diff --git a/docs/documentation/getting-started/binaries.md b/docs/documentation/getting-started/binaries.md index 81841b7..5b657c5 100644 --- a/docs/documentation/getting-started/binaries.md +++ b/docs/documentation/getting-started/binaries.md @@ -31,4 +31,4 @@ sudo install wg-portal /opt/wg-portal/ ## Unreleased Unreleased versions could be downloaded from -[GitHub Workflow](https://github.com/h44z/wg-portal/actions/workflows/docker-publish.yml?query=branch%3Amaster) artifacs also. +[GitHub Workflow](https://github.com/h44z/wg-portal/actions/workflows/docker-publish.yml?query=branch%3Amaster) artifacts also. diff --git a/docs/documentation/getting-started/docker.md b/docs/documentation/getting-started/docker.md index 93d45cd..2f9592e 100644 --- a/docs/documentation/getting-started/docker.md +++ b/docs/documentation/getting-started/docker.md @@ -55,3 +55,60 @@ You should mount those directories as a volume: - /app/config A detailed description of the configuration options can be found [here](../configuration/overview.md). + +## Running WireGuard inside Docker + +Modern Linux distributions ship with a kernel that supports WireGuard out of the box. +This means that you can run WireGuard directly on the host system without the need for a Docker container. +WireGuard Portal can then manage the WireGuard interfaces directly on the host. + +If you still want to run WireGuard inside a Docker container, you can use the following example docker-compose.yml: + +```yaml +services: + wg-portal: + image: wgportal/wg-portal:latest + container_name: wg-portal + restart: unless-stopped + logging: + options: + max-size: "10m" + max-file: "3" + cap_add: + - NET_ADMIN + network_mode: "service:wireguard" # So we ensure to stay on the same network as the wireguard container. + volumes: + - ./wg/etc:/etc/wireguard + - ./wg/data:/app/data + - ./wg/config:/app/config + + wireguard: + image: lscr.io/linuxserver/wireguard:latest + container_name: wireguard + restart: unless-stopped + cap_add: + - NET_ADMIN + ports: + - "51820:51820/udp" # WireGuard port, needs to match the port in wg-portal interface config + - "127.0.0.1:8888:8888" # Noticed that the port of the web UI is exposed in the wireguard container. + volumes: + - ./wg/etc:/config/wg_confs # We share the configuration (wgx.conf) between wg-portal and wireguard + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 +``` + +For this to work, you need to have at least the following configuration set in your WireGuard Portal config: + +```yaml +core: + # The WireGuard container uses wg-quick to manage the WireGuard interfaces - this conflicts with WireGuard Portal during startup. + # To avoid this, we need to set the restore_state option to false so that wg-quick can create the interfaces. + restore_state: false + # Usually, there are no existing interfaces in the WireGuard container, so we can set this to false. + import_existing: false +advanced: + # WireGuard Portal needs to export the WireGuard configuration as wg-quick config files so that the WireGuard container can use them. + config_storage_path: /etc/wireguard/ +``` + +Also make sure that you restart the WireGuard container after you create or delete an interface in WireGuard Portal. \ No newline at end of file diff --git a/docs/documentation/getting-started/sources.md b/docs/documentation/getting-started/sources.md index 898da22..265e5b9 100644 --- a/docs/documentation/getting-started/sources.md +++ b/docs/documentation/getting-started/sources.md @@ -21,4 +21,5 @@ make build ## Install -Compiled binary will be available in `./dist` directory. +Compiled binary will be available in `./dist` directory. +For installation instructions, check the [Binaries](./binaries.md) section. diff --git a/docs/documentation/upgrade/v1.md b/docs/documentation/upgrade/v1.md index b97374f..3046d29 100644 --- a/docs/documentation/upgrade/v1.md +++ b/docs/documentation/upgrade/v1.md @@ -1,5 +1,5 @@ For production deployments of WireGuard Portal, we strongly recommend using version 1. -If you want to use version 2, please be aware that it is still in beta and not feature complete. +If you want to use version 2, please be aware that it is still a release candidate and not yet fully stable. ## Upgrade from v1 to v2