Self-Hosted · WireGuard · Docker

Your VPN,
Your Server

Deploy your own WireGuard VPN infrastructure with Docker. Connect securely from anywhere using our simple CLI client. No subscriptions, no third parties, complete control.

Deploy NowLearn More
WireGuardDockerGoMySQL
BitVPN Shield

Why BitVPN?

A modern, self-hosted VPN solution built on WireGuard protocol

WireGuard Protocol

Built on the modern WireGuard protocol - faster, simpler, and more secure than OpenVPN or IPSec.

Docker Ready

Deploy with a single docker-compose command. Spin up multiple server locations in minutes.

Simple CLI

Intuitive command-line client. Connect, disconnect, and switch servers with simple commands.

Client-Side Keys

WireGuard keys generated locally. Your private key never leaves your device.

Multi-Server

Deploy VPN servers in multiple locations. Users can choose and switch between them.

Session-Based

Temporary 24-hour sessions with automatic cleanup. No persistent device configs on server.

Load Balanced

Built-in Nginx load balancer for API traffic. VPN traffic goes direct to servers.

Zero Logs

Your server, your rules. No third-party logging or tracking. Complete privacy.

Quick Start

Get your VPN infrastructure running in minutes

1a. All-in-One (Simple)

Single docker-compose file

# Clone and setup
git clone <repo-url>
cd bit-vpn/server
# Configure
cp .env.example .env
# Deploy everything
docker-compose up -d

Perfect for testing and small deployments. Includes VPN servers, database, and load balancer in one file.

1b. Modular (Scalable)

Independent deployments

# Create network
docker network create bitvpn-network
# Deploy database
cd deploy/database && docker-compose up -d
# Deploy servers
cd ../vpn-server
docker-compose --env-file .env.india -p bitvpn-india up -d

Best for production. Deploy servers in multiple locations independently with automatic load balancer updates.

2. Install BitVPN Client

Build from Source

# Clone and build
git clone <repo>
cd client
make build
make install

Requires Go 1.23+ and WireGuard tools

Download Prebuilt

# Linux/macOS
wget https://releases...
chmod +x bit-vpn
./bit-vpn auth

Download from releases page (Linux, macOS, Windows)

Docker Image

# Pull and run
docker pull bitvpn/client:latest
docker run -it \
bitvpn/client auth

Available on Docker Hub, includes all dependencies

3. Distribute Docker Images

VPN Server Image

Build the server image:

cd server
docker build -t myregistry/bitvpn-server:latest .

Push to Docker Hub or private registry:

docker login
docker push myregistry/bitvpn-server:latest

Supports multi-platform builds (AMD64, ARM64) using buildx

Client Image

Build client image:

cd client
docker build -t myregistry/bitvpn-client:latest .

Push to registry:

docker push myregistry/bitvpn-client:latest

Create executable binary from image for easy distribution

Distribution Options

Docker Hub

Public registry, free for open-source. Visit hub.docker.com to create account and push images.

GitHub Container Registry

Private or public registries. Push directly from GitHub Actions CI/CD pipeline.

Private Registry

Self-hosted registry (Docker Registry, Nexus, Harbor) for complete control and privacy.

Release Artifacts

Attach prebuilt binaries to GitHub Releases for direct download without Docker.

CLI Commands

bit-vpn auth

Login or register

bit-vpn servers

List VPN locations

bit-vpn connect

Connect to VPN

bit-vpn disconnect

Disconnect VPN

bit-vpn status

Check connection

Architecture

Session-based VPN with client-side key generation

┌─────────────────────────────────────────────────────────────────┐ │ BitVPN Architecture │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ┌──────────┐ │ │ │ Client │ │ │ │ (CLI) │ │ │ └────┬─────┘ │ │ │ │ │ ├──► API (auth, sessions) ──► Nginx LB ──┬──► VPN India │ │ │ ├──► VPN UK │ │ │ ├──► VPN Japan │ │ │ └──► VPN US │ │ │ │ │ └──► WireGuard (UDP) ─────────────────────► Direct to │ │ Selected │ │ Server │ │ │ └─────────────────────────────────────────────────────────────────┘

API Traffic

Authentication and session management routed through Nginx load balancer

VPN Traffic

WireGuard UDP packets go directly to the selected server endpoint

Sessions

24-hour sessions with max 5 concurrent per user, auto-cleanup on expiry