30 lines
1.0 KiB
YAML
30 lines
1.0 KiB
YAML
---
|
|
services:
|
|
wg-easy:
|
|
image: ghcr.io/wg-easy/wg-easy:14 # breaking changes...
|
|
container_name: wg-easy
|
|
volumes:
|
|
- type: bind
|
|
source: ${VOLUME_PATH}
|
|
target: /etc/wireguard
|
|
bind:
|
|
create_host_path: true
|
|
ports:
|
|
- '${UDP_PORT}:51820/udp'
|
|
- '127.0.0.1:${GUI_PORT}:51821/tcp'
|
|
pull_policy: always
|
|
restart: unless-stopped
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
net.ipv4.ip_forward: 1
|
|
net.ipv4.conf.all.src_valid_mark: 1
|
|
environment:
|
|
PASSWORD_HASH: ${PASSWORD_HASH}
|
|
WG_HOST: ${WG_HOST}
|
|
WG_DEVICE: ${WG_DEVICE} # WAN interface
|
|
WG_PERSISTENT_KEEPALIVE: 25
|
|
WG_POST_UP: 'iptables -I FORWARD -i wg0 -d 10.0.0.0/8 -j REJECT; iptables -I FORWARD -i wg0 -s 10.8.0.0/24 -d 10.0.0.0/8 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE'
|
|
WG_POST_DOWN: 'iptables -I FORWARD -D wg0 -d 10.0.0.0/8 -j REJECT; iptables -I FORWARD -D wg0 -s 10.8.0.0/24 -d 10.0.0.0/8 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE'
|