This is the 2nd post about WireGuard.
So I am running two WireGuard servers — one on a Raspberry Pi 4, and one in an amd64 virtual machine. This post will be about getting WireGuard working on amd64 in a Docker container.
As this container rarely get rebuild, I am running unattended-upgrades inside the container to make sure security updates are applied.
I am also running Bind9 to act as a caching DNS server inside the container. Ideally this should be running from its dedicated container but that makes everything more complicated and not worth it for what I am trying.
I am also
The public repo that acts as a proof of concept can be found here.
start.sh — this file starts (or restarts) and builds the container. It will also create the files as needed, set the forwarding DNS server, etc.
Dockerfile — the example will start a basic container based on debian-slim, set up the port forwarding, install the tools we need, and copy over the configs
run.sh — this file will be executed after the container has been built. We need to install WireGuard from this file or it will fail due to the volume not being mounted and not having the right params.
This will also start the named (bind9) server.
I manually set
ip address add dev wg0 10.200.200.1/24 because using Address in
wg0.conf caused issues. I haven’t recently tested if that’s still the case.
named.conf.options — pretty standard bind9 config file; I want to be in control of my forwarding server because I am using NextDNS and want to apply a different config.
And of course your wg0.conf.
docker exec wireguard wg should give details about your connected hosts.