Vaier wires together WireGuard, Traefik, Authelia, and AWS Route53 into a single web UI. Add a Docker container on any VPN peer, pick a subdomain — Vaier handles DNS, reverse proxy, and HTTPS automatically.
You spin up a container on a homelab box. Now you need a WireGuard peer, a Route53 CNAME, a Traefik dynamic-config entry, a Let's Encrypt cert, an Authelia rule, and a bookmark somewhere you'll actually find later. Every new service repeats the whole dance. Every drift is silent.
Vaier discovers containers on every connected peer, lets you pick a subdomain, creates the DNS record, generates the Traefik route, provisions the cert, optionally gates it behind Authelia, and rolls back the entire flow if anything fails. Your homelab now feels like a PaaS.
Create, delete, and monitor WireGuard peers. Download QR codes, .conf files, docker-compose, or setup scripts — whichever fits the peer type.
Any container on any peer becomes a public HTTPS subdomain in one click — with automatic rollback if DNS or TLS fails.
A dashboard linking every published service — automatically switching to direct LAN URLs when you're on the same network.
Traefik dynamic config is generated for you, with per-service Authelia toggle and root-path redirect built in.
Full CRUD for AWS Route53 zones and records — or skip AWS entirely and run in manual DNS mode if your domain lives elsewhere.
Manage Authelia users and groups directly from the Vaier UI — no YAML editing required.
SMTP-powered password resets, plus admin alerts when any server-type peer or LAN machine goes up or down.
Authelia login pages share Vaier's dark theme — the auth hand-off feels like one app, not two.
Every published service resolves via DNS to the single Vaier server, terminates TLS at Traefik, optionally passes Authelia, and is proxied over WireGuard to the container running on a peer. The peers never need a public IP.
An EC2 t3.small or equivalent. Open TCP 22, 80, 443 and UDP 51820. Bring a domain you control and (optionally) AWS Route53 credentials for full DNS automation.
# run as your regular user, not root curl -fsSL https://get.docker.com | sh sudo usermod -aG docker $USER # then log out and back in
mkdir -p vaier && cd vaier curl -fsSL https://raw.githubusercontent.com/getvaier/vaier/main/docker-compose.yml \ -o docker-compose.yml
Drop in .env with at minimum VAIER_DOMAIN and ACME_EMAIL. Add VAIER_AWS_KEY and VAIER_AWS_SECRET if you want Route53 automation, or leave them out and maintain DNS yourself.
cat > .env <<EOF VAIER_DOMAIN=yourdomain.com ACME_EMAIL=you@yourdomain.com VAIER_AWS_KEY=AKIA... VAIER_AWS_SECRET=... EOF chmod 600 .env docker compose up -d
Read the bootstrap admin password, log in at https://vaier.yourdomain.com, change it, and delete the file. From there you create peers, publish containers, and watch a dashboard fill itself in.
cat authelia/config/.bootstrap-admin-password # log in at https://vaier.yourdomain.com, change the password, then: rm authelia/config/.bootstrap-admin-password
You're done patching together Caddy/Traefik configs by hand every time you stand up Plex, a Git server, or yet another self-hosted toy. Vaier is the layer that makes a single Linux box behave like a tiny private cloud.
Add teammates as Authelia users, gate sensitive services behind SSO, and let everyone find the apps via the launchpad. No spreadsheets of URLs. No "what's the password for X" pings.