Docker Compose stack to deploy a WireGuard VPN server (wg-easy), Traefik as a reverse proxy to access the wg-easy UI, and Authelia for authentication.
- Ensure Docker and Docker Compose plugin are installed.
- Generate password hash for users in Authelia
docker run --rm authelia/authelia:latest \
authelia crypto hash generate argon2 \
--password 'my-password'- Update the Authelia users configuration in ./config/users_database.yml:
users:
your-user-name:
disabled: false
displayname: "Your Disaplay Name"
password: "<generated-password-hash>"
email: "root@localhost"- Obtain your DuckDNS token and export the following environmental variables:
export MY_PROVIDER="duckdns"
export MY_DOMAIN="mydomain.duckdns.org"
export DUCKDNS_TOKEN="MYTOKEN"
export PUID=$(id -u)
export PGID=$(id -g)
docker compose up -d- Once the stack is up and running, go to your domain (
${MY_DOMAIN}), log in with your password, and click register as shown below:
- After login, click "ADD" and it ask for OTP like below screenshot
-
Retrieve the first 2FA code at
config/notification.txt.NOTE: This
config/notification.txtis automatically created by Authelia. For example:cat config/notification.txt Date: 2024-07-21 14:55:11.30894104 +0000 UTC m=+43.154509640 Recipient: {Test User [email protected]} Subject: Confirm your identity Hi Test User, This email has been sent to you in order to validate your identity. Purpose: Confirm your identity. If you did not initiate the process, your credentials might have been compromised and you should: 1. Visit the revocation link. 2. Reset your password or other login credentials. 3. Contact an Administrator. To confirm your identity, please use the following single-use code: TXQAT55T This email was generated by a user with the IP XXXXXX. The following link can be used to revoke the code (this is a logged event): XXXX -
Finally register the OTP in your favourite OTP App
