Docker WireGuard API

A Docker image that extends linuxserver/docker-wireguard with a simple REST API for dynamic peer management.

Warning

Under development

docker pull ghcr.io/woltsu/docker-wireguard-api:latest

Features

• Add/remove WireGuard peers via HTTP API
• Automatic IP allocation from subnet
• API key authentication
• Runs alongside WireGuard in a single container

WireGuard API Environment Variables

Note

These are in addition to the standard linuxserver/docker-wireguard environment variables.

See docker-compose.yml for an example setup.

WG_API_KEY=your-32-character-api-key-here
WG_CONFIG_PATH=/config/wg_confs/wg0.conf
WG_INTERFACE=wg0
WG_API_PORT=3000

API Endpoints

Get WireGuard Status

curl -H "X-API-Key: ${WG_API_KEY}" http://localhost:3000/wg

Create Client

curl -X POST -H "X-API-Key: ${WG_API_KEY}" http://localhost:3000/wg/client

Response:

{
  "client": {
    "privateKey": "...",
    "publicKey": "...",
    "presharedKey": "..."
  },
  "peer": {
    "allowedIPs": "..."
  }
}

Delete Client

curl -X DELETE -H "X-API-Key: ${WG_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"publicKey": "PUBLIC_KEY_HERE"}' \
  http://localhost:3000/wg/client

Response:

{
  "publicKey": "..."
}

Authentication

API key required via:

• Header: X-API-Key: your-key
• Header: Authorization: Bearer your-key

Minimum 32 characters required.

License

MIT