Sanskriti Harmukh for Vultr

Posted on Jun 10 with Aashish Chaurasiya • Originally published at docs.vultr.com

Installing WGDashboard, an Open-Source Web UI for WireGuard VPN, on Ubuntu 24.04

#vpn #docker #devops #networking

WGDashboard is an open-source web UI for managing WireGuard VPN configurations, peers, and traffic statistics. This guide installs WGDashboard using Docker Compose with Traefik handling automatic HTTPS for the dashboard, IP forwarding enabled on the host, and the WireGuard UDP port exposed. By the end, you'll have WGDashboard managing WireGuard peers behind a secured HTTPS dashboard at your domain.

Set Up the Directory Structure

1. Create the project directory structure:

$ mkdir -p ~/wgdashboard/{conf,data}
$ cd ~/wgdashboard

2. Create the environment file:

$ nano .env

DOMAIN=wgdashboard.example.com
LETSENCRYPT_EMAIL=admin@example.com

Enable IPv4 Forwarding

WireGuard routes traffic between peers, so the host kernel must forward packets.

1. Append the sysctl setting:

$ echo "net.ipv4.ip_forward=1" | sudo tee -a /usr/lib/sysctl.d/99-custom.conf

2. Reload sysctl:

$ sudo sysctl --system

Deploy with Docker Compose

1. Create the Docker Compose manifest:

$ nano docker-compose.yaml

services:
  traefik:
    image: traefik:v3.6
    container_name: traefik
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: unless-stopped

  wgdashboard:
    image: ghcr.io/wgdashboard/wgdashboard:latest
    container_name: wgdashboard
    hostname: wgdashboard
    expose:
      - "10086"
    ports:
      - "51820:51820/udp"
    volumes:
      - "./conf:/etc/wireguard"
      - "./data:/data"
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv4.ip_forward=1
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wgdashboard.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.wgdashboard.entrypoints=websecure"
      - "traefik.http.routers.wgdashboard.tls.certresolver=letsencrypt"
      - "traefik.http.services.wgdashboard.loadbalancer.server.port=10086"
    restart: unless-stopped

volumes:
  letsencrypt:

2. Start the services:

$ docker compose up -d

3. Verify the services are running:

$ docker compose ps

Access WGDashboard

Open https://wgdashboard.example.com in a browser. Sign in with the default credentials:

Username: admin
Password: admin

Change the admin password immediately after first login.

Next Steps

WGDashboard is running with HTTPS for the UI and WireGuard UDP exposed. From here you can:

Create WireGuard interfaces and add peers from the dashboard
Export peer configurations as .conf files or QR codes for mobile clients
Add the WireGuard interface to your firewall's allowed inputs

For the full guide with additional tips, visit the original article on Vultr Docs.

DEV Community