WG Easy - open source, self hosted Wireguard server setup tool with a simple, intuitive web UI!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] it's your open source Advocate and I'm back with another video and today I'm going to talk about wire guard easy now this is one that people have asked me about for quite a long time I've just never covered it and I don't really know why it's a really nice looking web user interface for controlling your wire guard server now I've shown you multiple types of these systems in the past one that I created along time ago and kind of Let Go by the wayside I've also shown you net maker net bird using head scale with the tail scale clients things like that and net maker net bird uh tail scale those are all really cool and they've got some really great Advanced functions especially if you're an organization or an Enterprise but if you're a family or you're just an individual who has multiple devices you want to connect up those might be a little bit of an overkill for you and wire guard easy is probably the solution that that you're actually looking for so first of all it's exactly what it says it tries to make it easy to run wire guard on your server it tries to make it easy for you to get the interface configuration files down to your devices whether you're using a QR code to scan with your phone or your tablet or you're using the actual configuration interface uh file down on your computers it doesn't really matter how you get them it's got different ways for you to do that and it's really great and you can see it's got a pretty clean interface now this is a pretty zoomed up or small screen version of the interface but you can see here it's got the name of the person this may be the name of the device it just depends on how it's set up and we'll see that as we get into it and then you've got this toggled on switch that basically says they're connected or enabled you've got a few different ways to basically delete the device to download the configuration file and then of course to get the QR code for that configuration file and you can even see if it's an active active device and if it's got anything moving up and down to the server at the time so pretty cool pretty neat and pretty simple and this is exactly what most of us probably need if we're just using this at home and trying to get back to our services in our home or just trying to have a nice private secure connection out to the internet there's a lot of different things you can do with wire guard but for sure this is a nice easy way to do it now if you've never tried wire guard easy it really is pretty easy to get set up so they talk about the features right here on the page and I'll have links in the show notes in the description on how to get to this page so you can see all the information for yourself I'm also going to show you how I'm getting it set up and where I'm getting it set up and I'll have that in the description in the show notes as well so that you can follow along I always have the show notes Linked In the description if I've done show notes for that particular video so that you can go and do this at your own pace and kind of follow along and see what I'm doing so right here you've got a few features we can just h on a few of them it's an all-in-one wire guard plus webui easy installation simple to use you've got create edit delete enable and disable clients which is really nice show the clients QR code download the configuration file I mean you can just see everything here that it's got the requirements are you need a host with a kernel that supports wire guard which is pretty much all modern kernels um you also need a host with Docker installed so I'll go through how to install Docker on our server today it's really easy I've got a simple script that just makes it super easy hopefully it will work just fine for you I know I've tested it on multiple operating systems but if you happen to run into an issue leave an issue for me on my gitlab page and then I'll try to get that fixed and maybe you can work with me to give me some logs to help me figure out what happened but usually it works out of the box it's a really convenient script uh right here we've got uh the the way that he wants you to install Docker is fine but I'm going to go through how I do it we've also got run wire guard easy so he's got a Docker run command I took this and I turned it into a Docker compose just because I prefer Docker compose it makes it easier for kind of managing things so we'll go through that as well and then down here if you want to sponsor it this is this is a great way to do this so if you like this you're going to go out here and just click on this and you can you can get him something really nice for having this awesome open- source application for you to use and it's always worth it to go out there and just give them anything you can because it lets them know you like the application and that you appreciate what it does it lets them know hey I'd love to see this continue and it encourages that developer to keep that going so please really consider going out there and just pledging something giving them a dollar a Euro a peso you know whatever your currency happens to be you know try to give them something if you can because it lets them know you really appreciate it so you've got different options here and he talks about what the options are in the docker compos file so you can get that set up properly for your use case and then he tells you how to update if you're just using Straight Docker so if you want to use straight Docker this is what you do but with Docker compose we can do this in a little bit a little bit less steps it's a little bit easier in my opinion and then here's your common use cases so using wire guard easy with pie hole using wire guard easy with an engine X or SSL certificate so we'll kind of go through some of that as well we're going to start off with the basics we're going to go through just getting things set up on your server and then how to get Docker installed and then we'll go through getting actually wire guard easy installed with just an IP and after that we'll go through and we'll set it up with a URL or a web address or a domain name and then we'll make sure that that's secured with an SSL certificate and we'll talk about how to do that as well so stick with me we're going to get into it right after this I want to say thank you to all of my subscribers and all of my patrons over at patreon seriously you guys make this so worth it for me to do these videos every week I really truly enjoy it and I just can't say thank you enough if you're enjoying these videos subscribe let YouTube know that I'm doing a good job by subscribing to the channel plus you'll get notified when I have new videos coming out and finally if you're enjoying what I'm doing give it a like just click on that thumbs up and that way YouTube knows that you like it and they'll pass it along to other people that might enjoy my content as well well I really appreciate it thank you again let's get started all right I use digital ocean to set up the server that I want to use for this particular wire guard instance um if you don't use a VPS already and you're looking to get into one I do have an affiliate Link in the description I want to be fully transparent if you go and click that link it will give you a credit that credit is good for 60 days and I believe $50 of digital lotion usage So This Server I set up is one of the smaller ones I think it's $7 a month so you can get quite a few of these servers set up in digital lotion for $50 to test out if you stay with digital lotion if you sign up and you start paying them after the credit's done then I will get a credit as well that's all I get out of it is a credit towards my digital lotion bill this just helps me keep the bills down whenever I'm using digit lotion for these types of videos which is great but if you don't it's fine I don't get anything out of it I just wanted to make sure that we're clear about that so I set this up it gives me a public IP address which is great and we're going to go and actually attach to that so over here I'm just going to use SSH and it's root at the public IP address so initially it just gives you root access to your to your device so I'm just going to hit this and I set up my SSH keys so it should just log me right in without any trouble and it did that's great now the next thing I want to do is I want to update and upgrade This Server which means just put in all the updates that it may need just in case it's it's an older image so we're just going to do apt update two Amper Sands and then apt upgrade and then hyphen y just tells it go ahead and do it you don't have to ask me if I really want to do this and uh we'll hit enter and we'll just let that start running so it's going to go out and do those updates it's going to upgrade the server it'll probably take two to three minutes and then it'll be done and we'll go on to the next part today all right that update completed so really quick I'm just going to do a reboot because it did install a kernel update and it's always good to reboot after that so I'm just going to do reboot just like that it's going to take it down we're going to give it about 20 30 seconds and it'll be back up and ready ready to go and we can just SSH back in just like we just did so once we get that going you can usually just hit the up arrow on your keyboard and that'll put in the last command that you ran so in this case the SSH was the last one that I ran and we should be able to get back in there if you hit enter and it says connection refuse it just tells you it's it's not up yet and it's not ready just give it a few more seconds hit that up Arrow again and we'll just give it another shot and there we go it's getting ready so it's going to try to make that connection and we're done so the next thing I want to do is I want to create a nonroot user that has super user privileges so the way we do that in yuntu and Debian at least is do add user and then space and then the username you want so I'll put Brian you would put of course your username and then it's going to ask you okay what password do you want for this user now you should put in a long strong password because this is the password that gives you super user basically root privileges when you're logged in so if anybody ever did hack into your account somehow at least they would would still have to know your password to do anything that that root could do so I'm going to type this in and then it's going to ask you to confirm it and then it's going to ask you do you want full name so all these things you can fill out but you don't have to I'm just going to go to the end here hit Y and we're done with that part now I need to make my user a super user so I've created my user but I haven't made them a super user yet so we're going to do user mod which modify the user and then space hyphen little a capital G which means add them to the group pseudo and then what user or users do you want so in this case I'll put Brian but if I had four or five users I could put Brian Tom Lori all those kind of things and they would all be added to the super user group together in this case it's just me so I'm just going to hit enter and now the last thing I need to do is because I put my SSH Keys here and it gave them to the root user I really want them for my Brian user now if I had password access enabled I could use SSH copy ID like this and then I would put in Brian at the IP address of this system and I do that from my from my regular system and it would copy over my I my keys and everything to to the Brian user but since I don't have password authentication set up and I don't want to set it up the other thing I can do is I can just copy the SSH folder over and then give it the right permissions so I'm just going to do CP d r. SSH and then I'm going to put that to slome Brian and then an in slash right there so that's done I've copied the SSH file over but I need to give that file in that new location the permissions that says Brian owns it so I'm going to do CH own like Chone and then space hyphen capital r which means everything inside of the folder and then Brian colon Brian that means the owner is is Brian and the group for it is Brian and then we're going to put in slome slban and that means everything under my home folder will be owned by me which it should be so there we go so now I should be able to exit so that logs me out of that system and then I can just do the up arrow and I'm going to go back here and replace root with my new user and it should just log me in with the SSH keys and it does and if I do pseudo um apt update we'll just do an update real quick it should prompt me for my super user password and then it should do the command so if all of that functions correctly you have correctly set yourself up as a super user on the system which is step one which is great so we've set up our digital lotion droplet for the user we need the next step we want to do is actually go and get Docker and Docker compose installed on this server so out here in gitlab I have this project that I created a few years ago because I got tired of having to install Docker and Docker compose every time I did a video every time I set up a new machine things like that it was just a lot of separate commands that I had to go through and so I started thinking well you know I should just make this easier on myself and at same time share it with everybody so that it's easier for you so it's an open source script that you can go and get it actually does a few extra things so we'll talk about that um but what you do is you come down to this little part here and I'll make this a little bit smaller so you can see the name but I'm just going to go and actually grab this thing and I want to just I'm going to click into it and I'll have this actual command in the show notes so you won't have to do all of this uh and I'm going to go over here to the raw and I'm just going to grab this URL so I'm going to copy that I'm going to go back to my terminal and I'm going to do wg- capital O and then I'm going to say install dcker Dosh so I want to create a file called install.sh and what I want in there is the contents of the file I just copied the link for so I'm just going to put in that link right here that's going to go pull it down and now if I clear this out and do an LS you'll see that we have installed Docker Dosh I need to change the permissions on this file so I'm going to do CH uh mod plus X which means make it executable and then I'm going to do install Docker Dosh so I've changed it to where it's executable now I can just do do slash which means in the current directory run install Docker Dosh so we're going to run that script it's going to come up and tell us what it sees about our system so in this case I've got Ubuntu it's a Ubuntu 2204 LTS and it's Jammy so I just need to look through the number list here and I need to find yuntu and there's 2204 and it says 2204 plus which means anything after basically 2004 should work so I'm just going to put in number four that's the system I'm on it's going to come up and ask do you want to install Docker CE yes I do do you want to install Docker compose yes I do it's it's going to ask me about several of the things that I don't need at this point but if you don't have a system already running enginex proxy manager you might want to say yes to this one but I'm going to say no because I've already got it and in for that one in for that one so I've got a few different things you can install here if you want to but you don't have to so it's going to go through and it's going to run the update on the system that's why I ran this first because I want my to be fully up to date um on a virtual private server sometimes this hits a little weird hey I popped up something and since I'm not presenting that to you with this script you don't see it but it looks like it's just hung forever so if you ever get that on step one just contrl C get out of the script go run your update separately and then come back and rerun the script and it's going to go through and get everything done but what I do is I install the stuff that we need I install your preite packages and then I'm installing Docker CE right now and when it's done I'll tell you what version of Docker CE you got so I try to always get the latest version whenever you run this and right there you can see we got 25.0 three and now it's going to go out and it's going to actually set your user that you're logged in as as a user in the docker Group which helps you run the docker commands without having to type pseudo all the time it's a better way to run it in fact the next thing I do is I go and install it Docker compose so it goes and grabs the latest version of Docker compose and I tell you you've got version 2245 in this case um if you're watching this way later it may be a higher number by then and then I create a network a Docker Network for you to use as a base Network and if you have any of those other apps that I set up it'll put those on that Network as well so that you can use them all together inside of the container area so once we're done with that step it comes down and just tells you hey you you got this you may need to reboot so we can just do that we don't even need to reboot we're just going to exit and then we'll clear this out and we're just going to log right back in and all this does is say hey you got added to a new group so you need to have those permissions so let's just do Docker PS it's going to be empty but if it runs and it doesn't give us an error then we're set we're doing good so we've installed Docker and Docker compose very easily with with a single script pretty much so yeah that makes it super easy to get this stuff done and you're running a really nice late late version of Docker you know it's it's ready it's new and you've got Docker Community Edition which is open source and awesome so of course we want that all right we've got all that stuff done we're almost ready to run WG easy we just need to do a couple of setup steps so let's just go through that really quick so the first thing I like to do is I always like to have a parent Docker folder that I put my different Docker applications into so in this case I'm going to have a I'm going to do MK d-p and then I'm going to say Docker WGY like this what this does it says make the directory Docker but first check and see if it exists if it exists use it and then it goes to the next step and it says if this one exists use it if not create it so it does that for you with one command instead of having to do it twice and we should have that now so we're going to CD Docker wge easy and if we do an LS there's nothing in there yet we want to create a Docker composed. yo file so we're going to do n o Nano Space Docker hyphen composed. yml it's going to be empty and I've got this nice emo file that I created here so I'm just going to copy this guy and and I'm going to go back to my terminal and I'm just going to paste in this text and we'll go through it real quick I'll have this in the show notes in the description as I've already said all right so we're going to go up here and this is version three WG easy the container name is going to be WG easy that's fine the environment variables he wants us to set is language so that's de um I do not speak Dutch I believe is what that is uh could be Deutsch maybe that's for German uh if I'm messing it up I apologize but I Amore us I believe should work and then we've got my server IP so I do have that it's over there on digital lotion I can just go copy it and paste it in here and then the password my admin password this is going to be your admin password for for wire guard easy so since I'm just setting this up for testing it's okay that you see what I put in let's just put in something really bad uh password one 2 3 4 and then exclamation exclamation exclamation three exclamation points okay um we'll go back and fill in the IP in just a second uh the WG easy is going to be set to uh this is where he's put in the volumes I actually don't want it in my home folder so I'm going to do/ WG easy like this which means put it in the same folder where this Docker composed. yo file is and that's going to map to The Container where it says Etsy wire guard which is great on the ports he's got some Port mappings going here these should be open on your system unless you're already running wire guard on This Server somewhere that may be using these same ports and if you are you just need to change the left side of these port mappings to something else you could change this to um 68 and 69 if that's what you want but in this case I'm not running that so I'll put him back to what he has by default here uh you need a couple of capacity or capabilities that are added so he adds the net admin and the system module which is fine you don't have to change anything there he's got some symbols um so net ipv4 and that's fine just leave these things alone there's nothing to mess with here and then he's got the image that he's going to use so we're just going to save this with CR o confirm that it's got the right name down here at the bottom enter and then we'll exit with controll X I'm going to grab the IP address real quick I want the ipv4 brief a so here's my ipv4 address that I want to use use I'm just going to copy that and I'm going to go back into that file and I'm going to paste that in right here like that I'm going to save it one more time with CR o and then crl X to exit and we're pretty well set to start running this thing so we're just going to type in Docker compose up- D two Amper Sands docker compose logs DF so what this does is it says first bring up my containers pull down the images get them all started up and once they're started run the second command which is Docker composed logs DF and that says show me the logs as they're coming in so it's going to show us everything we can watch for errors things like that we're just going to press enter it's going to go pull down wire guard easy for us it was pretty quick and yeah it started everything up great and it shows us some logs pretty simple and there's not a lot of logging so that's great it looks like everything's up and running we should be able to go to that IP address in our browser so let's just go open up a new tab we'll paste in so if we go here and actually put in Colon 51821 I don't think this is going to work with hgps so we need to take that s out of there for now yeah here we go all right so I've got it so let's put in that horrible password we created and it says there are no new clients so we've got the user interface up and running but I would really love to have this web UI running behind something that gives me SSL certificates and makes everything nice and encrypted so before we start adding clients let's go do that and then we'll come back and start adding some clients all right I've logged into my reverse proxy and I use enginex proxy manager it makes it really easy to set up a reverse proxy so what we need to do is go over here and say add a new proxy host and I called this wg. rout me home.org now I'm going to hit tabs so it creates that little chip the thing you need to understand is I own the domain rout meh home.org I have already set up an a record that points that to the server where this reverse proxy is running so when this reverse proxy gets any requests for anything at rout meh home.org it checks to see do I have WG in my list and if it does it will pass it on to the IP address that I'm about to type in right here so when I put in the IP address I also need to give it the port that it should be running on so that was 51821 so now we've got our IP address and our Port that says if somebody tries to get to wg. home.org I'm going to send you to this IP address on this port number so I'm going to say block common exploits websocket support and it's public accessible right now that's fine I'm just going to hit save and here's our entry so I'm just going to click on it to make sure that one it comes up and says hey do you want to log in yes let's log in password 1 2 3 4 let's make sure we can sign in and again it says hey you don't have any devices we know that but if you look I'm still not SSL so let's go back and just fix that real quick before we continue so we're going to go to our entry we're going to go over here to three dots we're going to click on edit we're going to go to the SSL tab here and where it says None this is a drop- down I'm just going to pick request a new SSL certificate I'm going to say Force SSL http2 support hsts I'm going to do both of those I'm want to make sure that my email address is filled in here for the let's encrypt and then I'm going to say I accept the let's encrypt terms of service I'm again going to click save this is going to spin for a few seconds while let's en Crypt U challenges it to make sure it can reach the actual address and if it just goes away if the pop-up just disappears with no error we're set it went that's good we're going to click on it now we can see the little lock and we know that we're accessing this through SSL which is great because that's encrypted now that we've got that set up we can go in and start actually adding devices and checking out the UI so let's get into that so you've got a couple of places so first they just give you this nice button because there's nothing here in the grid yet but after you've got something in the grid you'll always have this button up here where you can actually add new clients so now you've got a log out button up here on the right again this is a very simple interface it's intended to be easy it's called wire guard easy let's just say add a new client let's give our client a name really simple so this system that I'm on is UB uh UB Studio that's my Ubuntu Studio and we'll just call this Brian just just in case so it's easy to identify we're just going to say create so it creat created this and it says here's going to be your IP address 10.8.2 that's fine I can edit that if I don't like it so I really love that feature because I can't do that with netb bird and I can't do that with tail scale that I found really I mean you can kind of with tail scale but then it gives you warnings and stuff if you're using head scale with it so I haven't done that so far so I'm here I'm just going to click on enter it's fine actually where it's at if I Tab out of it I guess it's okay so we've got our first device here and I want to pull that down to the machine that I'm on so I'm just going to click on this little download button and you see right here it says hey I'm just going to pull down this configuration file for you okay cool so I'm going to go over here back to my system I'll just contrl C out of those logs here and I'll just clear this out I'll exit and now I'm back on my main system the UB studio so let's just uh clear this out and if I do CD downloads and we do an LS you can see that I've got this UB studiob brian.com what I need to do is get that into my wire guard my Etsy Swire guard folder so first let's just see if that exists let's just do LS Etsy well if I type it correctly and if we look over here where it should be uh I do not see a wire guard folder yet so we need to actually get wire guard installed on our system that's pretty easy uh on your buntu Debian based system you do sudu appt install y wire guard Das tools and that actually installs wire guard um tools on top of the kernel wire guard so we're just going to put in our super user password if you're on Fedora you just do sudu dnf install wire guard tools I believe it's the same thing so you'll get those things installed either way um there we go so now if I do CDC or if I do LSC now we have this wire guard folder that's awesome that's what we want so we can do cpub studio.com and actually we got to do pseudo because it's in a protected folder area pseudo CP or actually just move UB studio.com and we'll move it to /c/ wire guard and enter so we've got that there now I can just do WG or sudu WG Qui up and that's UB Studio Brian just like that that should bring up my interface it did it came up pretty fast looks like everything was able to connect let's just do an ip- 4- brief a and here it is right here so this is my UB Studio Brian and it shows 10.8.2 and I'm on a sl24 network which means I could reach other devices on that network if we go back to our web interface you can you can see that it shows I've actually got some upload download going and it shows how long I've been connected which is nice so it's updating like every second which is pretty fast um yeah so it's got this little indicator that says I'm connected that's awesome so I'm going to go set up another device and just kind of let you guys see that and I'm actually going to set up a phone so I'm just going to set up my iPhone and I'm going to go here and I'm going to say this is uh iPhone 11 I'm going to say say create and again you see it gets iPhone 11 it's going to have the three address and I'm going to bring up the QR code so I'm going to destroy this server after it's over so if you feel like scanning the QR code uh feel free it's not going to connect anything but you can do that for sure and I'm going to go find my wire guard app here oops and I'll start recording my screen here before I add this device so give me just a second there we go so I'm in the wire guard application and I want to add a new system and I'm going to tell it from a QR code it's going to access the camera and I'm going to get back far enough for it to get the QR code and it says pick a name for this scanned tunnel and I'm just going to call this wg- easy and hit save and there we go so I've got it done I'm just going to close the QR code here and you can see there's the phone so I'm just going to go ahead and enable that tunnel and you see as soon as I did I mean it was almost instant that that that was really fast it was like yep I see you you're connected here's the information you're getting that's pretty cool actually so I'm just going to disable the phone again from the wire guard uh connection so I've got the iPhone set up I'm going to go set up one more a desktop computer and we'll do a little bit of testing to make sure we can actually reach each machine back and forth from that I've added my Dell laptop that I use for a lot of things now and you can see it's right right here and it is connected and it's got the IP address of 10804 so we can just do a little testing here and we can actually just uh clear this out and CD real quick and we can do ping 10.8.4 and there we go it's already getting pings back and forth so we're able to connect that's awesome can I SSH to it that way let's find out I don't even know if I have SSH enabled on that machine 10.8.4 all does and it wants to know the password I'm sure and there we go I'm doing that through the wire guard Network which is leaving my house and coming back in uh to make that initial connection and then it's a peer-to-peer connection between these machines so pretty awesome and and pretty easy to do um so I can just exit that we can clear that out uh yeah I mean that's it it's it's wire guard easy It's Made Easy on purpose and just really a great job I think this this is a really cool really nice interface um easy enough to disable different devices if you want to I mean just just very clean very simple the the kind of thing you really look for whenever you're actually trying to say I I just need wire guard setup so I can make my devices communicate now I want to say that the caveat between something like this and something like head scale tail scale net maker uh net bird is that this is meant to connect each device this is not meant to have a whole bunch of different groups of devices set up this is not this is not configured in that kind of way it's not meant to have different users with access to different devices but not other devices it's really meant to set up all of your devices on a network where they Comm can communicate from anywhere in the world technically and it's super clean and I really like this hope you enjoyed this if you did like subscribe tell your friends about it so they can come along in the open source Journey with us and I'll talk to you next [Music] time it's your open source Advocate and I'm back and I've set up a store with a little bit of merchandise I love being your open source Advocate but I want you guys to be the open source Advocates with me so if you want to get out there and get some of this stuff and if you do let me know what you think of it thank you for subscribing

Info

Channel: Awesome Open Source

Views: 11,331

Rating: undefined out of 5

Keywords: open, source, opensource, open-source, self, hosted, selfhosted, self-hosted, free, libre, software, server, web, internet, browser, linux, mac, macos, os x, windows, microsoft, unix, bsd, ios, android, pi, raspberry, desktop, vps, tutorial, how to, setup, installation, instructions, cli, command line, terminal, interface, network, networking, news, projects, wireguard, wg easy, tailscale, headscale, netmaker, netbird, vpn, simple, easy, private, overlay, wire guard, ui, user interface, gui, graphical, download, qr, code, scan, phone, tablet

Id: BRLB4wRL4cM

Channel Id: undefined

Length: 32min 20sec (1940 seconds)

Published: Tue Feb 20 2024