aboutsummaryrefslogblamecommitdiffstatshomepage
path: root/test/linuxserver/docker-compose.yml
blob: f1b2fe96c3e56d92f05b2f4d409472fa9395ff06 (plain) (tree)
1
2

            















                                                                             




                                               
                           
                        
               
                                  
                                
                   





                                 

                                








                                  
                                        

















                                                      
version: '3'

# The main difference between this docker-compose.yml and the root
# docker-compose.yml are listed below.
#
# * Instead of modifying the default bridge network as in root
#   docker-compose.yml, we create a new network, wg_web_api_network.
# * Added the "wg" service, running the lscr.io/linuxserver/wireguard image.
#     * It's configured as a basic "server" setup with 3 peers.
#     * Make sure it's added to the wg_web_api_network.
#     * Apart from the WireGuard port, the wg-api port is published as well.
# * The "web" service is unchanged.
# * The "api" service requires a few changes.
#     * Instead of the host network mode, the "api" service runs in the wg's
#       networking namespace. This allows is to have access to wg's WireGuard
#       device.
#     * The --listen argument is 0.0.0.0:1234 instead of 192.168.177.1:1234.

services:
  wg:
    image: lscr.io/linuxserver/wireguard:latest
    restart: unless-stopped
    environment:
      - SERVERURL=127.0.0.1
      - SERVERPORT=51820
      - PEERS=3
      - INTERNAL_SUBNET=10.13.13.0
      - ALLOWEDIPS=10.13.13.0/24
      - PEERDNS=off
      - LOG_CONFS=true
    networks:
      - wg_web_api_network
    ports:
      - 51820:51820/udp
      - '192.168.177.1:1234:1234'
    volumes:
      - ./example_config:/config
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
  web:
    image: egortensin/wg-api-web:1
    depends_on: [api]
    restart: unless-stopped
    ports:
      - '8090:80'
    # Uncomment if you use peer aliases:
    #volumes:
    #  - './data:/data:ro'
  api:
    image: james/wg-api:latest
    command: wg-api --device wg0 --listen 0.0.0.0:1234
    depends_on: [wg]
    restart: unless-stopped
    network_mode: service:wg
    cap_add:
      - NET_ADMIN

networks:
  wg_web_api_network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.177.0/24