nocci/gluetun_wireguard_proxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
a small script that installs requirements, Docker and Gluetun. Asks for Wireguard infos and sets up including http Proxy on Port 8888
3 commits 1 branch 0 tags 33 KiB
Find a file
Exact
nocci 773010893c README.md aktualisiert
2025-08-23 19:06:53 +02:00
install.sh install.sh hinzugefügt 2025-08-23 19:05:12 +02:00
LICENSE Initial commit 2025-08-23 19:04:34 +02:00
README.md README.md aktualisiert 2025-08-23 19:06:53 +02:00

README.md

WireGuard Server Setup with Gluetun (Docker)

A comprehensive bash script for setting up a WireGuard VPN server using Gluetun in a Docker container on Debian systems. This setup provides HTTP and SOCKS5 proxy functionality with automatic failsafe mechanisms.

🚀 Features

  • Automated Installation: Complete Docker and dependency setup
  • WireGuard Integration: Custom WireGuard configuration support
  • Proxy Services: HTTP proxy (port 8888) and SOCKS5 proxy (port 8388)
  • Kill Switch: Built-in VPN kill switch prevents traffic leaks
  • Firewall Configuration: Automated UFW setup with secure defaults
  • Systemd Integration: Auto-start containers on boot
  • Static IP Support: Optional static IP configuration
  • Package Validation: Checks and installs only missing components

📋 Requirements

System Requirements

  • OS: Debian 10+ (Buster or newer)
  • Architecture: x86_64 (amd64)
  • RAM: 512MB minimum (1GB recommended)
  • Storage: 8GB minimum
  • Root Access: Required for installation

WireGuard Requirements

  • Valid WireGuard configuration from your VPN provider
  • Private Key
  • Public Key
  • Server Endpoint (IP:Port)
  • Interface IP address (IPv4 only)

⚠️ Important: Proxmox Considerations

LXC Containers (Not Recommended)

LXC containers have limitations with TUN/TAP devices required for VPN functionality. While workarounds exist, they require host-level modifications.

VM (Recommended)

Use a VM instead of LXC for best compatibility:

  • OS: Debian netinst minimal
  • RAM: 512MB
  • Disk: 8GB
  • CPU: 1 vCore

🛠️ Installation

1. Download and Prepare

# Download the script
wget https://raw.githubusercontent.com/your-repo/wireguard-gluetun-setup.sh
# OR
curl -O https://raw.githubusercontent.com/your-repo/wireguard-gluetun-setup.sh

# Make executable
chmod +x wireguard-gluetun-setup.sh

2. Run Installation

sudo ./wireguard-gluetun-setup.sh

3. Follow Interactive Setup

The script will prompt for:

  • Static IP configuration (optional)
  • WireGuard configuration details
  • Confirmation of installation steps

🔧 Configuration

Required WireGuard Parameters

During installation, you'll be prompted for:

WireGuard Private Key: [Your private key]
WireGuard Public Key: [Your public key]
WireGuard Preshared Key: [Optional - press Enter to skip]
WireGuard Endpoint: [e.g., vpn.example.com:51820]
WireGuard Allowed IPs: [e.g., 0.0.0.0/0]
WireGuard Interface IP: [e.g., 10.66.66.2/32] ⚠️ IPv4 ONLY

⚠️ Critical: IPv6 Limitation

Gluetun currently has issues with IPv6 addresses in WireGuard interface configuration.

Don't use: 10.66.66.2/32,fd42:42:42::2/128
Use instead: 10.66.66.2/32

The script automatically filters IPv6 addresses to prevent connection issues.

Generated Configuration

The script creates:

  • Docker Compose file: /opt/gluetun/docker-compose.yml
  • Systemd service: /etc/systemd/system/gluetun.service
  • UFW firewall rules
  • Network interface configuration (if static IP chosen)

🔗 Proxy Usage

After successful installation, you can use these proxy settings:

HTTP/HTTPS Proxy

Proxy: http://[SERVER-IP]:8888
Port: 8888

SOCKS5 Proxy

Host: [SERVER-IP]
Port: 8388

Example Configuration

Browser Settings:

  • HTTP Proxy: 192.168.1.100:8888
  • HTTPS Proxy: 192.168.1.100:8888
  • SOCKS5 Proxy: 192.168.1.100:8388

Command Line Usage:

# Using HTTP proxy
curl --proxy http://192.168.1.100:8888 https://ipinfo.io/ip

# Using SOCKS5 proxy
curl --socks5 192.168.1.100:8388 https://ipinfo.io/ip

🎛️ Management Commands

Container Management

# Check container status
docker ps

# View container logs
docker logs gluetun-wireguard

# Follow logs in real-time
docker logs -f gluetun-wireguard

Service Management

# Start service
systemctl start gluetun

# Stop service
systemctl stop gluetun

# Restart service
systemctl restart gluetun

# Check service status
systemctl status gluetun

Docker Compose Commands

# Navigate to configuration directory
cd /opt/gluetun

# Start container
docker-compose up -d

# Stop container
docker-compose down

# Update container image
docker-compose pull && docker-compose up -d

🔒 Security Features

Built-in Kill Switch

Gluetun includes an automatic kill switch that:

  • Blocks all traffic if VPN connection drops
  • Only allows traffic through the VPN tunnel
  • Prevents DNS leaks

Firewall Configuration

The script configures UFW with:

  • Default deny incoming policy
  • Allow SSH access
  • Allow proxy ports (8888, 8388)
  • Allow Docker subnet communication
  • Block all other incoming connections

Network Isolation

  • Container traffic is isolated to Docker networks
  • Only specified subnets can communicate with container
  • VPN traffic is routed through encrypted tunnel

🔍 Troubleshooting

Common Issues

1. Container Won't Start (Proxmox LXC)

Problem: /dev/net/tun: no such file or directory

Solution: Use a VM instead of LXC container, or modify LXC configuration on Proxmox host:

# On Proxmox host
pct stop [CONTAINER_ID]
echo "lxc.cgroup2.devices.allow: c 10:200 rwm" >> /etc/pve/lxc/[CONTAINER_ID].conf
echo "lxc.mount.entry: /dev/net dev/net none bind,create=dir" >> /etc/pve/lxc/[CONTAINER_ID].conf
pct start [CONTAINER_ID]

2. VPN Not Connecting

Check logs:

docker logs gluetun-wireguard | grep -E "(ERROR|WARN|wireguard)"

Common causes:

  • Incorrect WireGuard keys
  • IPv6 addresses in interface configuration
  • Firewall blocking VPN endpoint
  • VPN server issues

3. Can't Access Proxy

Verify container is running:

docker ps | grep gluetun

Test proxy connectivity:

curl --proxy http://localhost:8888 https://ipinfo.io/ip

Check firewall:

ufw status

4. DNS Issues

If experiencing DNS resolution problems, modify /opt/gluetun/docker-compose.yml:

environment:
  - DNS_ADDRESS=1.1.1.1
  # or
  - DNS_ADDRESS=8.8.8.8

Diagnostic Commands

# Check VPN connection inside container
docker exec gluetun-wireguard wget -qO- https://ipinfo.io/ip

# Test WireGuard interface
docker exec gluetun-wireguard wg show

# Check container networking
docker exec gluetun-wireguard ip route

# Test external connectivity
docker exec gluetun-wireguard ping -c 3 8.8.8.8

📁 File Locations

File Location Purpose
Docker Compose /opt/gluetun/docker-compose.yml Container configuration
Systemd Service /etc/systemd/system/gluetun.service Auto-start service
Network Config /etc/network/interfaces Static IP settings
UFW Rules /etc/ufw/user.rules Firewall configuration

🔄 Updates

Updating Gluetun

cd /opt/gluetun
docker-compose pull
docker-compose up -d

Updating Configuration

  1. Edit /opt/gluetun/docker-compose.yml
  2. Restart container: docker-compose up -d

🆘 Support

Getting Help

  • Check container logs: docker logs gluetun-wireguard
  • Review Gluetun documentation: Gluetun Wiki
  • Verify WireGuard configuration with your provider

Reporting Issues

When reporting issues, please include:

  • Operating system version (lsb_release -a)
  • Container logs (docker logs gluetun-wireguard)
  • Docker Compose configuration (sanitized)
  • Error messages and symptoms

📄 License

This script is provided as-is for educational and practical purposes. Use at your own risk and ensure compliance with your local laws and VPN provider's terms of service.

🙏 Acknowledgments

  • Gluetun - Lightweight VPN client in a thin Docker container
  • WireGuard - Fast, modern, secure VPN tunnel
  • Docker - Containerization platform

⚠️ Important Security Notice: Always use reputable VPN providers and keep your systems updated. This setup is for legitimate privacy and networking purposes only.