Skip to content

Home

Jump to bottom
Tye edited this page Apr 5, 2024 · 2 revisions

Welcome to Coders WGTunnel Wiki!

What is wgtunnel? Wgtunnel is a tool that streamlines the setup and management of a WireGuard server.
It simplifies two key functionalities: client registration and tunnel creation.

Clients can register themselves on the server with just a single API request. This eliminates
the need for manual configuration. Additionally, the registration process automatically
reconnects clients if the server restarts but peridocially sending API requests.

Use Cases?

  • Coder uses wgtunnel to create tunnel to trial/demo deployments so it can be globally accessed.
  • Have a cool project or application running on a home server? Tunnel it through your self-hosted version and share it with
    your friends to see the awesome project.

> ⚠️ WARNING: WGtunnel is not a VPN - it is just an application which tunnels client side requests.

Prerequisites

  • A Small VPS - around 2GB of ram
  • A Domain Name

DNS Setup

Setup a DNS record for the wgtunnel to run on, this can be on the root domain or on a subdomain. \

  • Example - example.com -> 192.168.1.200 or <subdomain>.example.com, replace subdomain with a your prefrence.
  • Make another DNS record for the tunnel service to be accessible by, *.example.com -> example.com CNAME or *.<subdomain>.example.com.

Setting up wgtunnel

Install Docker and Docker-Compose

  • apt install docker.io
  • apt install docker-compose
  • apt instal wireguard

Docker-Compose file

  • 1 - Git Clone https://github.com/coder/wgtunnel
  • 2 - cd wgtunnel/compose

Now edit the existing docker-compose.yml file to the following content

version: "3.9"
services:
  caddy:
    build: ./caddy
    ports:
      - 80:80
      - 443:443
    environment:
      - CADDY_INGRESS_NETWORKS=caddy
    networks:
      - caddy
    volumes:
      - /etc/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy_data:/data
      - caddy_config:/config

    restart: unless-stopped

  tunnel:
    image: "ghcr.io/coder/wgtunnel/tunneld:0.1.12"
    restart: always
    ports:
      - 55552:55552/udp
    networks:
      - caddy
    environment:
      TUNNELD_LISTEN_ADDRESS: "0.0.0.0:8080"
      TUNNELD_BASE_URL: "https://<domain>"
      TUNNELD_WIREGUARD_ENDPOINT: "<domain>:55552"
      TUNNELD_WIREGUARD_PORT: "55552"
      TUNNELD_WIREGUARD_KEY: "" # Run the wg genkey
      TUNNELD_WIREGUARD_MTU: "1280"
      TUNNELD_WIREGUARD_SERVER_IP: "fcca::1"
      TUNNELD_WIREGUARD_NETWORK_PREFIX: "fcca::/16"
      TUNNELD_REAL_IP_HEADER: "X-Forwarded-For"
      TUNNELD_PPROF_LISTEN_ADDRESS: "127.0.0.1:6060"
    labels:
      caddy: <domain>, *.<domain>"
      caddy.reverse_proxy: "{{upstreams 8080}}"
      caddy.tls.dns: cloudflare <cloudflare_api_key>

networks:
  caddy:
    external: true

volumes:
  caddy_data: {}
  caddy_config: {}

Make a new file in /etc/caddy/Caddy. Edit the Caddy file and fill it in with the content

https://*.<domain>, https://<domain> {
        tls {
                resolvers 1.1.1.1
                dns cloudflare <cloudflare_api_key>
        }

        reverse_proxy http://127.0.0.1:8080
}

How to setup the API key for cloudflare

Follow this link https://github.com/libdns/cloudflare which shows you the permissions it will need.

Final Step

Run the docker-compose up -d command, the -d flag will run it in detatched mode so if you close SSH it will still run. \

All you have to do is go to the domain you setup wgtunnel with and it should output https://coder.com

Clone this wiki locally