In this tutorial, I will demonstrate how to setup a Secure VPN using Wireguard on Docker using docker-compose and then we will use a Windows PC to connect to our Wireguard VPN using the Wireguard Client.

The following configurations should be changed, depending on your setup:

  • TZ - timezone
  • SERVERURL - this will be set where your client will connect to
  • SERVERPORT - this will be set in your client config (the listen port is hardcoded to 51820)
  • PEERDNS - this is the dns server that will be set in the client config (I use PiHole for DNS to block ads)
  • PEERS - this is used to create configs for your clients
  • INTERNAL_SUBNET - this is optional, but this is the subnet the connected clients will use

Start the Wireguard Server

The docker-compose.yml :

version: '3.7'


    container_name: wireguard
      - NET_ADMIN
      - SYS_MODULE
      - PUID=1000
      - PGID=1000
      - TZ=Africa/Johannesburg
      - SERVERPORT=51820
      - PEERS=ruan,mobile
      - PEERDNS= 
      -  ./config/wireguard:/config
      - /lib/modules:/lib/modules
      - 51820:51820/udp
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

Start up wireguard using docker compose:

$ docker-compose up -d

Once wireguard has been started, you will be able to tail the logs to see the initial qr codes for your clients, but you have access to them on the config directory:

$ docker-compose logs -f wireguard

The config directory will have the config and qr codes as mentioned:

$ ls ./config/wireguard/peer_ruan
peer_ruan.conf  peer_ruan.png  privatekey-peer_ruan  publickey-peer_ruan

Install the Wireguard Client

Head over to and install the client of your operating system, I will be using Windows in this example to demonstrate the setup.

I have a couple of configured tunnels already, but yours should looks something like this:


To setup a new tunnel, from the new tunnel options select add empty tunnel:


Copy the content from your config directory, for demonstration I will show you how one of my peer configs looks like:

$ cat ./config/wireguard/peer_ruan/peer_ruan.conf
Address =
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ListenPort = 51820

PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint =
AllowedIPs =

Then paste the config content and name your tunnel:


Connect the Wireguard VPN

Once you connected the VPN you should see something like this:


Now the connected client should be able to access the private network over the VPN where Wireguard is running.

Thank You

Thanks for reading, if you like my content, check out my website or follow me at @ruanbekker on Twitter.