Docker Compose stack to deploy a WireGuard VPN server (wg-easy), Traefik as a reverse proxy to access the wg-easy
UI, and Authelia for authentication.
-
Ensure
docker
anddocker-compose
are installed. -
Generate a password hash for users in Authelia:
docker run --rm authelia/authelia:latest \ authelia crypto hash generate argon2 \ --password 'my-password'
-
Update the Authelia users configuration in ./config/users_database.yml:
users: your-user-name: disabled: false displayname: "User Name" password: "<generated-password-hash>" email: "root@localhost"
-
Obtain your DuckDNS token and export the following environmental variables:
export MY_PROVIDER="duckdns" export MY_DOMAIN="" export DUCKDNS_TOKEN="" docker-compose up -d
-
Once the stack is up and running, go to your domain (
${MY_DOMAIN}
), log in with your password, and click register as shown below: -
Retrieve the first 2FA code from
config/notification.txt
.NOTE: This
config/notification.txt
is automatically created by Authelia. For example:cat config/notification.txt Date: 2024-07-21 14:55:11.30894104 +0000 UTC m=+43.154509640 Recipient: {Test User [email protected]} Subject: Confirm your identity Hi Test User, This email has been sent to you in order to validate your identity. Purpose: Confirm your identity. If you did not initiate the process, your credentials might have been compromised and you should: 1. Visit the revocation link. 2. Reset your password or other login credentials. 3. Contact an Administrator. To confirm your identity, please use the following single-use code: TXQAT55T This email was generated by a user with the IP XXXXXX. The following link can be used to revoke the code (this is a logged event): XXXX