54 lines
1.0 KiB
YAML
54 lines
1.0 KiB
YAML
version: "3"
|
|
services:
|
|
wireguard:
|
|
image: ghcr.io/wg-easy/wg-easy
|
|
restart: unless-stopped
|
|
container_name: wireguard
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.wireguard.rule=Host(`wireguard.${DOMAIN_ROOT}`)"
|
|
- "traefik.http.services.wireguard.loadbalancer.server.port=51821"
|
|
- 'traefik.http.routers.wireguard.middlewares=authelia@docker'
|
|
|
|
ports:
|
|
- target: 51820
|
|
published: 51820
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 51820
|
|
published: 51820
|
|
protocol: udp
|
|
mode: host
|
|
|
|
volumes:
|
|
- wireguard_data:/etc/wireguard
|
|
|
|
environment:
|
|
- WG_HOST=wireguard.${DOMAIN_ROOT}
|
|
- PASSWORD=${UI_PASSWORD}
|
|
- DOMAIN_ROOT=${DOMAIN_ROOT}
|
|
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
|
|
sysctls:
|
|
- "net.ipv4.conf.all.src_valid_mark=1"
|
|
- "net.ipv4.ip_forward=1"
|
|
|
|
networks:
|
|
- default
|
|
- home-proxy
|
|
|
|
|
|
volumes:
|
|
wireguard_data:
|
|
external: true
|
|
|
|
networks:
|
|
default:
|
|
home-proxy:
|
|
external: true
|
|
|
|
|