Installing WGDashboard, an Open-Source Web UI for WireGuard VPN, on Ubuntu 24.04
Installing WGDashboard, an Open-Source Web UI for WireGuard VPN, on Ubuntu 24.04
在 Ubuntu 24.04 上安装 WGDashboard:一款开源 WireGuard VPN Web 管理界面
WGDashboard is an open-source web UI for managing WireGuard VPN configurations, peers, and traffic statistics. This guide installs WGDashboard using Docker Compose with Traefik handling automatic HTTPS for the dashboard, IP forwarding enabled on the host, and the WireGuard UDP port exposed. By the end, you’ll have WGDashboard managing WireGuard peers behind a secured HTTPS dashboard at your domain. WGDashboard 是一款用于管理 WireGuard VPN 配置、节点(peers)和流量统计的开源 Web UI。本指南将使用 Docker Compose 安装 WGDashboard,并结合 Traefik 实现仪表盘的自动 HTTPS 加密,同时在宿主机上启用 IP 转发并开放 WireGuard UDP 端口。完成本指南后,你将能够通过自定义域名的安全 HTTPS 仪表盘来管理 WireGuard 节点。
Set Up the Directory Structure
设置目录结构
- Create the project directory structure:
- 创建项目目录结构:
$ mkdir -p ~/wgdashboard/{conf,data}
$ cd ~/wgdashboard- Create the environment file:
- 创建环境变量文件:
$ nano .env
DOMAIN=wgdashboard.example.com
LETSENCRYPT_EMAIL=admin@example.comEnable IPv4 Forwarding
启用 IPv4 转发
WireGuard routes traffic between peers, so the host kernel must forward packets. WireGuard 需要在节点之间路由流量,因此宿主机内核必须开启数据包转发功能。
- Append the sysctl setting:
- 追加 sysctl 设置:
$ echo "net.ipv4.ip_forward=1" | sudo tee -a /usr/lib/sysctl.d/99-custom.conf- Reload sysctl:
- 重载 sysctl:
$ sudo sysctl --systemDeploy with Docker Compose
使用 Docker Compose 部署
- Create the Docker Compose manifest:
- 创建 Docker Compose 清单文件:
$ nano docker-compose.yamlservices:
traefik:
image: traefik:v3.6
container_name: traefik
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
restart: unless-stopped
wgdashboard:
image: ghcr.io/wgdashboard/wgdashboard:latest
container_name: wgdashboard
hostname: wgdashboard
expose:
- "10086"
ports:
- "51820:51820/udp"
volumes:
- "./conf:/etc/wireguard"
- "./data:/data"
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.ip_forward=1
labels:
- "traefik.enable=true"
- "traefik.http.routers.wgdashboard.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.wgdashboard.entrypoints=websecure"
- "traefik.http.routers.wgdashboard.tls.certresolver=letsencrypt"
- "traefik.http.services.wgdashboard.loadbalancer.server.port=10086"
restart: unless-stopped
volumes:
letsencrypt:- Start the services:
- 启动服务:
$ docker compose up -d- Verify the services are running:
- 验证服务是否正在运行:
$ docker compose psAccess WGDashboard
访问 WGDashboard
Open https://wgdashboard.example.com in a browser. Sign in with the default credentials:
在浏览器中打开 https://wgdashboard.example.com。使用默认凭据登录:
Username: admin
Password: admin
Change the admin password immediately after first login.
首次登录后请立即更改管理员密码。
Next Steps
后续步骤
WGDashboard is running with HTTPS for the UI and WireGuard UDP exposed. From here you can: WGDashboard 现已运行,UI 启用了 HTTPS,并开放了 WireGuard UDP 端口。接下来你可以:
- Create WireGuard interfaces and add peers from the dashboard
- 在仪表盘中创建 WireGuard 接口并添加节点
- Export peer configurations as .conf files or QR codes for mobile clients
- 将节点配置导出为 .conf 文件或移动端扫描用的二维码
- Add the WireGuard interface to your firewall’s allowed inputs
- 将 WireGuard 接口添加到防火墙的允许入站规则中
For the full guide with additional tips, visit the original article on Vultr Docs. 如需获取包含更多技巧的完整指南,请访问 Vultr Docs 上的原始文章。