Update README for Podman
This commit is contained in:
parent
326b11022f
commit
07596efd7f
1 changed files with 56 additions and 41 deletions
97
README.md
97
README.md
|
@ -1,28 +1,30 @@
|
||||||
# Wireguard
|
# WireGuard
|
||||||
|
|
||||||
This is a simple Docker image to run a Wireguard client. It includes a kill switch to ensure that any traffic not encrypted via Wireguard is dropped.
|
This is a simple image to run a WireGuard client. It includes a kill switch to ensure that any traffic not encrypted via WireGuard is dropped.
|
||||||
|
|
||||||
Wireguard is implemented as a kernel module, which is key to its performance and simplicity. However, this means that Wireguard _must_ be installed on the host operating system for this container to work properly. Instructions for installing Wireguard can be found [here](http://wireguard.com/install).
|
WireGuard is implemented as a kernel module, which is key to its performance and simplicity. However, this means that WireGuard _must_ be installed on the host operating system for this container to work properly. Instructions for installing WireGuard can be found [here](http://wireguard.com/install).
|
||||||
|
|
||||||
You will need a configuration file for your Wireguard interface. Many VPN providers will create this configuration file for you. For example, [here](http://mullvad.net/en/download/wireguard-config) is the configuration generator for Mullvad. Be sure to NOT include a kill switch in the configuration file, since the Docker image already has one.
|
You will need a configuration file for your WireGuard interface. Many VPN providers will create this configuration file for you. If your VPN provider offers to include a kill switch in the configuration file, be sure to DECLINE, since this container image already has one.
|
||||||
|
|
||||||
Now simply mount the configuration file and run! For example, if your configuration file is located at `/path/to/conf/mullvad.conf`:
|
Now simply mount the configuration file and run!
|
||||||
|
|
||||||
|
## Docker
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run --name wireguard \
|
$ docker run --name wireguard \
|
||||||
--cap-add NET_ADMIN \
|
--cap-add NET_ADMIN \
|
||||||
--cap-add SYS_MODULE \
|
--cap-add SYS_MODULE \
|
||||||
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
||||||
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
|
-v /path/to/your/config.conf:/etc/wireguard/wg0.conf \
|
||||||
jordanpotter/wireguard
|
jordanpotter/wireguard
|
||||||
```
|
```
|
||||||
|
|
||||||
Afterwards, you can link other containers to this one:
|
Afterwards, you can link other containers to this one:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run -it --rm \
|
$ docker run --rm \
|
||||||
--net=container:wireguard \
|
--net=container:wireguard \
|
||||||
appropriate/curl http://httpbin.org/ip
|
curlimages/curl ifconfig.io
|
||||||
```
|
```
|
||||||
|
|
||||||
## Docker Compose
|
## Docker Compose
|
||||||
|
@ -40,51 +42,64 @@ services:
|
||||||
sysctls:
|
sysctls:
|
||||||
net.ipv4.conf.all.src_valid_mark: 1
|
net.ipv4.conf.all.src_valid_mark: 1
|
||||||
volumes:
|
volumes:
|
||||||
- /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf
|
- /path/to/your/config.conf:/etc/wireguard/wg0.conf
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
curl:
|
curl:
|
||||||
image: appropriate/curl
|
image: curlimages/curl
|
||||||
command: http://httpbin.org/ip
|
command: ifconfig.io
|
||||||
network_mode: service:wireguard
|
network_mode: service:wireguard
|
||||||
depends_on:
|
depends_on:
|
||||||
- wireguard
|
- wireguard
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Podman
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ podman run --name wireguard \
|
||||||
|
--cap-add NET_ADMIN \
|
||||||
|
--cap-add NET_RAW \
|
||||||
|
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
||||||
|
-v /path/to/your/config.conf:/etc/wireguard/wg0.conf \
|
||||||
|
docker.io/jordanpotter/wireguard
|
||||||
|
```
|
||||||
|
|
||||||
|
Afterwards, you can link other containers to this one:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ podman run --rm \
|
||||||
|
--net=container:wireguard \
|
||||||
|
docker.io/curlimages/curl ifconfig.io
|
||||||
|
```
|
||||||
|
|
||||||
## Local Network
|
## Local Network
|
||||||
|
|
||||||
If you wish to allow traffic to your local network, specify the subnet(s) using the `LOCAL_SUBNETS` environment variable:
|
If you wish to allow traffic to your local network, specify the subnet(s) using the `LOCAL_SUBNETS` environment variable:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run --name wireguard \
|
$ docker run --name wireguard \
|
||||||
--cap-add NET_ADMIN \
|
--cap-add NET_ADMIN \
|
||||||
--cap-add SYS_MODULE \
|
--cap-add SYS_MODULE \
|
||||||
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
||||||
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
|
-v /path/to/your/config.conf:/etc/wireguard/wg0.conf \
|
||||||
-e LOCAL_SUBNETS=10.1.0.0/16,10.2.0.0/16,10.3.0.0/16 \
|
-e LOCAL_SUBNETS=10.1.0.0/16,10.2.0.0/16,10.3.0.0/16 \
|
||||||
jordanpotter/wireguard
|
jordanpotter/wireguard
|
||||||
```
|
```
|
||||||
|
|
||||||
Additionally, you can expose ports to allow your local network to access services linked to the Wireguard container:
|
Additionally, you can expose ports to allow your local network to access services linked to the WireGuard container:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run --name wireguard \
|
$ docker run --name wireguard \
|
||||||
--cap-add NET_ADMIN \
|
--cap-add NET_ADMIN \
|
||||||
--cap-add SYS_MODULE \
|
--cap-add SYS_MODULE \
|
||||||
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
||||||
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
|
-v /path/to/your/config.conf:/etc/wireguard/wg0.conf \
|
||||||
-p 8080:80 \
|
-p 8080:80 \
|
||||||
jordanpotter/wireguard
|
jordanpotter/wireguard
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run -it --rm \
|
$ docker run --rm \
|
||||||
--net=container:wireguard \
|
--net=container:wireguard \
|
||||||
nginx
|
nginx
|
||||||
```
|
```
|
||||||
|
|
||||||
## Versioning
|
|
||||||
|
|
||||||
Wireguard is new technology and its behavior may change in the future. For this reason, it's recommended to specify an image tag when running this container, such as `jordanpotter/wireguard:2.1.4`.
|
|
||||||
|
|
||||||
The available tags are listed [here](https://hub.docker.com/r/jordanpotter/wireguard/tags).
|
|
||||||
|
|
Loading…
Reference in a new issue