mirror of
https://github.com/Dokploy/templates.git
synced 2026-07-01 12:05:24 +02:00
fix: update WireGuard Easy template for proper functionality (#573)
* fix: update WireGuard Easy template for proper functionality - Changed to named volume (etc_wireguard) instead of host path mount - Added explicit port mappings (51820:51820/udp, 51821:51821/tcp) required for WireGuard - Updated environment variables to use correct WG_HOST and PASSWORD format - Added all required WireGuard environment variables: - WG_PORT, PORT, WG_MTU, WG_DEFAULT_DNS, WG_ALLOWED_IPS - WG_POST_UP/WG_POST_DOWN for iptables rules - Added NET_RAW capability for proper network operations - Simplified template.toml to use WIREGUARD_HOST and WIREGUARD_PASSWORD - Removed explicit networks config to enable Dokploy's isolated deployment - Template now works with Dokploy's automatic network isolation This configuration has been tested and confirmed working with isolated deployment enabled. * Update template.toml --------- Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
This commit is contained in:
committed by
GitHub
parent
be933bdc54
commit
b23e3320f0
@@ -1,17 +1,30 @@
|
||||
version: "3.8"
|
||||
volumes:
|
||||
etc_wireguard:
|
||||
|
||||
services:
|
||||
wg-easy:
|
||||
image: ghcr.io/wg-easy/wg-easy:15
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- WG_HOST=${WIREGUARD_HOST}
|
||||
- PASSWORD=${WIREGUARD_PASSWORD}
|
||||
- WG_PORT=51820
|
||||
- PORT=51821
|
||||
- WG_MTU=1280
|
||||
- WG_DEFAULT_DNS=1.1.1.1,8.8.8.8
|
||||
- WG_ALLOWED_IPS=0.0.0.0/0
|
||||
- WG_POST_UP=iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
|
||||
- WG_POST_DOWN=iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
|
||||
volumes:
|
||||
- ../files/etc_wireguard:/etc/wireguard
|
||||
- etc_wireguard:/etc/wireguard
|
||||
- /lib/modules:/lib/modules:ro
|
||||
ports:
|
||||
- 51820/udp
|
||||
- 51821
|
||||
restart: unless-stopped
|
||||
- "51820:51820/udp"
|
||||
- "51821:51821/tcp"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
- NET_RAW
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
|
||||
@@ -4,22 +4,10 @@ wg_password = "${password:32}"
|
||||
|
||||
[config]
|
||||
[[config.domains]]
|
||||
serviceName = "wg-easy" # Matches the service name in docker-compose.yml
|
||||
serviceName = "wg-easy"
|
||||
port = 51821
|
||||
host = "${main_domain}"
|
||||
|
||||
[config.env]
|
||||
# WG_HOST is required for the WG-Easy web interface to know the public hostname
|
||||
WG_HOST = "${main_domain}"
|
||||
# PASSWORD is used to secure the WG-Easy web interface
|
||||
PASSWORD = "${wg_password}"
|
||||
# Optional: PORT is set to match the exposed port
|
||||
PORT = "51821"
|
||||
# Optional: HOST ensures the service listens on all interfaces
|
||||
HOST = "${main_domain}"
|
||||
# Optional: INSECURE set to false for security
|
||||
INSECURE = "false"
|
||||
|
||||
[[config.mounts]]
|
||||
filePath = "/etc/wireguard"
|
||||
content = ""
|
||||
WIREGUARD_HOST = "${main_domain}"
|
||||
WIREGUARD_PASSWORD = "${wg_password}"
|
||||
|
||||
Reference in New Issue
Block a user