Table of Contents
Overview
medium.com blocks my country (Vietnam). Apparently, there are many spammers from Vietnam use medium to spread their content.
The solution to access medium when my country is blocked is to use a VPN. There are available solutions out there but they are not reliable. Some contain too much ads.
If you have a server running in a non-block area, you can setup your own VPN to access restricted websites services.
Why WireGuard?
WireGuard is opensource. There are desktop/mobile apps available. It’s an ideal solution, at least in my case.
Setup WireGuard Using Docker Compose
WireGuard itself has a docker image. However, setting up using WireGuard image could be challenging for beginners. There are a quicker solution: wg-easy.
Setting up WireGuard with wp-easy is actually easy.
version: "3.8" volumes: etc_wireguard: services: wg-easy: environment: # Change Language: # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi) - LANG=en # ⚠️ Required: # Change this to your host's public address - WG_HOST=your_host_public_ip - PASSWORD=your_admin_password image: ghcr.io/wg-easy/wg-easy container_name: wg-easy networks: - caddy-gateway volumes: - etc_wireguard:/etc/wireguard ports: - "51820:51820/udp" restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 networks: caddy-gateway: external: true
You should be able to run wg-easy using docker-compose up -d
Make sure you set a strong password (your_admin_password
) and set the public IP (your_host_public_ip
)
Make sure to check the log to see the service is running correctly (docker logs -f wg-easy
)
Setup https domain with Caddy
As you can see in the docker compose file, I only mapped the UDP port. I didn’t map the tcp port because I want to use caddy to give the admin page a nice domain name.
If you already have Caddy up and running, setting up the forward is simple:
vpn.datmt.com { tls internal reverse_proxy wg-easy:51821 }
Here, I setup caddy to forward request to port 51821 (tcp) on wg-easy.
When I restart caddy, I can access the admin via my domain:
After entering my password, I can see the admin page:
To add a new client, simply click on new:
After that, there are several options to link your client. If you are on mobile, the simplest way is to use qr code option.
When you scan this qr with the WireGuard mobile app, you will have VPN enabled and you can access restricted websites.
Conclusion
In this post, I’ve shown you how to setup your own VPN with WiredGuard.
I build softwares that solve problems. I also love writing/documenting things I learn/want to learn.