blob: a2db94d13b75cca3148463c1003f79f1dc125418 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
version: '3'
# The main difference between this docker-compose.yml and the root
# docker-compose.yml are listed below.
#
# * Instead of modifying the default bridge network as in root
# docker-compose.yml, we create a new network, wg_web_api_network.
# * Added the "wg" service, running the lscr.io/linuxserver/wireguard image.
# * It's configured as a basic "server" setup with 3 peers.
# * Make sure it's added to the wg_web_api_network.
# * Apart from the WireGuard port, the wg-api port is published as well.
# * The "web" service is unchanged.
# * The "api" service requires a few changes.
# * Instead of the host network mode, the "api" service runs in the wg's
# networking namespace. This allows is to have access to wg's WireGuard
# device.
# * The --listen argument is 0.0.0.0:1234 instead of 192.168.177.1:1234.
services:
wg:
image: lscr.io/linuxserver/wireguard:latest
restart: unless-stopped
environment:
- SERVERURL=wireguard.domain.com
- SERVERPORT=51820
- PEERS=3
- INTERNAL_SUBNET=10.13.13.0
- LOG_CONFS=true
networks:
- wg_web_api_network
ports:
- 51820:51820/udp
- '192.168.177.1:1234:1234'
# Uncomment to save configuration to the config/ directory:
#volumes:
# - ./config:/config
cap_add:
- NET_ADMIN
- SYS_MODULE
web:
image: egortensin/wg-api-web:1
depends_on: [api]
restart: unless-stopped
ports:
- '8090:80'
# Uncomment if you use peer aliases:
#volumes:
# - './data:/data:ro'
api:
image: james/wg-api:latest
command: wg-api --device wg0 --listen 0.0.0.0:1234
depends_on: [wg]
restart: unless-stopped
network_mode: service:wg
cap_add:
- NET_ADMIN
networks:
wg_web_api_network:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.177.0/24
|
