Wiredoor Configuration
Wiredoor is configured through environment variables passed to the container (e.g. via docker-compose.yml).
This page describes all available configuration options.
DNS Providers Integration
Wiredoor can integrate with external DNS providers to manage DNS zones automatically.
Cloudflare
To enable Cloudflare DNS management, Wiredoor requires a Cloudflare API Token with DNS edit permissions for the zones you want to use.
The token must include at least:
- Zone β DNS β Edit
You can create a token at https://dash.cloudflare.com/profile/api-tokensΒ .
Make sure the token has access only to the specific zones you intend to manage for improved security.
| Variable | Description | Required | Example |
|---|---|---|---|
DNS_PROVIDER | Set to cloudflare to enable Cloudflare DNS integration | β Optional | cloudflare |
CLOUDFLARE_API_TOKEN | API token with DNS edit permissions | β Optional | 01ab23cd45ef6789ghij0123klmn4567opqrs890tuvwx |
GoDaddy
To enable GoDaddy DNS integration, set the following environment variables:
| Variable | Description | Required | Example |
|---|---|---|---|
DNS_PROVIDER | Set to godaddy to enable GoDaddy DNS integration | β Optional | |
GODADDY_API_KEY | GoDaddy API key | β Optional | ABCD1234EFGH5678 |
GODADDY_API_SECRET | GoDaddy API secret | β Optional | a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6 |
Advanced Environment Variables
| Variable | Description | Required | Example |
|---|---|---|---|
PRIVATE_KEY | Private key to issue tokens, auto-generated for each environment by default | β Optional | htcVZnbD7yp8+z1R3vb6ww...gNrKNc/C7fkbHwBbw6uzIX61wLzlYg== |
SERVER_LOGS_DIR | Custom directory to store nginx logs inside the container | β Optional | /var/log/nginx |
Volumes
| Container Path | Purpose | Example Host Mapping |
|---|---|---|
/data | Persistent configuration and runtime data | ./wiredoor-data |
/etc/letsencrypt | Stores Letβs Encrypt SSL certificates | ./wiredoor-certbot |
/var/log/nginx | (Optional) Stores NGINX access logs | ./wiredoor-logs |
Network Ports
| Port | Protocol | Purpose |
|---|---|---|
80 | TCP | HTTP traffic (used for Certbot validation) |
443 | TCP | HTTPS traffic |
51820 (default) | UDP | WireGuard VPN connection |
32760-32767 (optional) | TCP | Port range for exposing TCP services (controlled via TCP_SERVICES_PORT_RANGE) |
You can change the VPN port or the TCP service range, but make sure those ports are open and accessible from the internet or from the client network.
Security Notes
- β οΈ Never expose your
.envordocker-compose.ymlwith secrets in public repositories. - β
Use a
.envfile to define your environment variables securely. - π Make sure to add
.envto your.gitignoreand restrict read access to it using filesystem permissions (e.g.,chmod 600 .env). - π Avoid hardcoding secrets or tokens in version-controlled files.