How to Set Up a WireGuard VPN Server Using Docker and Connect from Android and Windows
If you’ve ever wanted your own private, high-speed VPN instead of relying on third-party providers, WireGuard is one of the best tools available today. It’s lightweight, secure, and easy to deploy—especially when paired with Docker. This guide walks you through setting up a WireGuard VPN server using Docker Compose and connecting to it from both Android and Windows.
Why Use WireGuard with Docker?
Docker isolates the WireGuard environment from the rest of your system. It keeps configuration tidy, updates simple, and lets you replicate the same setup across multiple VPS servers worldwide. Whether you’re creating a personal VPN or a network of regional nodes, Docker keeps everything manageable.
Step 1: Prepare Your Server
You’ll need:
- A VPS with Ubuntu or Debian
- Root or sudo access
- A public IP address
- Docker and Docker Compose installed
Install Docker and Docker Compose:
sudo apt update
sudo apt install -y docker.io docker-compose
Then create a working directory:
mkdir -p ~/wireguard
cd ~/wireguard
Step 2: Create the Docker Compose File
Create a new file called docker-compose.yml:
nano docker-compose.yml
Paste the following configuration:
version: "3.8"
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Manila
- SERVERURL=your.vps.ip.or.domain
- SERVERPORT=51820
- PEERS=3
- PEERDNS=1.1.1.1
- ALLOWEDIPS=0.0.0.0/0
volumes:
- ./config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped
Save the file and exit.
Step 3: Start the Container
Run the following command:
sudo docker compose up -d
Docker will automatically:
- Download the WireGuard image
- Generate server and client keys
- Create configuration files for three peers under
./config
You can inspect them by typing:
ls config
Each peer folder contains a .conf file and a QR code image.
Step 4: Connect from Android
Install WireGuard from the Play Store.
On your VPS, display the QR code for a peer:
bashsudo docker exec -it wireguard cat /config/peer1/peer1.pngIn the WireGuard app, tap Add Tunnel → Scan from QR Code and point your camera at the terminal.
Tap the toggle to connect.
Grant VPN permission when prompted.
If successful, your phone will show a key icon in the status bar. Visit whatismyipaddress.com to verify that your IP matches your VPS location.
Step 5: Connect from Windows
- Download the official WireGuard client from wireguard.com/install.
- Copy a client configuration file (e.g.,
peer2.conf) from your VPS to your PC. - Open the WireGuard app, click Add Tunnel → Import from File, and select the file.
- Click Activate to connect.
You’ll see your public IP change to your VPS address.
Step 6: Add or Remove Clients
Add a new peer:
sudo docker exec -it wireguard /app/add-peer mynewpeer
Remove an existing peer:
sudo docker exec -it wireguard /app/remove-peer mynewpeer
Each peer generates its own config and QR code inside the config directory.
Step 7: Firewall Settings
Ensure UDP port 51820 is open:
sudo ufw allow 51820/udp
sudo ufw reload
Step 8: Test Connectivity
From a connected device:
ping 10.0.0.1 # test internal VPN connection
ping 8.8.8.8 # test external internet access
If both respond, your VPN is routing traffic correctly.
Optional: Use wg-easy for Web Management
You can also deploy wg-easy, a companion dashboard that lets you add peers and download configs with a browser. It’s a convenient layer if you plan to manage many users or devices.
Conclusion
With this setup, you’ve created a fully functioning WireGuard VPN server inside Docker, complete with multi-client support and cross-platform connectivity. You can replicate this configuration across multiple VPS regions to build your own private VPN network, or expand it later with subscription management and automation tools.
Building your own VPN isn’t just about privacy—it’s about understanding the architecture that powers secure communication on the internet.