Rather than expose some services in your homelab to the wild public internet, wouldn’t it be better if you can access them safely from anywhere you are? Maybe from your phone? Well, I like the idea, and I set up a VPN to accomplish this mission.
If you don’t know what a VPN is, take a look at this.
I am not going to lie, networking is not my strongest point, but WireGuard is so easy to set up that anyone can do it!
I am going to use a Docker image from linuxserver.io, an amazing place to find Docker images.
Let’s move to the terminal.
1 2 3 4 mkdir wireguard cd wireguard touch docker-compose.yml nano docker-compose.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 --- version: "2.1" services: wireguard: image: lscr.io/linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=Europe/London - SERVERURL=wireguard.domain.com #optional - SERVERPORT=51820 #optional - PEERS=1 #optional - PEERDNS=auto #optional - INTERNAL_SUBNET=10.13.13.0 #optional - ALLOWEDIPS=0.0.0.0/0 #optional volumes: - /path/to/appdata/config:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped
All environment variables are pretty much self-explanatory, which it helps in the setup process. Edit the variables as you like and spin this container up!
1 sudo docker-compose up -d
Once the container is up and running, take a look at the logs.
1 sudo docker-compose logs
Here you should find a QR code you can use with the WireGuard app on your phone. Just scan the code and your phone is going to get the configuration automatically.
Now you just need to go to your router setting, forward port
51820/udp of WireGuard and you are good to go.
It was easy, wasn’t it?
Of course, there is a lot more than this. Just remember: documentation is your friend!