How to Change AmneziaWG VPN Password and Port

Changing AmneziaWG VPN Web Interface Password and Port

To change the password and port of the AmneziaWG VPN web interface, you need to use environment variables when running through Docker or modify configuration files. The password is set via bcrypt hash or the PASSWORD variable, while the port is configured through the PORT variable.

Table of Contents

• Changing the web interface password
• Changing the web interface port
• Complete reconfiguration through Docker
• Configuration verification
• Troubleshooting common issues

Changing the web interface password

To change the access password for the AmneziaWG web interface, there are several methods:

Method 1: Using bcrypt hash

The most secure method is to use a bcrypt hash of the password:

1. Generate a bcrypt hash of your new password:

echo "your_new_password" | htpasswd -nBC 10 | tr -d ':\n'

2. Run the container with the new hash:

docker run -d \
  -e PASSWORD_HASH="$(echo "your_new_password" | htpasswd -nBC 10 | tr -d ':\n')" \
  -e WG_HOST=vpn.yourdomain.com \
  -p 51821:51821/tcp \
  -p 51820:51820/udp \
  --name amneziawg \
  -v ~/.amnezia-wg-easy:/etc/amneziawg \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1 net.ipv4.ip_forward=1" \
  w0rng/amnezia-wg-easy

Method 2: Using the PASSWORD variable

Easier but less secure method:

docker run -d \
  -e PASSWORD="your_new_password" \
  -e WG_HOST=vpn.yourdomain.com \
  -p 51821:51821/tcp \
  -p 51820:51820/udp \
  --name amneziawg \
  -v ~/.amnezia-wg-easy:/etc/amneziawg \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1 net.ipv4.ip_forward=1" \
  w0rng/amnezia-wg-easy

Important: When changing the password through the PASSWORD variable, it will be stored in plain text in Docker settings, which may pose a security risk.

Changing the web interface port

To change the web interface port, use the PORT environment variable:

Method 1: During initial setup

docker run -d \
  -e PASSWORD="your_password" \
  -e PORT=1111 \
  -e WG_HOST=vpn.yourdomain.com \
  -p 1111:1111/tcp \
  -p 51820:51820/udp \
  --name amneziawg \
  -v ~/.amnezia-wg-easy:/etc/amneziawg \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1 net.ipv4.ip_forward=1" \
  w0rng/amnezia-wg-easy

Method 2: Reconfiguring an existing container

1. Stop the current container:

docker stop amneziawg
docker rm amneziawg

2. Start a new container with the desired port:

docker run -d \
  -e PASSWORD="your_password" \
  -e PORT=1111 \
  -e WG_HOST=vpn.yourdomain.com \
  -p 1111:1111/tcp \
  -p 51820:51820/udp \
  --name amneziawg \
  -v ~/.amnezia-wg-easy:/etc/amneziawg \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1 net.ipv4.ip_forward=1" \
  w0rng/amnezia-wg-easy

Available port parameters

• Web interface: TCP port (default 51821)
• AmneziaWG: UDP port (default 51820, can be changed in the range 30000-50000)

Complete reconfiguration through Docker

If you need to change both parameters (password and port), follow these steps:

Step 1: Stop and remove the old container

docker stop amneziawg
docker rm amneziawg

Step 2: Generate bcrypt hash (recommended)

PASSWORD_HASH=$(echo "your_strong_password" | htpasswd -nBC 10 | tr -d ':\n')
echo "Generated password hash: $PASSWORD_HASH"

Step 3: Start a new container with the desired settings

docker run -d \
  -e PASSWORD_HASH="$PASSWORD_HASH" \
  -e PORT=1111 \
  -e WG_HOST=vpn.yourdomain.com \
  -p 1111:1111/tcp \
  -p 42666:42666/udp \
  --name amneziawg \
  -v ~/.amnezia-wg-easy:/etc/amneziawg \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1 net.ipv4.ip_forward=1" \
  -v /lib/modules:/lib/modules:ro \
  w0rng/amnezia-wg-easy

Step 4: Verify operation

docker logs amneziawg

Configuration verification

View active ports

docker port amneziawg

View environment variables

docker inspect amneziawg | grep -A 10 "Env"

Check web interface availability

curl -I http://localhost:1111

Troubleshooting common issues

Problem 1: “Port 8880 doesn’t work, it should be 1111”

Cause: Incorrect port mapping in Docker or firewall

Solution:

1. Check the correctness of port mapping:

docker port amneziawg

2. Check open ports on the server:

sudo ufw status

3. Open the required port:

sudo ufw allow 1111/tcp

Problem 2: “Password doesn’t match”

Cause: Used the PASSWORD variable instead of PASSWORD_HASH or the container was started with incorrect settings

Solution:

1. Check the current container settings:

docker inspect amneziawg | grep -A 5 "Env"

2. To change the password, stop the container and restart it with new parameters

Problem 3: “Web interface is not accessible”

Causes and solutions:

• Firewall: Open the 1111/tcp port
• Docker: Check the correctness of port mapping
• Network: Make sure the server is listening on the correct interface

Sources

1. GitHub - w0rng/amnezia-wg-easy - Password Configuration
2. DeepWiki - AmneziaWG Easy Configuration
3. Ithy - AmneziaWG Setup Guide for Ubuntu 24.04
4. EDIS Global - Installing AmneziaWG on Ubuntu 22.04
5. Amnezia Docs - Installation and Configuration of Protocols

Conclusion

• To change the web interface password, use the PASSWORD_HASH variable with a bcrypt hash for maximum security
• The web interface port is changed via the PORT environment variable when starting the Docker container
• When changing settings, always restart the container with docker stop and docker run
• Check the correctness of port mapping and firewall rules for access to the web interface
• For full control over the configuration, use configuration files in ~/.amnezia-wg-easy

If you have any questions about changing AmneziaWG settings, you can refer to the official documentation or ask a question in the AmneziaVPN community.