A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys, Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun VPN routing, and a web dashboard to manage it all. Free & open forever to self-host; optional paid hosted services fund it. See PROMISE.md. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
57 lines
2.3 KiB
YAML
Executable File
57 lines
2.3 KiB
YAML
Executable File
networks:
|
|
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
external: true
|
|
|
|
services:
|
|
wireguard-service: #LIBREPORTAL|SERVICE_TAG_1|wireguard-service
|
|
container_name: wireguard-service
|
|
image: ghcr.io/wg-easy/wg-easy:latest
|
|
restart: unless-stopped
|
|
hostname: wireguard
|
|
environment:
|
|
- PASSWORD_HASH=WIREGUARD_PASSWORD_DATA #LIBREPORTAL|WIREGUARD_PASSWORD_TAG|WIREGUARD_PASSWORD_DATA
|
|
- WG_HOST=PUBLIC_IP_DATA #LIBREPORTAL|PUBLIC_IP_TAG|PUBLIC_IP_DATA
|
|
- WG_DEFAULT_ADDRESS=WIREGUARD_SUBNET_DATA #LIBREPORTAL|WIREGUARD_SUBNET_TAG|WIREGUARD_SUBNET_DATA
|
|
- WG_MTU=NETWORK_MTU_DATA #LIBREPORTAL|NETWORK_MTU_TAG|NETWORK_MTU_DATA
|
|
- WG_ALLOWED_IPS=0.0.0.0/0,::/0
|
|
- WG_POST_UP=iptables -w -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
- WG_POST_DOWN=iptables -w -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ; iptables -t mangle -D FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
volumes:
|
|
- SOCKET_DATA #LIBREPORTAL|SOCKET_TAG|SOCKET_DATA
|
|
- ./wireguard-data:/etc/wireguard
|
|
# GLUETUN_OFF_BEGIN
|
|
ports:
|
|
- "PORTS_DATA_1" #LIBREPORTAL|PORTS_TAG_1|PORTS_DATA_1
|
|
- "PORTS_DATA_2" #LIBREPORTAL|PORTS_TAG_2|PORTS_DATA_2
|
|
# GLUETUN_OFF_END
|
|
labels:
|
|
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
|
|
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv4.ip_forward=1
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
# GLUETUN_OFF_BEGIN
|
|
networks:
|
|
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
ipv4_address: IP_DATA_1 #LIBREPORTAL|IP_TAG_1|IP_DATA_1
|
|
# GLUETUN_OFF_END
|
|
# GLUETUN_ON_BEGIN
|
|
# network_mode: "container:gluetun-service"
|
|
# GLUETUN_ON_END
|
|
|
|
# >>> libreportal-monitoring >>>
|
|
#wireguard-exporter:
|
|
# container_name: wireguard-exporter
|
|
# image: mindflavor/prometheus-wireguard-exporter:latest
|
|
# restart: unless-stopped
|
|
# cap_add:
|
|
# - NET_ADMIN
|
|
# network_mode: "service:wireguard-service"
|
|
# depends_on:
|
|
# - wireguard-service
|
|
# command: ["--port", "PORT_INTERNAL_DATA_3"] #LIBREPORTAL|PORT_INTERNAL_TAG_3|PORT_INTERNAL_DATA_3
|
|
# <<< libreportal-monitoring <<<
|