WireGuard

Server Setup and Initial Update

Connect to Your Oracle Cloud Instance

First, establish an SSH connection to your Oracle Cloud instance. Replace the path to your SSH key and the IP address with your actual details.

ssh -i .\ssh-key.key [email protected]

Update and Clean System

Once connected, update your system’s package list, upgrade installed packages, and remove unnecessary packages to keep your system clean.

sudo apt update && sudo apt upgrade -y && sudo apt autoclean -y && sudo apt autoremove -y

Install Docker

Install Docker on your Oracle Cloud instance using the convenience script provided by Docker.

sudo curl -sSL [https://get.docker.com](https://get.docker.com) | sh

DNS Configuration (Cloudflare)

Add a DNS A record for your WireGuard server’s public IP address in Cloudflare. This step ensures that your clients can connect to your VPN using a domain name. For example, point vpn.domain.de to your instance’s public IP.

WireGuard Docker Compose Configuration

Create a directory for your WireGuard configuration and then create a docker-compose.yml file within it.

1. Create the directory:

   mkdir ~/my-wireguard-server
   cd ~/my-wireguard-server

2. Create the docker-compose.yml file. You can use nano to edit the file:

   sudo apt install nano # Install nano if you don't have it
   nano docker-compose.yml

3. Paste the following content into the docker-compose.yml file. Remember to adjust the SERVERURL, PEERS, and TZ environment variables to match your setup.

   services:
     wireguard:
       image: lscr.io/linuxserver/wireguard:latest
       container_name: wireguard_server
       cap_add:
         - NET_ADMIN
         - SYS_MODULE
       environment:
         - PUID=1000 # Your user ID
         - PGID=1000 # Your group ID
         - TZ=Europe/Berlin # Your local timezone
         - SERVERURL=vpn.domain.de # Your server URL (e.g., the domain you set up in Cloudflare)
         - PEERS=client1,client2 # Comma-separated names for your client configurations
         - PEERDNS=10.13.13.1 # Clients will use WireGuard server's internal IP as DNS (useful for adblocking)
         # - INTERNAL_SUBNET=10.13.13.0 # Default, uncomment to change. Server is .1 of this.
         # - ALLOWEDIPS=0.0.0.0/0,::/0 # Default, server will route all client traffic
       volumes:
         - ./config:/config
         - /lib/modules:/lib/modules
       ports:
         - "51820:51820/udp" # WireGuard's default UDP port
       sysctls:
         - net.ipv4.conf.all.src_valid_mark=1
         - net.ipv4.ip_forward=1 # Essential for routing and Network Address Translation (NAT)
       restart: unless-stopped

   Save the file (Ctrl+X if using nano).

Oracle Cloud Network Configuration

Open the UDP port 51820 in your Oracle Cloud Virtual Network Interface Card (VNIC) security lists. This allows incoming WireGuard traffic to reach your server.

Deploy WireGuard

Finally, deploy the WireGuard container using Docker Compose from within the ~/my-wireguard-server directory.

sudo docker compose up -d

This command will download the WireGuard Docker image (if not already present), create the wireguard_server container, and start it in detached mode.