERVER_IP>: Replace with your public server IP or DDNS hostname.
• <YOUR_ADMIN_PASSWORD_HASH>: A bcrypt hashed password to secure access to the Web UI. For security, don’t use plain text passwords. You can generate the hash using online tools or command-line utilities.

To generate a bcrypt hash, use the following command:

# On a Linux/Mac terminal
openssl passwd -6

Or use online bcrypt hash generators.

Step 3: Access the Web UI

Once the container is up and running, you can access the WG-Easy web interface by visiting:

http://<YOUR_SERVER_IP>:51821

The default port for the web UI is 51821. Here, you’ll be prompted to log in using the bcrypt password hash you generated earlier.

Step 4: Client Configuration and Management

Once logged in, you can start managing your WireGuard clients. The web interface provides options to:

• Create Clients: Add new WireGuard clients by filling out simple forms. Each client will have a unique QR code and configuration file that can be downloaded and used on a mobile device or desktop WireGuard client.
• List Clients: View all clients currently configured on your WireGuard server.
• Edit/Delete Clients: Modify or remove client configurations as necessary.
• Enable/Disable Clients: Toggle client access to the VPN.
• Statistics: Monitor real-time data usage (Tx/Rx) for each client and see which clients are currently connected.

The web interface is highly intuitive, and most users will find that they don’t need to manually edit WireGuard configuration files anymore.

Advanced Configuration Options

1. Prometheus Metrics

WG-Easy provides integration with Prometheus for collecting and monitoring various WireGuard metrics. To enable Prometheus metrics, set the following environment variable in the Docker container:

--env ENABLE_PROMETHEUS_METRICS=true

This will expose metrics at the following endpoint:

http://<YOUR_SERVER_IP>:51821/metrics

You can use Grafana or other monitoring tools to visualize this data. For more advanced setups, check the Prometheus documentation.

2. Client Expiry Time

You can enable expiration dates for clients by setting the WG_ENABLE_EXPIRES_TIME environment variable:

--env WG_ENABLE_EXPIRES_TIME=true

This ensures that clients cannot access the VPN indefinitely. You can set specific expiration times for each client through the web UI.

3. Traffic Statistics

By default, traffic statistics (Tx/Rx charts) are disabled. You can enable them by setting the following environment variable:

--env UI_TRAFFIC_STATS=true

This allows you to view detailed data usage for each client in real-time.

4. One-Time Links

If you need to share client configuration files without worrying about security, you can enable one-time download links:

--env WG_ENABLE_ONE_TIME_LINKS=true

This generates temporary links that expire after five minutes, providing an extra layer of security.

Updating WG-Easy

To keep WG-Easy up to date, you can easily pull the latest image from Docker Hub and restart the container. Here’s how to do it:

1. Stop the Current Container:

docker stop wg-easy

2. Remove the Old Container:

docker rm wg-easy

3. Pull the Latest Image:

docker pull ghcr.io/wg-easy/wg-easy

4. Restart the Container:

Run the same docker run command you used earlier to restart the container with the updated image.

Alternatively, if you’re using Docker Compose, simply run:

docker-compose up --detach --pull always

This will automatically pull the latest image and recreate the container.

Troubleshooting

• Unable to Access Web UI: Make sure your firewall is configured to allow traffic on port 51821 (TCP) and 51820 (UDP).
• WireGuard Not Connecting: Ensure that the WireGuard service is running on the host and that the server’s IP and port are correctly configured in the WG-Easy interface.
• Docker Issues: If Docker isn’t running correctly, check the Docker logs with docker logs wg-easy to diagnose any issues.

Conclusion

Setting up a WireGuard server with WG-Easy is a straightforward process that can save you time and effort managing your VPN. Whether you’re a home user looking for a secure VPN connection or a system administrator managing a network of clients, WG-Easy makes the process simple and accessible through a web-based GUI. By leveraging Docker and a few easy-to-configure environment variables, you can deploy and maintain a robust VPN server with minimal hassle.

For more details, visit the WG-Easy GitHub repository, which includes a wealth of information on configuration, advanced use cases, and troubleshooting.

Happy VPNing!

The post Installing WireGuard Server on Ubuntu first appeared on HEADWORQ.