How to Deploy a Self-Hosted VPN with Docker in Under 30 Minutes (Step-by-Step Guide)

By Bo MorganLABS, LINUX ADMIN

 

Deploying a Self-Hosted VPN with Docker in Under 30 Minutes

If you’ve been looking for a simple way to secure your internet traffic without relying on third-party VPN providers, hosting your own VPN server is the answer. In this guide, I’ll walk you through deploying a self-hosted VPN with Docker in under 30 minutes—perfect for your home lab, VPS, or cloud server.

By the end of this tutorial, you’ll have a working VPN that encrypts your traffic, blocks ISP snooping, and gives you control over your own privacy.

 

 

Why Host Your Own VPN?

While commercial VPN services are convenient, they come with trade-offs. Hosting your own VPN server offers:

  • Full control over your data and traffic

  • Better transparency (no unknown logging policies)

  • Flexible deployment (home lab, VPS, or cloud provider)

  • Lower long-term costs (one-time setup vs. subscription fees)

If you already have a server running Docker, you’re only a few commands away from having your VPN online.

 

Try This on Linode (Free Trial)

Don’t have a server yet? You can spin up a Linux VPS in minutes. I recommend Linode because it’s beginner-friendly, affordable, and developer-focused.

👉 Click here to try Linode with a free trial credit

Once you’ve created your account, deploy a fresh Ubuntu 22.04 server, log in, and follow the steps below.

 

Prerequisites

Before we get started, make sure you have:

  • A Linux server or VPS (Ubuntu 22.04 or later recommended)

  • Docker and Docker Compose installed

  • A public IP or domain name (if connecting over the internet)

  • Basic familiarity with the Linux command line

 

Step 1: Update Your Server

sudo apt update && sudo apt upgrade -y

 

Step 2: Install Docker & Docker Compose

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
sudo apt install docker-compose -y

Log out and back in to apply changes.

 

Step 3: Use a Prebuilt VPN Docker Image

We’ll use linuxserver/wireguard, one of the most popular WireGuard Docker images.

mkdir ~/wireguard && cd ~/wireguard

 

Step 4: Create a Docker Compose File

docker-compose.yml

version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SERVERURL=your-server-ip-or-domain
      - SERVERPORT=51820
      - PEERS=1
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

 

Step 5: Deploy the VPN

docker-compose up -d

 

Step 6: Retrieve the Client Configuration

cat ~/wireguard/config/peer1/peer1.conf

Or generate a QR code:

docker exec -it wireguard /app/show-peer 1

 

Step 7: Connect and Test

Install the WireGuard client, import the config, and check your new IP:

curl ifconfig.me

 

Wrapping Up

You just deployed a self-hosted VPN with Docker in under 30 minutes. Whether you’re protecting yourself on public Wi-Fi, securing your home lab, or experimenting in the cloud, this setup is fast, reliable, and completely under your control.

 

Next Steps: