Skip to content

freifunkMUC/proxyguard-docker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ProxyGuard Docker

A container image of the server part of https://codeberg.org/eduVPN/proxyguard, a "WireGuard over HTTPS" proxy.

How to use

On the client side you also need the client proxy, see the relevant section in ProxyGuard's README.

Please also read ProxyGuard's docs on Deployment and Technical docs.

HTTPS / TLS

While the inner WireGuard tunnel traffic is of course encrypted, you might still want to secure the outer parts using TLS. For this you need a reverse proxy terminating the HTTPS traffic (and a TLS certificate). Please pay special attention to the Reverse proxy section of the ProxyGuard deployment guide, regarding "HTTP Upgrade" and WebSocket behaviour.

With Docker Run

With the following command, the container will run in the host network namespace (unisolated), listen on [::]:51821 for HTTPS-tunneled traffic from a ProxyGuard client, and forward the unpacked, raw WireGuard packets to 127.0.0.1:51820, i.e. a WireGuard peer running on the bare host.

docker run --network host -e LISTEN_PORT=51821 -e TO=127.0.0.1:51820 ghcr.io/freifunkmuc/proxyguard-docker:2

With Docker Compose

version: "3.0"
services:
  proxyguard:
    image: ghcr.io/freifunkmuc/proxyguard-docker:2
    restart: always
    network_mode: host
    environment:
      - "LISTEN_PORT=80"
      - "TO=[::1]:51820"

About

Container images for ProxyGuard (https://codeberg.org/eduVPN/proxyguard)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors 3

  •  
  •  
  •