steveternet/wireguard/docker-compose.yml

54 lines
1.0 KiB
YAML
Raw Normal View History

2023-12-24 18:54:49 +00:00
version: "3"
services:
wireguard:
image: ghcr.io/wg-easy/wg-easy
restart: unless-stopped
container_name: wireguard
labels:
- "traefik.enable=true"
- "traefik.http.routers.wireguard.rule=Host(`wireguard.${DOMAIN_ROOT}`)"
- "traefik.http.services.wireguard.loadbalancer.server.port=51821"
- 'traefik.http.routers.wireguard.middlewares=authelia@docker'
ports:
- target: 51820
published: 51820
protocol: tcp
mode: host
- target: 51820
published: 51820
protocol: udp
mode: host
volumes:
- wireguard_data:/etc/wireguard
environment:
- WG_HOST=wireguard.${DOMAIN_ROOT}
- PASSWORD=${UI_PASSWORD}
- DOMAIN_ROOT=${DOMAIN_ROOT}
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- "net.ipv4.conf.all.src_valid_mark=1"
- "net.ipv4.ip_forward=1"
networks:
- default
- home-proxy
volumes:
wireguard_data:
external: true
networks:
default:
home-proxy:
external: true