Files
templates/blueprints/wg-easy/docker-compose.yml
Muzaffer Kadir YILMAZ b23e3320f0 fix: update WireGuard Easy template for proper functionality (#573)
* fix: update WireGuard Easy template for proper functionality

- Changed to named volume (etc_wireguard) instead of host path mount
- Added explicit port mappings (51820:51820/udp, 51821:51821/tcp) required for WireGuard
- Updated environment variables to use correct WG_HOST and PASSWORD format
- Added all required WireGuard environment variables:
  - WG_PORT, PORT, WG_MTU, WG_DEFAULT_DNS, WG_ALLOWED_IPS
  - WG_POST_UP/WG_POST_DOWN for iptables rules
- Added NET_RAW capability for proper network operations
- Simplified template.toml to use WIREGUARD_HOST and WIREGUARD_PASSWORD
- Removed explicit networks config to enable Dokploy's isolated deployment
- Template now works with Dokploy's automatic network isolation

This configuration has been tested and confirmed working with isolated deployment enabled.

* Update template.toml

---------

Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
2025-12-14 23:28:39 -06:00

34 lines
1.1 KiB
YAML

volumes:
etc_wireguard:
services:
wg-easy:
image: ghcr.io/wg-easy/wg-easy:15
restart: unless-stopped
environment:
- WG_HOST=${WIREGUARD_HOST}
- PASSWORD=${WIREGUARD_PASSWORD}
- WG_PORT=51820
- PORT=51821
- WG_MTU=1280
- WG_DEFAULT_DNS=1.1.1.1,8.8.8.8
- WG_ALLOWED_IPS=0.0.0.0/0
- WG_POST_UP=iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
- WG_POST_DOWN=iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
volumes:
- etc_wireguard:/etc/wireguard
- /lib/modules:/lib/modules:ro
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
cap_add:
- NET_ADMIN
- SYS_MODULE
- NET_RAW
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.default.forwarding=1