A docker Wireguard VPN hosted on a Digitalocean droplet for $5 a month
This serves as a setup guide to create your own VPN for personal use.
Why would you want a VPN?
- Privacy (your traffic is coming from a public VPN server instead of your device)
- Security (your traffic can only be decrypted when it reaches your VPN server)
These are important because your ISP can see that you send traffic to the VPN server but not specifically what you are sending. And when you are using a public network your traffic will be encrypted. It is however important to note that a VPN does not offer complete security. You still need to be vigilant.
Please note due to a current (13-08-2020) issue the docker container does not work on older versions of Ubuntu.
- A server with a public IP that you have access to. (For my case I created a digitalocean droplet). Remember the location of the server determines the location of you.
- This server needs a linux(AFAIK) OS installed. (I went with Ubuntu 20.04). Please see the docker image docs for more detail as well on server limitations.
- This server needs docker and docker-compose installed. Please use the docker docs for this.
Now the easy part
We will split this in two. Server and peer where server is the vpn server that you connect to and peer is the user device that you connect from.
docker version: "3" services: wireguard: image: linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=<your-timezone> - SERVERURL=<your-server-ip-address> - SERVERPORT=51820 - PEERS=1 # change to add more PEERS volumes: - ./config:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp restart: unless-stopped
- Create a file called
docker-compose.ymlon the server.
- Paste the above code and replace the relevant values.
docker-compose up -dand wait for the container to startup. It should take less than a minute.
docker container logs wireguardto confirm a successful startup. If you see a QR code it’s probably all good.
this is analogous to any device that you use to access the internet
The peer can be any device that is supported by Wireguard and any device further than that which can run docker(this is within reason do not take this as an absolute please). I do not know how to configure this for all peers so please refer to the wireguard documentation for connection. I will give an example of Mac/Windows as these are similar.
- Your first peer/peer config can be found on your server under
config/peer1/peer1.confand this should be the only file you need for connection.
- From the link provided follow the instructions to download wireguard peer.
- On mac you can then import your new tunnel from
peer1.confwithin the peer GUI.
- On mobile devices you can use the QR code saved on your server at