version: '3' # The main difference between this docker-compose.yml and the root # docker-compose.yml are listed below. # # * Instead of modifying the default bridge network as in root # docker-compose.yml, we create a new network, wg_web_api_network. # * Added the "wg" service, running the lscr.io/linuxserver/wireguard image. # * It's configured as a basic "server" setup with 3 peers. # * Make sure it's added to the wg_web_api_network. # * Apart from the WireGuard port, the wg-api port is published as well. # * The "web" service is unchanged. # * The "api" service requires a few changes. # * Instead of the host network mode, the "api" service runs in the wg's # networking namespace. This allows is to have access to wg's WireGuard # device. # * The --listen argument is 0.0.0.0:1234 instead of 192.168.177.1:1234. services: wg: image: lscr.io/linuxserver/wireguard:latest restart: unless-stopped environment: # These settings are mostly for testing; you most likely would want # to adjust them. - SERVERURL=127.0.0.1 - SERVERPORT=51820 - PEERS=3 - INTERNAL_SUBNET=10.13.13.0 - ALLOWEDIPS=10.13.13.0/24 - PEERDNS=off - LOG_CONFS=true networks: - wg_web_api_network ports: - 51820:51820/udp - '192.168.177.1:1234:1234' volumes: # A example configuration used for testing. - ./example_config:/config cap_add: - NET_ADMIN - SYS_MODULE web: image: egortensin/wg-api-web:1 depends_on: [api] restart: unless-stopped ports: - '8090:80' # Uncomment if you use peer aliases: #volumes: # - './data:/data:ro' api: image: james/wg-api:latest command: wg-api --device wg0 --listen 0.0.0.0:1234 depends_on: [wg] restart: unless-stopped network_mode: service:wg cap_add: - NET_ADMIN networks: wg_web_api_network: driver: bridge ipam: driver: default config: - subnet: 192.168.177.0/24