fix: update WireGuard Easy template for proper functionality (#573)

* fix: update WireGuard Easy template for proper functionality

- Changed to named volume (etc_wireguard) instead of host path mount
- Added explicit port mappings (51820:51820/udp, 51821:51821/tcp) required for WireGuard
- Updated environment variables to use correct WG_HOST and PASSWORD format
- Added all required WireGuard environment variables:
  - WG_PORT, PORT, WG_MTU, WG_DEFAULT_DNS, WG_ALLOWED_IPS
  - WG_POST_UP/WG_POST_DOWN for iptables rules
- Added NET_RAW capability for proper network operations
- Simplified template.toml to use WIREGUARD_HOST and WIREGUARD_PASSWORD
- Removed explicit networks config to enable Dokploy's isolated deployment
- Template now works with Dokploy's automatic network isolation

This configuration has been tested and confirmed working with isolated deployment enabled.

* Update template.toml

---------

Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
This commit is contained in:
Muzaffer Kadir YILMAZ
2025-12-15 08:28:39 +03:00
committed by GitHub
parent be933bdc54
commit b23e3320f0
2 changed files with 21 additions and 20 deletions

View File

@@ -1,17 +1,30 @@
version: "3.8"
volumes:
etc_wireguard:
services:
wg-easy:
image: ghcr.io/wg-easy/wg-easy:15
restart: unless-stopped
environment:
- WG_HOST=${WIREGUARD_HOST}
- PASSWORD=${WIREGUARD_PASSWORD}
- WG_PORT=51820
- PORT=51821
- WG_MTU=1280
- WG_DEFAULT_DNS=1.1.1.1,8.8.8.8
- WG_ALLOWED_IPS=0.0.0.0/0
- WG_POST_UP=iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
- WG_POST_DOWN=iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
volumes:
- ../files/etc_wireguard:/etc/wireguard
- etc_wireguard:/etc/wireguard
- /lib/modules:/lib/modules:ro
ports:
- 51820/udp
- 51821
restart: unless-stopped
- "51820:51820/udp"
- "51821:51821/tcp"
cap_add:
- NET_ADMIN
- SYS_MODULE
- NET_RAW
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1

View File

@@ -4,22 +4,10 @@ wg_password = "${password:32}"
[config]
[[config.domains]]
serviceName = "wg-easy" # Matches the service name in docker-compose.yml
serviceName = "wg-easy"
port = 51821
host = "${main_domain}"
[config.env]
# WG_HOST is required for the WG-Easy web interface to know the public hostname
WG_HOST = "${main_domain}"
# PASSWORD is used to secure the WG-Easy web interface
PASSWORD = "${wg_password}"
# Optional: PORT is set to match the exposed port
PORT = "51821"
# Optional: HOST ensures the service listens on all interfaces
HOST = "${main_domain}"
# Optional: INSECURE set to false for security
INSECURE = "false"
[[config.mounts]]
filePath = "/etc/wireguard"
content = ""
WIREGUARD_HOST = "${main_domain}"
WIREGUARD_PASSWORD = "${wg_password}"