davide/vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
78e1c37a9eb66d6731237b1cd745134a90dca63a
vpn/CLAUDE.md
T
davide 78e1c37a9e feat: ottimizzazione SBC e miglioramento documentazione 
- Aggiunge limiti di memoria, CPU e swap al container per prevenire crash
  dell'host su SBC (la causa principale era log illimitati + OOM senza cgroup)
- Aggiunge rotazione log (max 30 MB totali) per evitare riempimento SD card
- Aggiunge health check con riavvio automatico in caso di blocco Node.js
- Monta /tmp come tmpfs per ridurre scritture sulla SD card
- Pinna l'immagine a 15.2.2 invece di latest
- Semplifica README: unico metodo per generare la password, guida passo-passo
- Aggiunge variabili opzionali WG_MEM_LIMIT / WG_MEMSWAP_LIMIT / WG_CPUS in .env.example

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-03 22:41:38 +02:00

1.8 KiB
Raw Blame History

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

What this is

A Docker Compose setup for a self-hosted WireGuard VPN server using wg-easy, designed to run on a Raspberry Pi or any Linux server. The web UI (wg-easy) handles client management, QR code generation, and key lifecycle.

Common commands

# First-time setup
cp .env.example .env
# Edit .env with WG_HOST, PASSWORD_HASH, TZ

# Generate bcrypt password hash (no extra dependencies)
docker run --rm -it ghcr.io/wg-easy/wg-easy wgpw 'YourPassword'

# Start the VPN
docker compose up -d

# Update wg-easy to the latest image
docker compose pull && docker compose up -d

# View logs
docker compose logs -f wg-easy

Configuration

All runtime configuration lives in .env (not committed). Required variables:

Variable Description
WG_HOST Public IP or DDNS hostname clients connect to
PASSWORD_HASH bcrypt hash of the web UI password (prefix $2a$, $2b$, or $2y$)
TZ IANA timezone (e.g. Europe/Rome)

Optional: WG_PORT (default 51820/udp), WG_UI_PORT (default 51821/tcp), WG_DEFAULT_DNS (default 1.1.1.1,8.8.8.8).

Important constraints

  • wg-data/ is auto-generated by the container on first start and holds live WireGuard keys (wg0.conf, wg0.json). Never commit it.
  • .env is gitignored — it holds the password hash and hostname.
  • The container requires NET_ADMIN and SYS_MODULE capabilities plus net.ipv4.ip_forward=1 sysctl — these are already set in docker-compose.yml.
  • The router must forward UDP port 51820 (or WG_PORT) to the server's local IP.
  • openssl passwd does not support bcrypt — use the Docker method, htpasswd, or Python's bcrypt library to generate PASSWORD_HASH.
Reference in New Issue View Git Blame Copy Permalink