nocci/gluetun_wireguard_proxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

README.md aktualisiert

Browse source
This commit is contained in:
nocci 2025-08-23 19:06:53 +02:00
parent 13348c4963
commit 773010893c
1 changed files with 310 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

312
README.md
View file

@ -1,3 +1,311 @@
# gluetun_wireguard_proxy
# WireGuard Server Setup with Gluetun (Docker)
a small script that installs requirements, Docker and Gluetun. Asks for Wireguard infos and sets up including http Proxy on Port 8888
A comprehensive bash script for setting up a WireGuard VPN server using Gluetun in a Docker container on Debian systems. This setup provides HTTP and SOCKS5 proxy functionality with automatic failsafe mechanisms.
## 🚀 Features
- **Automated Installation**: Complete Docker and dependency setup
- **WireGuard Integration**: Custom WireGuard configuration support
- **Proxy Services**: HTTP proxy (port 8888) and SOCKS5 proxy (port 8388)
- **Kill Switch**: Built-in VPN kill switch prevents traffic leaks
- **Firewall Configuration**: Automated UFW setup with secure defaults
- **Systemd Integration**: Auto-start containers on boot
- **Static IP Support**: Optional static IP configuration
- **Package Validation**: Checks and installs only missing components
## 📋 Requirements
### System Requirements
- **OS**: Debian 10+ (Buster or newer)
- **Architecture**: x86_64 (amd64)
- **RAM**: 512MB minimum (1GB recommended)
- **Storage**: 8GB minimum
- **Root Access**: Required for installation
### WireGuard Requirements
- Valid WireGuard configuration from your VPN provider
- Private Key
- Public Key
- Server Endpoint (IP:Port)
- Interface IP address (IPv4 only)
## ⚠️ Important: Proxmox Considerations
### LXC Containers (Not Recommended)
LXC containers have limitations with TUN/TAP devices required for VPN functionality. While workarounds exist, they require host-level modifications.
### VM (Recommended)
Use a **VM instead of LXC** for best compatibility:
- **OS**: Debian netinst minimal
- **RAM**: 512MB
- **Disk**: 8GB
- **CPU**: 1 vCore
## 🛠️ Installation
### 1. Download and Prepare
```bash
# Download the script
wget https://raw.githubusercontent.com/your-repo/wireguard-gluetun-setup.sh
# OR
curl -O https://raw.githubusercontent.com/your-repo/wireguard-gluetun-setup.sh
# Make executable
chmod +x wireguard-gluetun-setup.sh
```
### 2. Run Installation
```bash
sudo ./wireguard-gluetun-setup.sh
```
### 3. Follow Interactive Setup
The script will prompt for:
- Static IP configuration (optional)
- WireGuard configuration details
- Confirmation of installation steps
## 🔧 Configuration
### Required WireGuard Parameters
During installation, you'll be prompted for:
```
WireGuard Private Key: [Your private key]
WireGuard Public Key: [Your public key]
WireGuard Preshared Key: [Optional - press Enter to skip]
WireGuard Endpoint: [e.g., vpn.example.com:51820]
WireGuard Allowed IPs: [e.g., 0.0.0.0/0]
WireGuard Interface IP: [e.g., 10.66.66.2/32] ⚠️ IPv4 ONLY
```
### ⚠️ Critical: IPv6 Limitation
**Gluetun currently has issues with IPv6 addresses in WireGuard interface configuration.**
**Don't use**: `10.66.66.2/32,fd42:42:42::2/128`
**Use instead**: `10.66.66.2/32`
The script automatically filters IPv6 addresses to prevent connection issues.
### Generated Configuration
The script creates:
- Docker Compose file: `/opt/gluetun/docker-compose.yml`
- Systemd service: `/etc/systemd/system/gluetun.service`
- UFW firewall rules
- Network interface configuration (if static IP chosen)
## 🔗 Proxy Usage
After successful installation, you can use these proxy settings:
### HTTP/HTTPS Proxy
```
Proxy: http://[SERVER-IP]:8888
Port: 8888
```
### SOCKS5 Proxy
```
Host: [SERVER-IP]
Port: 8388
```
### Example Configuration
**Browser Settings:**
- HTTP Proxy: `192.168.1.100:8888`
- HTTPS Proxy: `192.168.1.100:8888`
- SOCKS5 Proxy: `192.168.1.100:8388`
**Command Line Usage:**
```bash
# Using HTTP proxy
curl --proxy http://192.168.1.100:8888 https://ipinfo.io/ip
# Using SOCKS5 proxy
curl --socks5 192.168.1.100:8388 https://ipinfo.io/ip
```
## 🎛️ Management Commands
### Container Management
```bash
# Check container status
docker ps
# View container logs
docker logs gluetun-wireguard
# Follow logs in real-time
docker logs -f gluetun-wireguard
```
### Service Management
```bash
# Start service
systemctl start gluetun
# Stop service
systemctl stop gluetun
# Restart service
systemctl restart gluetun
# Check service status
systemctl status gluetun
```
### Docker Compose Commands
```bash
# Navigate to configuration directory
cd /opt/gluetun
# Start container
docker-compose up -d
# Stop container
docker-compose down
# Update container image
docker-compose pull && docker-compose up -d
```
## 🔒 Security Features
### Built-in Kill Switch
Gluetun includes an automatic kill switch that:
- Blocks all traffic if VPN connection drops
- Only allows traffic through the VPN tunnel
- Prevents DNS leaks
### Firewall Configuration
The script configures UFW with:
- Default deny incoming policy
- Allow SSH access
- Allow proxy ports (8888, 8388)
- Allow Docker subnet communication
- Block all other incoming connections
### Network Isolation
- Container traffic is isolated to Docker networks
- Only specified subnets can communicate with container
- VPN traffic is routed through encrypted tunnel
## 🔍 Troubleshooting
### Common Issues
#### 1. Container Won't Start (Proxmox LXC)
**Problem**: `/dev/net/tun: no such file or directory`
**Solution**: Use a VM instead of LXC container, or modify LXC configuration on Proxmox host:
```bash
# On Proxmox host
pct stop [CONTAINER_ID]
echo "lxc.cgroup2.devices.allow: c 10:200 rwm" >> /etc/pve/lxc/[CONTAINER_ID].conf
echo "lxc.mount.entry: /dev/net dev/net none bind,create=dir" >> /etc/pve/lxc/[CONTAINER_ID].conf
pct start [CONTAINER_ID]
```
#### 2. VPN Not Connecting
**Check logs**:
```bash
docker logs gluetun-wireguard | grep -E "(ERROR|WARN|wireguard)"
```
**Common causes**:
- Incorrect WireGuard keys
- IPv6 addresses in interface configuration
- Firewall blocking VPN endpoint
- VPN server issues
#### 3. Can't Access Proxy
**Verify container is running**:
```bash
docker ps | grep gluetun
```
**Test proxy connectivity**:
```bash
curl --proxy http://localhost:8888 https://ipinfo.io/ip
```
**Check firewall**:
```bash
ufw status
```
#### 4. DNS Issues
If experiencing DNS resolution problems, modify `/opt/gluetun/docker-compose.yml`:
```yaml
environment:
- DNS_ADDRESS=1.1.1.1
# or
- DNS_ADDRESS=8.8.8.8
```
### Diagnostic Commands
```bash
# Check VPN connection inside container
docker exec gluetun-wireguard wget -qO- https://ipinfo.io/ip
# Test WireGuard interface
docker exec gluetun-wireguard wg show
# Check container networking
docker exec gluetun-wireguard ip route
# Test external connectivity
docker exec gluetun-wireguard ping -c 3 8.8.8.8
```
## 📁 File Locations
| File | Location | Purpose |
|------|----------|---------|
| Docker Compose | `/opt/gluetun/docker-compose.yml` | Container configuration |
| Systemd Service | `/etc/systemd/system/gluetun.service` | Auto-start service |
| Network Config | `/etc/network/interfaces` | Static IP settings |
| UFW Rules | `/etc/ufw/user.rules` | Firewall configuration |
## 🔄 Updates
### Updating Gluetun
```bash
cd /opt/gluetun
docker-compose pull
docker-compose up -d
```
### Updating Configuration
1. Edit `/opt/gluetun/docker-compose.yml`
2. Restart container: `docker-compose up -d`
## 🆘 Support
### Getting Help
- Check container logs: `docker logs gluetun-wireguard`
- Review Gluetun documentation: [Gluetun Wiki](https://github.com/qdm12/gluetun/wiki)
- Verify WireGuard configuration with your provider
### Reporting Issues
When reporting issues, please include:
- Operating system version (`lsb_release -a`)
- Container logs (`docker logs gluetun-wireguard`)
- Docker Compose configuration (sanitized)
- Error messages and symptoms
## 📄 License
This script is provided as-is for educational and practical purposes. Use at your own risk and ensure compliance with your local laws and VPN provider's terms of service.
## 🙏 Acknowledgments
- [Gluetun](https://github.com/qdm12/gluetun) - Lightweight VPN client in a thin Docker container
- [WireGuard](https://www.wireguard.com/) - Fast, modern, secure VPN tunnel
- [Docker](https://www.docker.com/) - Containerization platform
---
**⚠️ Important Security Notice**: Always use reputable VPN providers and keep your systems updated. This setup is for legitimate privacy and networking purposes only.