LibrePortal/containers/wireguard/docker-compose.yml
librelad 875a60f90f LibrePortal v0.1.0 — initial release
A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys,
Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun
VPN routing, and a web dashboard to manage it all.

Free & open forever to self-host; optional paid hosted services fund it.
See PROMISE.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-21 20:37:54 +01:00

57 lines
2.3 KiB
YAML
Executable File

networks:
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
external: true
services:
wireguard-service: #LIBREPORTAL|SERVICE_TAG_1|wireguard-service
container_name: wireguard-service
image: ghcr.io/wg-easy/wg-easy:latest
restart: unless-stopped
hostname: wireguard
environment:
- PASSWORD_HASH=WIREGUARD_PASSWORD_DATA #LIBREPORTAL|WIREGUARD_PASSWORD_TAG|WIREGUARD_PASSWORD_DATA
- WG_HOST=PUBLIC_IP_DATA #LIBREPORTAL|PUBLIC_IP_TAG|PUBLIC_IP_DATA
- WG_DEFAULT_ADDRESS=WIREGUARD_SUBNET_DATA #LIBREPORTAL|WIREGUARD_SUBNET_TAG|WIREGUARD_SUBNET_DATA
- WG_MTU=NETWORK_MTU_DATA #LIBREPORTAL|NETWORK_MTU_TAG|NETWORK_MTU_DATA
- WG_ALLOWED_IPS=0.0.0.0/0,::/0
- WG_POST_UP=iptables -w -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
- WG_POST_DOWN=iptables -w -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ; iptables -t mangle -D FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
volumes:
- SOCKET_DATA #LIBREPORTAL|SOCKET_TAG|SOCKET_DATA
- ./wireguard-data:/etc/wireguard
# GLUETUN_OFF_BEGIN
ports:
- "PORTS_DATA_1" #LIBREPORTAL|PORTS_TAG_1|PORTS_DATA_1
- "PORTS_DATA_2" #LIBREPORTAL|PORTS_TAG_2|PORTS_DATA_2
# GLUETUN_OFF_END
labels:
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
# GLUETUN_OFF_BEGIN
networks:
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
ipv4_address: IP_DATA_1 #LIBREPORTAL|IP_TAG_1|IP_DATA_1
# GLUETUN_OFF_END
# GLUETUN_ON_BEGIN
# network_mode: "container:gluetun-service"
# GLUETUN_ON_END
# >>> libreportal-monitoring >>>
#wireguard-exporter:
# container_name: wireguard-exporter
# image: mindflavor/prometheus-wireguard-exporter:latest
# restart: unless-stopped
# cap_add:
# - NET_ADMIN
# network_mode: "service:wireguard-service"
# depends_on:
# - wireguard-service
# command: ["--port", "PORT_INTERNAL_DATA_3"] #LIBREPORTAL|PORT_INTERNAL_TAG_3|PORT_INTERNAL_DATA_3
# <<< libreportal-monitoring <<<