WireHole Easy is a simple Docker Compose setup that combines:
- Wireguard Easy (wg-easy) - WireGuard docker image with web gui
- Pi-hole - DNS server that blocks unwanted content with web gui
Also this setup can be easily multiplied if you need many VPN subnets
- Passwords can be generated using
cat /dev/random | head -c 30 | base64
- Install Docker and Docker Compose somehow
- Clone repo and cd:
clone /~https://github.com/AzazKamaz/wirehole-easy.git && cd wirehole-easy
- Create
.env
(example is.env.example
):DNS_WEB_PASS
- password for Pi-hole web guiWG_WEB_PASS
- password for WireGuard Easy web guiWG_HOST
- public ip of the serverWG_PORT
- port on which WireGuard will listenTZ
(optional) - logs rotation timezone (at midnight) (see Pi-hole)
- Run:
sudo docker-compose up -d
10.13.37.0/24
- VPN subnet172.23.147.1
- server where Docker is run172.23.147.2:53
- Pi-hole DNS- http://172.23.147.2:80/admin - Pi-hole web gui
- http://172.23.147.3:51821/ - WireGuard Easy web gui
ssh -L 51821:172.23.147.3:51821 $SERVER_IP
- forward port through ssh (then it is accessible at http://localhost:51821/ from where you run ssh)- http://172.23.147.3:51821/ - from Linux server (Docker contrainers are accessible from host)
- Example is available in docker-compose.multiple.yml
- Create another deployment or duplicate
wireguard
service and network indocker-compose.yml
- Edit
docker-compose.yml
:- Increment every
172.23.147.x
ip by 8:172.23.147.3
->172.23.147.11
- Increment every
fc00:a056:4629:ada0::x
ip by 8:fc00:a056:4629:ada0::3
->fc00:a056:4629:ada0::b
(notice hex numbers) - Optional: change VPN subnet address at
WG_DEFAULT_ADDRESS
- Increment every