diff --git a/docker-compose.yml b/docker-compose.yml
index 184ad8b..b644d39 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,6 +29,17 @@ services:
     expose:
       - 9091
 
+  wg-gen-web:
+    image: vx3r/wg-gen-web:latest
+    container_name: wg-gen-web
+    restart: unless-stopped
+    expose:
+      - 8080
+    env_file:
+      - wg/wg-gen.env
+    volumes:
+      - /etc/wireguard:/data
+
   freshrss:
     image: linuxserver/freshrss
     container_name: freshrss
diff --git a/letsencrypt/nginx/proxy-confs/wg.subdomain.conf b/letsencrypt/nginx/proxy-confs/wg.subdomain.conf
new file mode 100644
index 0000000..a45b190
--- /dev/null
+++ b/letsencrypt/nginx/proxy-confs/wg.subdomain.conf
@@ -0,0 +1,39 @@
+# make sure that your dns has a cname set for wg-gen-web and that your wg-gen-web container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name wg.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app wg-gen-web;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/wg/wg-gen.env b/wg/wg-gen.env
new file mode 100644
index 0000000..1b650a4
--- /dev/null
+++ b/wg/wg-gen.env
@@ -0,0 +1,3 @@
+WG_CONF_DIR=/data
+WG_INTERFACE_NAME=wg0.conf
+OAUTH2_PROVIDER_NAME=fake