From da4c8279286ff60ba6ac2bb7a14390f189048902 Mon Sep 17 00:00:00 2001 From: <> Date: Sun, 29 Jan 2023 16:26:09 +0000 Subject: [PATCH] Deployed 51d50fe1 with MkDocs version: 1.4.2 --- images/docker-wireguard/index.html | 2 +- search/search_index.json | 2 +- sitemap.xml | 410 ++++++++++++++--------------- sitemap.xml.gz | Bin 1549 -> 1548 bytes 4 files changed, 207 insertions(+), 207 deletions(-) diff --git a/images/docker-wireguard/index.html b/images/docker-wireguard/index.html index eda38877b7..d54f16b6ec 100644 --- a/images/docker-wireguard/index.html +++ b/images/docker-wireguard/index.html @@ -57,4 +57,4 @@
Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate <external>:<internal>
respectively. For example, -p 8080:80
would expose port 80
from inside the container to be accessible from the host's IP on port 8080
outside the container.
-p
)Parameter | Function |
---|---|
51820/udp | wireguard port |
-e
)Env | Function |
---|---|
PUID=1000 | for UserID - see below for explanation |
PGID=1000 | for GroupID - see below for explanation |
TZ=Europe/London | Specify a timezone to use EG Europe/London |
SERVERURL=wireguard.domain.com | External IP or domain name for docker host. Used in server mode. If set to auto , the container will try to determine and set the external IP automatically |
SERVERPORT=51820 | External port for docker host. Used in server mode. |
PEERS=1 | Number of peers to create confs for. Required for server mode. Can also be a list of names: myPC,myPhone,myTablet (alphanumeric only) |
PEERDNS=auto | DNS server set in peer/client configs (can be set as 8.8.8.8 ). Used in server mode. Defaults to auto , which uses wireguard docker host's DNS via included CoreDNS forward. |
INTERNAL_SUBNET=10.13.13.0 | Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode. |
ALLOWEDIPS=0.0.0.0/0 | The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1. |
PERSISTENTKEEPALIVE_PEERS= | Set to all or a list of comma separated peers (ie. 1,4,laptop ) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode. |
LOG_CONFS=true | Generated QR codes will be displayed in the docker log. Set to false to skip log output. |
-v
)Volume | Function |
---|---|
/config | Contains all relevant configuration files. |
/lib/modules | Maps host's modules folder. Only required if compiling wireguard modules. |
Parameter | Function |
---|---|
--sysctl= | Required for client mode. |
{% hint style="warning" %} This image utilises cap_add
or sysctl
to work properly. This is not implemented properly in some versions of Portainer, thus this image may not work if deployed through Portainer.
You can set any environment variable from a file by using a special prepend FILE__
.
As an example:
-e FILE__PASSWORD=/run/secrets/mysecretpassword
Will set the environment variable PASSWORD
based on the contents of the /run/secrets/mysecretpassword
file.
For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional -e UMASK=022
setting. Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up here before asking for support.
When using volumes (-v
flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user PUID
and group PGID
.
Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
In this instance PUID=1000
and PGID=1000
, to find yours use id user
as below:
$ id username
uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
-
We publish various Docker Mods to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.
docker exec -it wireguard /bin/bash
docker logs -f wireguard
docker inspect -f '{{ index .Config.Labels "build_version" }}' wireguard
docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/wireguard:latest
PersistentKeepalive
to server config for select peers to survive server IP changes when domain name is used.LOG_CONFS
env var. Remove deprecated add-peer
command./config/templates/peer.conf
and restart/config/coredns/Corefile
and restart)./config/coredns/Corefile
and restart).PEERDNS=auto
setting. Update the add-peer
/show-peer
scripts to utilize the templates and the INTERNAL_SUBNET
var (previously missed, oops).INTERNAL_SUBNET
variable to prevent subnet clashes. Add templates for server and peer confs.show-peer
script and include info on host installed headers.