Exposing your SSH port or web dashboard to the public internet is asking for trouble.
The solution is a VPN. But OpenVPN is a pain to configure. WireGuard is modern, fast, and lean. And with wg-easy, it has a web UI.
The Setup
version: "3.8"
services:
wg-easy:
environment:
# ⚠️ Change this to your public IP or domain
- WG_HOST=vpn.example.com
- PASSWORD=your_admin_password
- WG_PORT=51820
- WG_DEFAULT_ADDRESS=10.8.0.x
- WG_DEFAULT_DNS=1.1.1.1
image: ghcr.io/wg-easy/wg-easy
container_name: wg-easy
volumes:
- ./wireguard:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
How to Use
- Run
docker-compose up -d. - Go to
http://localhost:51821. - Login.
- Click "New Client", name it (e.g., "Phone").
- Scan the QR code with the WireGuard app on your phone.
Now you can access your local network (192.168.x.x) from anywhere in the world, securely.