blob: 6898da76a393f3f21ef0dae2b461c66f4b13ac28 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# The main differences between this docker-compose.yml and the root
# docker-compose.yml are listed below.
#
# * Instead of modifying the default bridge network as in root
# docker-compose.yml, we create a new network, wg_web_api_network.
# * Added the "wg" service, running the lscr.io/linuxserver/wireguard image.
# * It's configured as a basic "server" setup with 3 peers.
# * Make sure it's added to the wg_web_api_network.
# * Apart from the WireGuard port, the wg-api port is published as well.
# * The "web" service is unchanged.
# * The "api" service requires a few changes.
# * Instead of the host network mode, the "api" service runs in the wg's
# networking namespace. This allows is to have access to wg's WireGuard
# device.
# * The --listen argument is 0.0.0.0:1234 instead of 192.168.177.1:1234.
version: '3'
services:
wg:
image: lscr.io/linuxserver/wireguard:latest
restart: unless-stopped
environment:
# These settings are mostly for testing; you most likely would want
# to adjust them.
- SERVERURL=127.0.0.1
- SERVERPORT=51820
- PEERS=3
- INTERNAL_SUBNET=10.13.13.0
- ALLOWEDIPS=10.13.13.0/24
- PEERDNS=off
- LOG_CONFS=true
networks:
- wg_web_api_network
ports:
- 51820:51820/udp
- '192.168.177.1:1234:1234'
volumes:
# A example configuration used for testing.
- ./example_config:/config
cap_add:
- NET_ADMIN
- SYS_MODULE
web:
image: egortensin/wg-api-web:1
depends_on: [api]
restart: unless-stopped
ports:
- '8090:80'
# Uncomment if you use peer aliases:
#volumes:
# - './data:/data:ro'
api:
image: james/wg-api:latest
command: wg-api --device wg0 --listen 0.0.0.0:1234
depends_on: [wg]
restart: unless-stopped
network_mode: service:wg
cap_add:
- NET_ADMIN
networks:
wg_web_api_network:
driver: bridge
ipam:
driver: default
config:
# The network is hardcoded; please don't change. If you run into
# problems, let me know.
- subnet: 192.168.177.0/24
|